Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013 Ran by Camilo at 2013-11-29 16:24:54 Run:1 Running from C:\Users\Kamil\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Kamil\AppData\Roaming\minerd C:\Users\Kamil\AppData\Roaming\(00-17-EB-E8-1E-FB) C:\Users\Kamil\AppData\Roaming\1J1F1H1E2Y2Z1P1C1B2W1L1T2ZtF1E1I C:\Users\Kamil\AppData\Local\funmoods_2.3.1.crx C:\Users\Kamil\AppData\Local\Temp\*.dll C:\Users\Kamil\AppData\Local\Temp\*.exe C:\Program Files\Common Files\mcafee C:\Program Files (x86)\McAfee C:\ProgramData\McAfee HKCU\...\Run: [minerd] - "C:\Users\Kamil\AppData\Roaming\minerd\nircmd.exe" exec hide "C:\Users\Kamil\AppData\Roaming\minerd\start.bat" HKCU\...\RunOnce: [Application Restart #0] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://en.v9.com/?utm_source=b&utm_medium=bnd&utm_campaign=eXQ&utm_content=sc&from=bnd&uid=ST1000LM024XHN-M101MBB_S2TXJ9KCB01076&ts=1381478191 [863184 2013-11-14] (Google Inc.) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [LManager] - [x] HKLM-x32\...\Run: [] - [x] HKCU\...\Run: [AdobeBridge] - [x] HKLM\...\Policies\Explorer: [NoControlPanel] 0 BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com/v/2/?guid={12782BBC-2CAB-40F4-8FDD-EACE9BDFD994}&serpv=17 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/v/2/?guid={12782BBC-2CAB-40F4-8FDD-EACE9BDFD994}&serpv=17 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - DefaultScope {C2873392-AFEA-403E-AF62-43813BA8DB33} URL = http://search.us.com/serp?guid={7717DEDF-F653-42C8-AA6E-EE663D952E5A}&action=default_search&serpv=5&k={searchTerms} SearchScopes: HKCU - {15CDBF3E-5CAD-49C8-8880-281A137B02DD} URL = SearchScopes: HKCU - {C2873392-AFEA-403E-AF62-43813BA8DB33} URL = http://search.us.com/serp?guid={7717DEDF-F653-42C8-AA6E-EE663D952E5A}&action=default_search&serpv=5&k={searchTerms} SearchScopes: HKCU - {D890F5F8-1CCA-45E6-B433-1853D437B11F} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513 Task: {08D287CB-C656-40D2-A62D-ED995F4037F4} - \Funmoods No Task File HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ***************** C:\Users\Kamil\AppData\Roaming\minerd => Moved successfully. C:\Users\Kamil\AppData\Roaming\(00-17-EB-E8-1E-FB) => Moved successfully. C:\Users\Kamil\AppData\Roaming\1J1F1H1E2Y2Z1P1C1B2W1L1T2ZtF1E1I => Moved successfully. C:\Users\Kamil\AppData\Local\funmoods_2.3.1.crx => Moved successfully. C:\Users\Kamil\AppData\Local\Temp\*.dll => Moved successfully. C:\Users\Kamil\AppData\Local\Temp\*.exe => Moved successfully. C:\Program Files\Common Files\mcafee => Moved successfully. C:\Program Files (x86)\McAfee => Moved successfully. "C:\ProgramData\McAfee" directory move: C:\ProgramData\McAfee\WinCore\persist.mtk => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\saupkeep.dll\log.txt => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\saUpd.exe\log.txt => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\saui.exe\log.txt => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\sasshmod.dll\log.txt => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\saInst.exe\log.txt => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\SACore\sacore_cache.db => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\SACore\sacore_priv.db => Moved successfully. C:\ProgramData\McAfee\SiteAdvisor\mcsacore.exe\log.txt => Moved successfully. Could not move "C:\ProgramData\McAfee" directory. => Scheduled to move on reboot. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\minerd => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15CDBF3E-5CAD-49C8-8880-281A137B02DD} => Key deleted successfully. HKCR\CLSID\{15CDBF3E-5CAD-49C8-8880-281A137B02DD} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2873392-AFEA-403E-AF62-43813BA8DB33} => Key deleted successfully. HKCR\CLSID\{C2873392-AFEA-403E-AF62-43813BA8DB33} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D890F5F8-1CCA-45E6-B433-1853D437B11F} => Key deleted successfully. HKCR\CLSID\{D890F5F8-1CCA-45E6-B433-1853D437B11F} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D287CB-C656-40D2-A62D-ED995F4037F4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D287CB-C656-40D2-A62D-ED995F4037F4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key deleted successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-29 16:29:03)<= C:\ProgramData\McAfee => Is moved successfully. ==== End of Fixlog ====