Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01 Ran by CAD Create at 2015-07-01 10:40:12 Run:1 Running from C:\Users\CAD Create\Downloads Loaded Profiles: CAD Create (Available Profiles: CAD Create) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: CustomCLSID: HKU\S-1-5-21-3642197454-799934318-2658753277-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vmstorfltres.dll (rtrspocfMoa tonooiiCr) <==== ATTENTION Task: {4942C3D8-7FF1-4218-85C9-02398D7D3FFA} - System32\Tasks\{5B25EDD2-9673-4278-A289-8EC7812A1655} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{809D7E6D-915D-4EAD-821F-E13D93F37161} /l1033 Task: {5382EC81-792C-408D-BD59-FE0A7D3F7E19} - System32\Tasks\{A9C6819C-125C-4363-AAB6-F5D2C0659951} => pcalua.exe -a K:\setup.exe -d K:\ Task: {6B66A13A-F85D-4ECE-AC0D-BF6752C3B88D} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {B2FB3EAD-5850-4B86-9CAC-2E7BA31DF7CF} - System32\Tasks\{F9A8D1FE-E139-4F1E-B729-F7AA51B195A2} => pcalua.exe -a "G:\Solid\Solid 2013 x64\setup.exe" -d "G:\Solid\Solid 2013 x64" Task: {B7E33B4C-DA47-415C-A0E6-5F152C7A71FE} - System32\Tasks\{B9C33EBB-A747-4276-A54E-1913543764AA} => pcalua.exe -a "C:\Users\CAD Create\Downloads\SYCODE.STEP.Import.for.SketchUp.v1.0-NoPE\n-isteps\SYCODE.STEP.Import.for.SketchUp.v1.0-NoPE\setup\step_import_su.exe" -d "C:\Users\CAD Create\Downloads\SYCODE.STEP.Import.for.SketchUp.v1.0-NoPE\n-isteps\SYCODE.STEP.Import.for.SketchUp.v1.0-NoPE\setup" S3 gdrv; \??\C:\Windows\gdrv.sys [X] U2 Remote Solver for Flow Simulation 2013; No ImagePath U2 Remote Solver for Flow Simulation 2014; No ImagePath HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKU\S-1-5-21-3642197454-799934318-2658753277-1001\...\Run: [Galileo] => C:\Users\CAD Create\AppData\Local\Galileo\galileo.exe silent HKU\S-1-5-21-3642197454-799934318-2658753277-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-3642197454-799934318-2658753277-1001\...\Run: [Infor Organizer] => "C:\Program Files (x86)\Infor PL\Infor Organizer\Infor.Organizer.exe" HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3642197454-799934318-2658753277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=116677&tt=5012_5&babsrc=HP_ss&mntrId=8ee7db390000000000006cf0490d6477 SearchScopes: HKU\S-1-5-21-3642197454-799934318-2658753277-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=116677&tt=5012_5&babsrc=SP_ss&mntrId=8ee7db390000000000006cf0490d6477 SearchScopes: HKU\S-1-5-21-3642197454-799934318-2658753277-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=116677&tt=5012_5&babsrc=SP_ss&mntrId=8ee7db390000000000006cf0490d6477 SearchScopes: HKU\S-1-5-21-3642197454-799934318-2658753277-1001 -> {32BEBF68-42E3-4585-890E-F26575E4AA3A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} SearchScopes: HKU\S-1-5-21-3642197454-799934318-2658753277-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} C:\ProgramData\TEMP C:\Program Files (x86)\Mozilla Firefox\extensions C:\Users\CAD Create\AppData\Local\Google\Chrome\User Data\Default\Preferences CMD: netsh advfirewall reset Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKU\S-1-5-21-3642197454-799934318-2658753277-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4942C3D8-7FF1-4218-85C9-02398D7D3FFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4942C3D8-7FF1-4218-85C9-02398D7D3FFA}" => key removed successfully C:\Windows\System32\Tasks\{5B25EDD2-9673-4278-A289-8EC7812A1655} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B25EDD2-9673-4278-A289-8EC7812A1655}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5382EC81-792C-408D-BD59-FE0A7D3F7E19}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5382EC81-792C-408D-BD59-FE0A7D3F7E19}" => key removed successfully C:\Windows\System32\Tasks\{A9C6819C-125C-4363-AAB6-F5D2C0659951} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A9C6819C-125C-4363-AAB6-F5D2C0659951}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B66A13A-F85D-4ECE-AC0D-BF6752C3B88D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B66A13A-F85D-4ECE-AC0D-BF6752C3B88D}" => key removed successfully C:\Windows\System32\Tasks\YourFile DownloaderUpdate => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2FB3EAD-5850-4B86-9CAC-2E7BA31DF7CF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FB3EAD-5850-4B86-9CAC-2E7BA31DF7CF}" => key removed successfully C:\Windows\System32\Tasks\{F9A8D1FE-E139-4F1E-B729-F7AA51B195A2} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9A8D1FE-E139-4F1E-B729-F7AA51B195A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7E33B4C-DA47-415C-A0E6-5F152C7A71FE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7E33B4C-DA47-415C-A0E6-5F152C7A71FE}" => key removed successfully C:\Windows\System32\Tasks\{B9C33EBB-A747-4276-A54E-1913543764AA} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9C33EBB-A747-4276-A54E-1913543764AA}" => key removed successfully gdrv => Service removed successfully Remote Solver for Flow Simulation 2013 => Service removed successfully Remote Solver for Flow Simulation 2014 => Service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru => value removed successfully HKU\S-1-5-21-3642197454-799934318-2658753277-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Galileo => value removed successfully HKU\S-1-5-21-3642197454-799934318-2658753277-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage => value removed successfully HKU\S-1-5-21-3642197454-799934318-2658753277-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Infor Organizer => value removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully HKU\S-1-5-21-3642197454-799934318-2658753277-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3642197454-799934318-2658753277-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-3642197454-799934318-2658753277-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. "HKU\S-1-5-21-3642197454-799934318-2658753277-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32BEBF68-42E3-4585-890E-F26575E4AA3A}" => key removed successfully HKCR\CLSID\{32BEBF68-42E3-4585-890E-F26575E4AA3A} => key not found. "HKU\S-1-5-21-3642197454-799934318-2658753277-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder move: Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder => Scheduled to move on reboot. C:\ProgramData\TEMP => moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions => moved successfully. C:\Users\CAD Create\AppData\Local\Google\Chrome\User Data\Default\Preferences => moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= EmptyTemp: => 4.1 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-01 10:44:07)<= C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully ==== End of Fixlog 10:44:07 ====