Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016 Ran by Marek (2016-06-09 17:06:11) Run:1 Running from C:\Users\Marek\Desktop Loaded Profiles: Marek (Available Profiles: Marek & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!1BEBA2CC2C7D.lnk [2016-06-09] Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!1BEBA2CC2C7DB.lnk [2016-06-09] Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!1BEBA2CC2C7DH.lnk [2016-06-09] HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit, Task: {8438EC2F-88FC-4153-ABA5-6A514A1D8A65} - System32\Tasks\Dropbox 1D => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X] SearchScopes: HKU\S-1-5-21-3377222215-263577021-991360115-1001 -> DefaultScope {AD627D66-48D3-45B5-B45D-AAED37AAE370} URL = CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f C:\ProgramData\*.* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR C:\Users\Marek\AppData\Local\Dropbox C:\Users\Marek\AppData\Local\Temp\Low\explorer.exe C:\Users\Marek\AppData\Roaming\*.* C:\Users\Marek\AppData\Roaming\Dropbox C:\Users\Marek\AppData\Roaming\Mozilla C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR C:\Users\Public\Desktop\Skype.lnk EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!1BEBA2CC2C7D.lnk => moved successfully C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!1BEBA2CC2C7DB.lnk => moved successfully C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!1BEBA2CC2C7DH.lnk => moved successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8438EC2F-88FC-4153-ABA5-6A514A1D8A65}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8438EC2F-88FC-4153-ABA5-6A514A1D8A65}" => key removed successfully C:\WINDOWS\System32\Tasks\Dropbox 1D => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dropbox 1D" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully cpuz136 => Unable to stop service. cpuz136 => service removed successfully HKU\S-1-5-21-3377222215-263577021-991360115-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jidkebcigjgheaahopdnlfaohgnocfai" => key removed successfully HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.