Fix result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016 Ran by pc (2016-07-09 18:17:54) Run:1 Running from C:\Users\pc\Desktop Loaded Profiles: pc (Available Profiles: pc & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-3678415254-164999130-4254716092-1000\...\Run: [vlowqejfwo] => explorer "hxxp://rizapse.ru/?utm_source=uoua03n&utm_content=f67890660e3d119ed960580406d2e9fe&utm_term=4BA7F37552225DD1E4363AD65CF22F0F&utm_d=20160418" <===== ATTENTION HKU\S-1-5-21-3678415254-164999130-4254716092-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lyasino.ru/?utm_content=54bd3934c48e298ce2614a420c11259f&utm_source=startpm&utm_term=4BA7F37552225DD1E4363AD65CF22F0F&utm_d=20160418 SearchScopes: HKU\S-1-5-21-3678415254-164999130-4254716092-1000 -> {FCFAB286-8F68-4FD6-8ED0-5BD6F7FF3842} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3678415254-164999130-4254716092-1000 -> No Name - {C1F3C82A-2D57-4F87-BF12-A1F187D3EADB} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FF Homepage: hxxp://lyasino.ru/?utm_content=54bd3934c48e298ce2614a420c11259f&utm_source=startpm&utm_term=4BA7F37552225DD1E4363AD65CF22F0F&utm_d=20160418 FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @zenointel.com/p2p -> C:\Program Files (x86)\IVSWeb\Bin\npzeno.dll [No File] FF user.js: detected! => C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\jufxzgz7.default\user.js [2016-04-19] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found CHR HomePage: Profile 1 -> mail.ru/cnt/11956636?rciguc__PARAM__ CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - S3 3AD5F7CF; \??\C:\ProgramData\000FBEA4_tvn [X] U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath 2016-03-29 01:36 - 2016-04-01 01:24 - 0000849 _____ () C:\ProgramData\000FBEA4_S__0 2016-03-26 21:16 - 2016-03-26 21:16 - 0000851 _____ () C:\ProgramData\000FBEA4_S__3 C:\Users\pc\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\pc\AppData\Local\Temp\jre-8u73-windows-au.exe Task: {07ED9ED8-FF54-465F-AE8D-70E9414CF59C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {0A07FBF7-D976-4C8D-A0CB-06111DB6BE3A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {1474E004-DB00-49E3-8D81-3471D188FDF8} - System32\Tasks\{4701953E-E8B1-4B73-A9D3-B7E53890901C} => pcalua.exe -a "C:\Users\pc\Downloads\wlsetup-web (1).exe" -d C:\Users\pc\Downloads Task: {1FBADA33-C5AD-46A1-A679-E0DEAD723FD6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3E9EAF64-BFA6-4DC9-B8B0-DD8B3EE367B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {69AB1CBF-4F82-4C1B-9C62-D776C1EE564E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {93F01FAD-D026-40A7-A2A4-C37E5A551AA1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {A2D361EC-CCCE-401E-B71E-77FB9E56367A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {AD5D9744-71B8-4600-B1AB-60F5437D4713} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BAD9FC10-6811-4316-8774-08E94845178B} - System32\Tasks\{4597566D-D8B0-4C61-B59D-6BDA7B8F36EC} => pcalua.exe -a "C:\Users\pc\Downloads\amddriverdownloader (1).exe" -d C:\Users\pc\Downloads Task: {CC25B82C-11FD-4350-87A5-F56464B23058} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {ECE9738F-06E9-4ADB-8B1B-D3428033B18C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F838AEF1-3C76-490A-ABD5-CDF3776EA2D0} - System32\Tasks\{A0E45A5D-4127-40C0-B501-83936C29250F} => pcalua.exe -a G:\Setup.exe -d G:\ Task: {FB62FF0D-8D21-476A-8FBC-5CB8FBC82582} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {FC0123C2-6CFB-492C-A101-1D78633C6656} - System32\Tasks\{DF3106F3-51A8-49E7-B227-512F602C266C} => pcalua.exe -a C:\Users\pc\Desktop\setup.exe -d C:\Users\pc\Desktop Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF [129] AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [169] AlternateDataStreams: C:\ProgramData\TEMP:A3E1F4EF [125] AlternateDataStreams: C:\ProgramData\TEMP:C1F4198F [109] CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" ***************** HKU\S-1-5-21-3678415254-164999130-4254716092-1000\Software\Microsoft\Windows\CurrentVersion\Run\\vlowqejfwo => value removed successfully HKU\S-1-5-21-3678415254-164999130-4254716092-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-3678415254-164999130-4254716092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCFAB286-8F68-4FD6-8ED0-5BD6F7FF3842}" => key removed successfully HKCR\CLSID\{FCFAB286-8F68-4FD6-8ED0-5BD6F7FF3842} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully "HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully "HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully HKU\S-1-5-21-3678415254-164999130-4254716092-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C1F3C82A-2D57-4F87-BF12-A1F187D3EADB} => value removed successfully HKCR\CLSID\{C1F3C82A-2D57-4F87-BF12-A1F187D3EADB} => key not found. "HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully "HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found. "HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully Firefox "homepage" removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@zenointel.com/p2p" => key removed successfully C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\jufxzgz7.default\user.js => moved successfully HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value removed successfully Chrome HomePage => removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully 3AD5F7CF => service removed successfully idsvc => service removed successfully wpcsvc => service removed successfully C:\ProgramData\000FBEA4_S__0 => moved successfully C:\ProgramData\000FBEA4_S__3 => moved successfully C:\Users\pc\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully C:\Users\pc\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07ED9ED8-FF54-465F-AE8D-70E9414CF59C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07ED9ED8-FF54-465F-AE8D-70E9414CF59C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A07FBF7-D976-4C8D-A0CB-06111DB6BE3A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A07FBF7-D976-4C8D-A0CB-06111DB6BE3A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1474E004-DB00-49E3-8D81-3471D188FDF8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1474E004-DB00-49E3-8D81-3471D188FDF8}" => key removed successfully C:\WINDOWS\System32\Tasks\{4701953E-E8B1-4B73-A9D3-B7E53890901C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4701953E-E8B1-4B73-A9D3-B7E53890901C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FBADA33-C5AD-46A1-A679-E0DEAD723FD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FBADA33-C5AD-46A1-A679-E0DEAD723FD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E9EAF64-BFA6-4DC9-B8B0-DD8B3EE367B9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E9EAF64-BFA6-4DC9-B8B0-DD8B3EE367B9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69AB1CBF-4F82-4C1B-9C62-D776C1EE564E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69AB1CBF-4F82-4C1B-9C62-D776C1EE564E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93F01FAD-D026-40A7-A2A4-C37E5A551AA1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93F01FAD-D026-40A7-A2A4-C37E5A551AA1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2D361EC-CCCE-401E-B71E-77FB9E56367A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2D361EC-CCCE-401E-B71E-77FB9E56367A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5D9744-71B8-4600-B1AB-60F5437D4713}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5D9744-71B8-4600-B1AB-60F5437D4713}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAD9FC10-6811-4316-8774-08E94845178B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAD9FC10-6811-4316-8774-08E94845178B}" => key removed successfully C:\WINDOWS\System32\Tasks\{4597566D-D8B0-4C61-B59D-6BDA7B8F36EC} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4597566D-D8B0-4C61-B59D-6BDA7B8F36EC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC25B82C-11FD-4350-87A5-F56464B23058}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC25B82C-11FD-4350-87A5-F56464B23058}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECE9738F-06E9-4ADB-8B1B-D3428033B18C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECE9738F-06E9-4ADB-8B1B-D3428033B18C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F838AEF1-3C76-490A-ABD5-CDF3776EA2D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F838AEF1-3C76-490A-ABD5-CDF3776EA2D0}" => key removed successfully C:\WINDOWS\System32\Tasks\{A0E45A5D-4127-40C0-B501-83936C29250F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0E45A5D-4127-40C0-B501-83936C29250F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB62FF0D-8D21-476A-8FBC-5CB8FBC82582}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB62FF0D-8D21-476A-8FBC-5CB8FBC82582}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC0123C2-6CFB-492C-A101-1D78633C6656}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC0123C2-6CFB-492C-A101-1D78633C6656}" => key removed successfully C:\WINDOWS\System32\Tasks\{DF3106F3-51A8-49E7-B227-512F602C266C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF3106F3-51A8-49E7-B227-512F602C266C}" => key removed successfully C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => moved successfully C:\ProgramData\TEMP => ":05EE1EEF" ADS removed successfully. C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully. C:\ProgramData\TEMP => ":A3E1F4EF" ADS removed successfully. C:\ProgramData\TEMP => ":C1F4198F" ADS removed successfully. ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" ========= Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied. Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied. Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider. ========= End of CMD: ========= ==== End of Fixlog 18:18:31 ====