Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04 Ran by Grabnet at 2015-04-16 13:33:26 Run:2 Running from E:\ Loaded Profiles: Grabnet (Available profiles: Grabnet) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKU\S-1-5-21-2737716303-2564593903-3058483522-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Grabnet\AppData\Local\Temp\\mdi164.dll,asdasd <===== ATTENTION HKU\S-1-5-21-2737716303-2564593903-3058483522-1001\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-2737716303-2564593903-3058483522-1001\...\Run: [zASRockInstantBoot] => [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] R3 AsrIbDrv; \??\C:\Windows\SysWOW64\Drivers\AsrIbDrv.sys [X] R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com C:\Users\Grabnet\Start Menu\Programs\SpyHunter Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /s EmptyTemp: ***************** Processes closed successfully. HKU\S-1-5-21-2737716303-2564593903-3058483522-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tsiVideo => value deleted successfully. HKU\S-1-5-21-2737716303-2564593903-3058483522-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value deleted successfully. HKU\S-1-5-21-2737716303-2564593903-3058483522-1001\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. AsrIbDrv => Unable to stop service AsrIbDrv => Service deleted successfully. AxtuDrv => Unable to stop service AxtuDrv => Service deleted successfully. esgiguard => Service deleted successfully. ewusbmbb => Service deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_enumerator => Service deleted successfully. hwdatacard => Service deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. C:\Users\Grabnet\Start Menu\Programs\SpyHunter => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} Class REG_SZ CDROM ClassDesc REG_SZ @%SystemRoot%\System32\StorProp.dll,-17001 EnumPropPages32 REG_SZ storprop.dll,DvdPropPageProvider NoInstallClass REG_SZ 1 SilentInstall REG_SZ 1 IconPath REG_MULTI_SZ %SystemRoot%\System32\imageres.dll,-30 LastDeleteDate REG_BINARY 50C3657AA254D001 UpperFilters REG_MULTI_SZ GEARAspiWDM\0edevmon HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001 DriverDesc REG_SZ CD-ROM Drive ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 00808CA3C594C601 DriverDate REG_SZ 6-21-2006 DriverVersion REG_SZ 6.3.9600.16384 InfPath REG_SZ cdrom.inf InfSection REG_SZ cdrom_install_ISO_drive MatchingDeviceId REG_SZ SCSI\CdRomMsft____Virtual_DVD-ROM_ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Configuration HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Configuration\Instance $!FriendlyName REG_SZ $BusDeviceDesc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Configuration\Variables HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Configuration\Variables\BusDeviceDesc (Default) REG_SZ DeviceProperty PropertyGuid REG_SZ {540b947e-8b40-45bc-a8a2-6a0b894cbda2} PropertyId REG_DWORD 0x4 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties ========= End of Reg: ========= EmptyTemp: => Removed 284.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 13:33:47 ====