Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014 Ran by Agata at 2014-09-10 19:03:13 Run:1 Running from D:\Downloads\logi Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112 2014-04-28] (StdLib) U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File CHR Extension: (uTorrentControl_v6) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2014-01-11] CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Agata\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-01-11] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Agata\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-01-11] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {2ECCF9B3-23F9-4D34-8FF7-7EA1FFD21F38} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Task: {1CC8505A-691E-4875-B301-90FCEBDAE88B} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {A336DE3D-A3B7-42E2-A2C9-A077116131A7} - System32\Tasks\{EC144A84-D4A3-49D1-B468-DD84F6C5189F} => F:\Atlas.of.Human.Anatomy.Sobotta.v1.5\SOBOTTA.EXE Task: {B1F66E29-2231-4756-A4E3-FB2E693DA7A5} - System32\Tasks\{96820FAA-3F3A-43BA-8B0C-A5A0D3EF9CEE} => C:\Program Files (x86)\Team17\Worms World Party\wcp.exe Task: {B277F5FF-24E8-45D2-8DD2-1D2BADFF1981} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {E2C21F56-7ED0-4E52-9CF7-0A2201FFA3B7} - System32\Tasks\{3DE45436-6CAA-4B0A-AFE4-D163677DCEB5} => F:\Atlas.of.Human.Anatomy.Sobotta.v1.5\SOBOTTA.EXE Task: {EAAD80D5-FDA3-4F7F-8AB0-A41BD30A7A5E} - System32\Tasks\{8CF71EFE-966F-49E2-AABA-B05E91F57371} => C:\Program Files (x86)\Team17\Worms World Party\wcp.exe Task: {F2437964-2BCA-4421-9BC8-55AEE58BCBA5} - System32\Tasks\fbagent => C:\Users\Agata\AppData\Roaming\mmhh.exe Task: {FC0BCCDC-0620-42BF-95F3-97457458302E} - System32\Tasks\{11D04720-F79B-4A45-8933-03ED071A06D9} => C:\Program Files (x86)\Team17\Worms World Party\wcp.exe C:\Program Files (x86)\Mozilla Firefox C:\ProgramData\Temp C:\Users\Agata\AppData\Local\CRE C:\Users\Agata\AppData\Roaming\mozilla C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64 => Service stopped successfully. {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64 => Service deleted successfully. tmlwf => Service deleted successfully. tmwfp => Service deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully. "HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully. "HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully. "HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully. "HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp => Moved successfully. "HKCU\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully. C:\Users\Agata\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully. "C:\Users\Agata\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2ECCF9B3-23F9-4D34-8FF7-7EA1FFD21F38}" => Key deleted successfully. "HKCR\CLSID\{2ECCF9B3-23F9-4D34-8FF7-7EA1FFD21F38}" => Key not found. "HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key Deleted successfully. "HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found. "HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data" => Key not found. "HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CC8505A-691E-4875-B301-90FCEBDAE88B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC8505A-691E-4875-B301-90FCEBDAE88B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A336DE3D-A3B7-42E2-A2C9-A077116131A7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A336DE3D-A3B7-42E2-A2C9-A077116131A7}" => Key deleted successfully. C:\Windows\System32\Tasks\{EC144A84-D4A3-49D1-B468-DD84F6C5189F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC144A84-D4A3-49D1-B468-DD84F6C5189F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1F66E29-2231-4756-A4E3-FB2E693DA7A5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F66E29-2231-4756-A4E3-FB2E693DA7A5}" => Key deleted successfully. C:\Windows\System32\Tasks\{96820FAA-3F3A-43BA-8B0C-A5A0D3EF9CEE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96820FAA-3F3A-43BA-8B0C-A5A0D3EF9CEE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B277F5FF-24E8-45D2-8DD2-1D2BADFF1981}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B277F5FF-24E8-45D2-8DD2-1D2BADFF1981}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2C21F56-7ED0-4E52-9CF7-0A2201FFA3B7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C21F56-7ED0-4E52-9CF7-0A2201FFA3B7}" => Key deleted successfully. C:\Windows\System32\Tasks\{3DE45436-6CAA-4B0A-AFE4-D163677DCEB5} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DE45436-6CAA-4B0A-AFE4-D163677DCEB5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAAD80D5-FDA3-4F7F-8AB0-A41BD30A7A5E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAAD80D5-FDA3-4F7F-8AB0-A41BD30A7A5E}" => Key deleted successfully. C:\Windows\System32\Tasks\{8CF71EFE-966F-49E2-AABA-B05E91F57371} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8CF71EFE-966F-49E2-AABA-B05E91F57371}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2437964-2BCA-4421-9BC8-55AEE58BCBA5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2437964-2BCA-4421-9BC8-55AEE58BCBA5}" => Key deleted successfully. C:\Windows\System32\Tasks\fbagent => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fbagent" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC0BCCDC-0620-42BF-95F3-97457458302E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC0BCCDC-0620-42BF-95F3-97457458302E}" => Key deleted successfully. C:\Windows\System32\Tasks\{11D04720-F79B-4A45-8933-03ED071A06D9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11D04720-F79B-4A45-8933-03ED071A06D9}" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\Users\Agata\AppData\Local\CRE => Moved successfully. C:\Users\Agata\AppData\Roaming\mozilla => Moved successfully. C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 333.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====