Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Sofia at 2013-10-06 12:00:57 Run:1 Running from C:\Users\Sofia\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {0BAD69EC-98EA-41AF-B527-B78455003CCD} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {8377FAD2-82EF-40EF-B354-D6DF80250D7E} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3208515226-2010266281-175035788-1001 No Task File Task: {8DA65ADD-2644-4F6F-952E-B4562A5CBECB} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3208515226-2010266281-175035788-1001 No Task File Task: {F3A6514C-DF7B-48EE-96D6-BE94846C7711} - \Desk 365 RunAsStdUser No Task File Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe C:\Users\Sofia\AppData\Roaming\FileOpen C:\Users\Sofia\AppData\Roaming\ProgSense SearchScopes: HKCU - {E3F66496-2F2D-4F8C-9271-75B063866898} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll No File Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BAD69EC-98EA-41AF-B527-B78455003CCD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BAD69EC-98EA-41AF-B527-B78455003CCD} => Key deleted successfully. C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8377FAD2-82EF-40EF-B354-D6DF80250D7E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8377FAD2-82EF-40EF-B354-D6DF80250D7E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-3208515226-2010266281-175035788-1001 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DA65ADD-2644-4F6F-952E-B4562A5CBECB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DA65ADD-2644-4F6F-952E-B4562A5CBECB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3208515226-2010266281-175035788-1001 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3A6514C-DF7B-48EE-96D6-BE94846C7711} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A6514C-DF7B-48EE-96D6-BE94846C7711} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully. C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => Moved successfully. C:\Users\Sofia\AppData\Roaming\FileOpen => Moved successfully. C:\Users\Sofia\AppData\Roaming\ProgSense => Moved successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3F66496-2F2D-4F8C-9271-75B063866898} => Key deleted successfully. HKCR\CLSID\{E3F66496-2F2D-4F8C-9271-75B063866898} => Key not found. HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => Key deleted successfully. "C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL" => not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@nullsoft.com/winampDetector;version=1 => Key deleted successfully. C:\Program Files (x86)\Winamp Detect\npwachk.dll not found. ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====