Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015 Ran by Semijah at 2015-07-06 18:45:28 Run:1 Running from C:\Users\Semijah\Desktop\FRST Loaded Profiles: Semijah (Available Profiles: Semijah) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {8EBC4508-3504-4D21-84E9-BE11E8FC1074} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-11] () <==== ATTENTION C:\ProgramData\Origin\update.vbe C:\Program Files (x86)\Mobogenie HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Winlogon: [Userinit] userinit.exe,c:\program files (x86)\microsoft\desktoplayer.exe, [X] IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe IFEO\AnVir.exe: [Debugger] svchost.exe IFEO\AutoLogger.exe: [Debugger] svchost.exe IFEO\CCleaner64.exe: [Debugger] svchost.exe IFEO\FRST.exe: [Debugger] svchost.exe IFEO\FRST64.exe: [Debugger] svchost.exe IFEO\RegWorks.exe: [Debugger] svchost.exe IFEO\RSITx64.exe: [Debugger] svchost.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms} SearchScopes: HKU\S-1-5-21-2001989473-1170954191-3321282362-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = OPR Extension: (Sale Clipper) - C:\Users\Semijah\AppData\Roaming\Opera Software\Opera Stable\Extensions\gapifbibdpjapmnfblcdbokbmcecknkk [2015-07-03] C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b C:\Program Files (x86)\Sale Clipper C:\Users\Semijah\daemonprocess.txt C:\Users\Semijah\Desktop\Mobogenie.lnk EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EBC4508-3504-4D21-84E9-BE11E8FC1074}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EBC4508-3504-4D21-84E9-BE11E8FC1074}" => key removed successfully C:\Windows\System32\Tasks\Origin => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully C:\ProgramData\Origin\update.vbe => moved successfully. "C:\Program Files (x86)\Mobogenie" folder move: Could not move "C:\Program Files (x86)\Mobogenie" folder => Scheduled to move on reboot. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adwcleaner_4.204.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AnVir.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AutoLogger.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner64.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST64.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RegWorks.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RSITx64.exe" => key removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-2001989473-1170954191-3321282362-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully C:\Users\Semijah\AppData\Roaming\Opera Software\Opera Stable\Extensions\gapifbibdpjapmnfblcdbokbmcecknkk => moved successfully. C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b => moved successfully. C:\Program Files (x86)\Sale Clipper => moved successfully. Could not move "C:\Users\Semijah\daemonprocess.txt" => Scheduled to move on reboot. C:\Users\Semijah\Desktop\Mobogenie.lnk => moved successfully. EmptyTemp: => 593.8 MB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-06 18:48:53)<= C:\Program Files (x86)\Mobogenie => Is moved successfully C:\Users\Semijah\daemonprocess.txt => Is moved successfully ==== End of Fixlog 18:48:53 ====