Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-05-2014 01 Ran by Chris at 2014-05-08 09:58:13 Run:2 Running from C:\Users\Chris\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3795672432-2029790649-1830384256-1001\...\RunOnce: [WindowsUpdate] - C:\Program Files (x86)\Windows Manager\winmgr.exe [2190336 2014-05-03] () HKU\S-1-5-21-3795672432-2029790649-1830384256-1001\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com 2014-05-05 06:44 - 2014-05-03 19:17 - 02190336 __RSH () C:\ProgramData\Microsoft.com 2014-05-05 06:43 - 2014-05-06 13:54 - 00000000 __SHD () C:\ProgramData\Windows Manager 2014-05-04 11:18 - 2014-05-03 19:17 - 02190336 __RSH () C:\Windows\SysWOW64\Microsoft.com 2014-05-04 11:17 - 2014-05-04 11:18 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager C:\ProgramData\Microsoft.com C:\ProgramData\Windows Manager C:\Windows\SysWOW64\Microsoft.com C:\Program Files (x86)\Windows Manager C:\Users\Chris\AppData\Local\Temp\bassmod.dll C:\Users\Chris\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\Chris\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe C:\Users\Chris\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Chris\AppData\Local\Temp\ose00000.exe C:\Users\Chris\AppData\Local\Temp\setup.exe C:\Users\Chris\AppData\Local\Temp\winrar-x64-51b2.exe C:\Users\Chris\AppData\Local\Temp\ydzjvizu.exe C:\Users\Chris\AppData\Local\Temp\yxwn.exe C:\Users\Chris\AppData\Local\Temp\{326EEE31-DB8F-4F4F-A43C-80ACA958A03A}.exe ***************** HKU\S-1-5-21-3795672432-2029790649-1830384256-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WindowsUpdate => Value deleted successfully. HKU\S-1-5-21-3795672432-2029790649-1830384256-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully. C:\ProgramData\Microsoft.com => Moved successfully. C:\ProgramData\Windows Manager => Moved successfully. C:\Windows\SysWOW64\Microsoft.com => Moved successfully. "C:\Program Files (x86)\Windows Manager" directory move: C:\Program Files (x86)\Windows Manager\3818273 => Moved successfully. Could not move "C:\Program Files (x86)\Windows Manager\winmgr.exe" => Scheduled to move on reboot. Could not move "C:\Program Files (x86)\Windows Manager" directory. => Scheduled to move on reboot. "C:\ProgramData\Microsoft.com" => File/Directory not found. "C:\ProgramData\Windows Manager" => File/Directory not found. "C:\Windows\SysWOW64\Microsoft.com" => File/Directory not found. "C:\Program Files (x86)\Windows Manager" directory move: Could not move "C:\Program Files (x86)\Windows Manager\winmgr.exe" => Scheduled to move on reboot. Could not move "C:\Program Files (x86)\Windows Manager" directory. => Scheduled to move on reboot. C:\Users\Chris\AppData\Local\Temp\bassmod.dll => Moved successfully. C:\Users\Chris\AppData\Local\Temp\Creative Cloud Helper.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\setup.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\winrar-x64-51b2.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\ydzjvizu.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\yxwn.exe => Moved successfully. C:\Users\Chris\AppData\Local\Temp\{326EEE31-DB8F-4F4F-A43C-80ACA958A03A}.exe => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-08 09:59:30)<= C:\Program Files (x86)\Windows Manager\winmgr.exe => Is moved successfully. C:\Program Files (x86)\Windows Manager => Moved successfully. C:\Program Files (x86)\Windows Manager\winmgr.exe => Is moved successfully. C:\Program Files (x86)\Windows Manager => Is moved successfully. ==== End of Fixlog ====