Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-02-2014 01 Ran by Robert at 2014-02-26 17:11:15 Run:2 Running from C:\Users\Robert\Downloads\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-781218168-1252475549-3310685138-1002\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" <==== ATTENTION HKLM-x32\...\Runonce: [OTL] - "C:\Users\Robert\Downloads\OTL.exe" [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 BHO-x32: FindRight - {cf710881-c002-4ea4-860a-b6931b040948} - C:\Program Files (x86)\FindRight\FindRightbho.dll (FindRight) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - d:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK CHR Extension: (No Name) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-05-18] CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Robert\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Robert\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S3 ArcService; d:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X] C:\Users\Robert\AppData\Local\CRE C:\Users\Robert\AppData\Roaming\AVG C:\Users\Robert\Downloads\Gmer(13252).exe C:\Users\Robert\Downloads\NET-Framework(12105).exe Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Schedule Reg: reg query "HKCU\Software\Microsoft\Windows Script" /s Reg: reg query "HKCU\Software\Microsoft\Windows Script Host" /s ***************** HKU\S-1-5-21-781218168-1252475549-3310685138-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\OTL => Unable to delete value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf710881-c002-4ea4-860a-b6931b040948} => Key not found. HKCR\Wow6432Node\CLSID\{cf710881-c002-4ea4-860a-b6931b040948} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin => Key deleted successfully. d:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => Value deleted successfully. C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp => Moved successfully. HKCU\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully. C:\Users\Robert\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully. "C:\Users\Robert\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. ArcService => Service deleted successfully. C:\Users\Robert\AppData\Local\CRE => Moved successfully. C:\Users\Robert\AppData\Roaming\AVG => Moved successfully. "C:\Users\Robert\Downloads\Gmer(13252).exe" => File/Directory not found. C:\Users\Robert\Downloads\NET-Framework(12105).exe => Moved successfully. ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Schedule ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule AtTaskMaxHours REG_DWORD 0x48 DisplayName REG_SZ @%SystemRoot%\system32\schedsvc.dll,-100 ErrorControl REG_DWORD 0x1 Group REG_SZ SchedulerGroup ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs Start REG_DWORD 0x4 Type REG_DWORD 0x20 Description REG_SZ @%SystemRoot%\system32\schedsvc.dll,-101 DependOnService REG_MULTI_SZ RPCSS ObjectName REG_SZ LocalSystem ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeIncreaseQuotaPrivilege\0SeChangeNotifyPrivilege\0SeAuditPrivilege\0SeImpersonatePrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeRestorePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Security ========= End of Reg: ========= ========= reg query "HKCU\Software\Microsoft\Windows Script" /s ========= HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings JITDebug REG_DWORD 0x0 ========= End of Reg: ========= ========= reg query "HKCU\Software\Microsoft\Windows Script Host" /s ========= HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings ========= End of Reg: ========= ==== End of Fixlog ====