Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02 Ran by Marcin (2015-08-12 17:43:35) Run:1 Running from C:\Users\Marcin\Desktop\frst Loaded Profiles: Marcin (Available Profiles: Marcin) Boot Mode: Normal ============================================== fixlist content: ***************** C:\Users\Marcin\AppData\Roaming\pwo9\svchost.exe C:\Users\Marcin\AppData\Roaming\pwo9 HKU\S-1-5-21-622708417-3539147826-3392651387-1001\...\Run: [pwo9] => C:\Users\Marcin\AppData\Roaming\pwo9\svchost.exe [7648661 2015-08-07] () Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f HKLM-x32\...\Run: [] => [X] URLSearchHook: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...0004c0f6e1bf3ee SearchScopes: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...0004c0f6e1bf3ee SearchScopes: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> {77CD834D-A0BC-4CE6-8819-7F92B9C11C8F} URL = http://search.yahoo....=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-se...q={searchTerms} Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-622708417-3539147826-3392651387-1001 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File FF SearchEngineOrder.1: Search the web (Babylon) CHR HKU\S-1-5-21-622708417-3539147826-3392651387-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Marcin\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx Task: {449CEEC7-EC8B-468F-8B19-EC81CB49F877} - System32\Tasks\{0A33D1B2-1E34-4CD0-81B9-876422F6BF00} => pcalua.exe -a "C:\Program Files (x86)\Spin & Win\ReflexiveArcade\unins000.exe" Task: {0342CEE7-5569-44C0-AB08-2918EDCA608E} - System32\Tasks\{F77E5A3E-D6B4-4151-9723-F435B539A694} => pcalua.exe -a C:\Users\Marcin\Desktop\bf2sp64_103.exe -d C:\Users\Marcin\Desktop Task: {9D5E16D4-6EFE-4A81-B728-7F02FA505155} - System32\Tasks\{CB2B5FB6-34B6-4931-A1D3-F72820981C53} => pcalua.exe -a I:\Swiadectwa_SP.exe -d I:\ Task: {DE412096-CE4D-4CA3-BD72-6FF64235D379} - System32\Tasks\{678C912A-D5C5-433B-95C1-54D65F9A54C0} => pcalua.exe -a C:\Users\Marcin\Desktop\aimp_3.00.916_beta_4\aimp_3.00.916_beta_4.exe EmptyTemp: ***************** Could not move "C:\Users\Marcin\AppData\Roaming\pwo9\svchost.exe" => Scheduled to move on reboot. "C:\Users\Marcin\AppData\Roaming\pwo9" folder move: Could not move "C:\Users\Marcin\AppData\Roaming\pwo9" => Scheduled to move on reboot. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pwo9 => value not found. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-622708417-3539147826-3392651387-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. "HKU\S-1-5-21-622708417-3539147826-3392651387-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77CD834D-A0BC-4CE6-8819-7F92B9C11C8F}" => key removed successfully HKCR\CLSID\{77CD834D-A0BC-4CE6-8819-7F92B9C11C8F} => key not found. "HKU\S-1-5-21-622708417-3539147826-3392651387-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => key removed successfully HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => key not found. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. HKU\S-1-5-21-622708417-3539147826-3392651387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value removed successfully HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => key not found. Firefox SearchEngineOrder.1 removed successfully "HKU\S-1-5-21-622708417-3539147826-3392651387-1001\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{449CEEC7-EC8B-468F-8B19-EC81CB49F877}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{449CEEC7-EC8B-468F-8B19-EC81CB49F877}" => key removed successfully C:\Windows\System32\Tasks\{0A33D1B2-1E34-4CD0-81B9-876422F6BF00} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A33D1B2-1E34-4CD0-81B9-876422F6BF00}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0342CEE7-5569-44C0-AB08-2918EDCA608E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0342CEE7-5569-44C0-AB08-2918EDCA608E}" => key removed successfully C:\Windows\System32\Tasks\{F77E5A3E-D6B4-4151-9723-F435B539A694} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F77E5A3E-D6B4-4151-9723-F435B539A694}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D5E16D4-6EFE-4A81-B728-7F02FA505155}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D5E16D4-6EFE-4A81-B728-7F02FA505155}" => key removed successfully C:\Windows\System32\Tasks\{CB2B5FB6-34B6-4931-A1D3-F72820981C53} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CB2B5FB6-34B6-4931-A1D3-F72820981C53}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE412096-CE4D-4CA3-BD72-6FF64235D379}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE412096-CE4D-4CA3-BD72-6FF64235D379}" => key removed successfully C:\Windows\System32\Tasks\{678C912A-D5C5-433B-95C1-54D65F9A54C0} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{678C912A-D5C5-433B-95C1-54D65F9A54C0}" => key removed successfully EmptyTemp: => 932.5 MB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-12 17:49:13)<= C:\Users\Marcin\AppData\Roaming\pwo9\svchost.exe => Is moved successfully C:\Users\Marcin\AppData\Roaming\pwo9 => moved successfully ==== End of Fixlog 17:49:15 ====