Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016 Ran by TOSHIBA (2016-04-24 00:36:49) Run:2 Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA) Boot Mode: Normal ============================================== fixlist content: ***************** start RemoveProxy: HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\...\Policies\Explorer: [NoInstrumentation] 0 HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0 HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0 AppInit_DLLs: C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KeyCryptSDK\KeyCrypt32(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION S2 gupdate1d07c27b3c11b6; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-21] (Google Inc.) S3 gupdatem1d07c27bae3622; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-21] (Google Inc.) R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49752 2015-01-07] (Zemana Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 ERSvc; no ImagePath U2 IAStorDataMgrsvc; no ImagePath U2 NIHardwareService; no ImagePath U2 NVSvc; no ImagePath U2 Parvdm; no ImagePath U2 srService; no ImagePath C:\Windows\SysWOW64\runouce.exe <======= ATTENTION C:\Windows\SysWOW64\wmicuclt.exe <======= ATTENTION AntiLogger (x32 Version: 1.9.3.602 - Zemana Ltd.) Hidden KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.) IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com <======= ATTENTION IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info<======= ATTENTION IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com<======= ATTENTION EmptyTemp: CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: end ***************** ========= RemoveProxy: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value removed successfully HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSearchFilesInStartMenu => value removed successfully HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSearchProgramsInStartMenu => value removed successfully "C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(1).dll" => Value data not found. "C:\PROGRA~2\KeyCryptSDK\KeyCrypt32(1).dll" => Value data not found. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. gupdate1d07c27b3c11b6 => service removed successfully gupdatem1d07c27bae3622 => service removed successfully AntiLog32 => Unable to stop service. AntiLog32 => service removed successfully catchme => service removed successfully ERSvc => service removed successfully IAStorDataMgrsvc => service removed successfully NIHardwareService => service removed successfully NVSvc => service removed successfully Parvdm => service removed successfully srService => service removed successfully "C:\Windows\SysWOW64\runouce.exe <======= ATTENTION" => not found. "C:\Windows\SysWOW64\wmicuclt.exe <======= ATTENTION" => not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\\SystemComponent => value removed successfully KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.) => Error: No automatic fix found for this entry. "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => key removed successfully "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => key removed successfully ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 55.5 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 00:36:56 ====