Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by Dom at 2015-07-08 20:07:02 Run:1 Running from C:\Users\Dom\Downloads Loaded Profiles: Dom (Available Profiles: Dom) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION Task: {2D10AC9D-AB66-413D-8719-DDBDE95DFAF0} - System32\Tasks\{3CB43A42-6514-4584-8F12-73BF2E0AD59D} => pcalua.exe -a C:\Users\Dom\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cor Task: {5438FBF9-B2C2-44C5-B6CC-B23B4FABBCA4} - System32\Tasks\{36CC6307-B330-49DB-8BD7-7546AB8979FC} => pcalua.exe -a "D:\CABAL2 (US)\c2installer.exe" -d "D:\CABAL2 (US)" Task: {558805D3-7A26-48F5-8676-07971F9FB216} - System32\Tasks\{7BD7EB18-C71D-4C26-88D9-1BD91786B3E0} => pcalua.exe -a "D:\Testy Bplus\Loader.exe" -d "D:\Testy Bplus" Task: {A5B33430-8D3D-40AE-B4D1-37B9A1A4A7E9} - System32\Tasks\{20AEFDD9-8ACA-4191-A38C-DEA53635DF92} => pcalua.exe -a "D:\gry\Cryptic Studios\Neverwinter.exe" -d "D:\gry\Cryptic Studios" Task: {C4BC4CA9-6BF2-4663-84BA-1FB5C9A6F25C} - System32\Tasks\{CA5640F5-9389-4902-90B3-84AA8B8E3DB9} => pcalua.exe -a F:\autorun.exe -d F:\ Task: {EB776D58-67E2-4E61-9C3C-7AC47C5330AC} - System32\Tasks\{06EA2033-3D4B-49B8-838D-516AFF60FD19} => pcalua.exe -a D:\gry\nfs\Virtualmt2\VirtualMT2.exe -d D:\gry\nfs\Virtualmt2 HKU\S-1-5-21-620759806-2564684941-1707045063-1001\...\Run: [GoogleChromeAutoLaunch_B45CF322C3DDAB17738CEB2CDE894577] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f HKLM\...\Run: [] => [X] SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] C:\Program Files\Enigma Software Group C:\Program Files\c706a493-9ba1-4d1d-938e-c0eafe1e2b48 C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 C:\Windows\prleth.sys C:\Windows\hgfs.sys C:\Users\Dom\AppData\Local\15093 Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2C59ECAF-3A27-4640-9F4B-519B05BDD70F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C59ECAF-3A27-4640-9F4B-519B05BDD70F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D10AC9D-AB66-413D-8719-DDBDE95DFAF0}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D10AC9D-AB66-413D-8719-DDBDE95DFAF0}" => key removed successfully. C:\Windows\System32\Tasks\{3CB43A42-6514-4584-8F12-73BF2E0AD59D} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CB43A42-6514-4584-8F12-73BF2E0AD59D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5438FBF9-B2C2-44C5-B6CC-B23B4FABBCA4}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5438FBF9-B2C2-44C5-B6CC-B23B4FABBCA4}" => key removed successfully. C:\Windows\System32\Tasks\{36CC6307-B330-49DB-8BD7-7546AB8979FC} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36CC6307-B330-49DB-8BD7-7546AB8979FC}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{558805D3-7A26-48F5-8676-07971F9FB216}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{558805D3-7A26-48F5-8676-07971F9FB216}" => key removed successfully. C:\Windows\System32\Tasks\{7BD7EB18-C71D-4C26-88D9-1BD91786B3E0} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BD7EB18-C71D-4C26-88D9-1BD91786B3E0}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B33430-8D3D-40AE-B4D1-37B9A1A4A7E9}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B33430-8D3D-40AE-B4D1-37B9A1A4A7E9}" => key removed successfully. C:\Windows\System32\Tasks\{20AEFDD9-8ACA-4191-A38C-DEA53635DF92} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{20AEFDD9-8ACA-4191-A38C-DEA53635DF92}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4BC4CA9-6BF2-4663-84BA-1FB5C9A6F25C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4BC4CA9-6BF2-4663-84BA-1FB5C9A6F25C}" => key removed successfully. C:\Windows\System32\Tasks\{CA5640F5-9389-4902-90B3-84AA8B8E3DB9} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA5640F5-9389-4902-90B3-84AA8B8E3DB9}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB776D58-67E2-4E61-9C3C-7AC47C5330AC}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB776D58-67E2-4E61-9C3C-7AC47C5330AC}" => key removed successfully. C:\Windows\System32\Tasks\{06EA2033-3D4B-49B8-838D-516AFF60FD19} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06EA2033-3D4B-49B8-838D-516AFF60FD19}" => key removed successfully. HKU\S-1-5-21-620759806-2564684941-1707045063-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B45CF322C3DDAB17738CEB2CDE894577 => value removed successfully. "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" => File/Folder not found. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. AndNetDiag => Service removed successfully. ANDNetModem => Service removed successfully. EagleXNt => Service removed successfully. xhunter1 => Service removed successfully. C:\Program Files\Enigma Software Group => moved successfully. C:\Program Files\c706a493-9ba1-4d1d-938e-c0eafe1e2b48 => moved successfully. C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 => moved successfully. C:\Windows\prleth.sys => moved successfully. C:\Windows\hgfs.sys => moved successfully. C:\Users\Dom\AppData\Local\15093 => moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => 2.2 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 20:09:28 ====