Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 Ran by User (25-12-2016 11:33:33) Run:1 Running from C:\Users\User\Downloads Loaded Profiles: User & Guest (Available Profiles: User & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** BootExecute: autocheck autochk * sdnclean64.exe HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-07-19 11:02:12&v=4.2.9.726&pid=wtu&sg=&sap=hp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3910213348-232855233-1580435985-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-07-19 11:02:12&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121211180840.dll => No File BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121211180843.dll => No File BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-23] (AVG) FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-25] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-06] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-11-23] FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File] S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [171752 2016-08-18] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [145984 2016-08-18] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [28600 2016-08-18] (Avira Operations GmbH & Co. KG) S3 MUD; C:\Windows\System32\DRIVERS\MUD.sys [63232 2008-02-05] (Magellan) S3 dbx; system32\DRIVERS\dbx.sys [X] 2013-09-20 15:50 - 2014-06-05 11:27 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml Task: {7A78E652-6ABB-4E51-98FC-AEB8C2C6D4C0} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {DF42F613-DD74-4474-9A8A-1887375C2457} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\IntelĀ® ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\IntelĀ® ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe FirewallRules: [{2446A0E6-380F-42CB-8E53-836F961F560F}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{4DA9FF1C-D2F4-4114-AA58-C3184F9C22A2}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{287B5641-7777-40CE-A95B-F383D10E4F50}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{BE54EE7F-7439-4B5C-BB2C-65A5036EFC1C}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{2B9DA29F-B0F0-49BC-98BA-7614FCD0A4A9}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{CD5A0336-7141-4F2A-BF5B-EA0D0787944C}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{B9C9609F-0943-4ED0-AB1A-4189DB3178E7}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{6E58E154-B495-4869-9777-3F60A3C06424}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{4743DCAC-A94F-460A-9431-314AB329A059}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D21C52C4-A6AD-4A9C-9392-7322863DCC8D}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{BAA67218-3C5B-450F-812B-82244A52B5B4}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{7F8097CB-A22F-41D9-B9E6-74C57C225ADC}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{A1F90AC6-64D2-4FB2-B7B7-813E05D8DE87}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{B21A1A2C-3017-4A3D-AD7A-DDDFCD1A6A35}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{248953EE-6BB0-44AD-87CB-225BD4DCAFA0}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{80905D32-D2F9-48CF-A1D1-A6415D411017}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{FB3D593E-B176-488D-A448-5FFC58B70593}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{3250A909-7858-426C-9891-CB6012DB701C}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{541A7B7B-F849-407F-9A09-1AA8B621C316}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{855B9242-CD00-4362-BDFD-FA533B3F7AF0}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{527E7780-361B-477E-97D2-1826D0C04C61}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{D2B96845-2E88-49B9-BDCD-8131581233B7}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{A41BB430-412A-422E-897C-4BA7114AF2C1}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{476932F0-B4AA-4E8A-8864-BB476252489F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{114E96A2-BB13-4C28-8FFF-A8891F4172B7}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7D489927-7BE7-41E2-AE63-B654B165EB70}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe ***************** hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-3910213348-232855233-1580435985-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully "HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully "HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully "HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully "C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move: Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => value removed successfully HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully avgntflt => service removed successfully avipbb => service removed successfully avkmgr => service removed successfully MUD => service removed successfully dbx => service removed successfully C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A78E652-6ABB-4E51-98FC-AEB8C2C6D4C0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A78E652-6ABB-4E51-98FC-AEB8C2C6D4C0}" => key removed successfully C:\Windows\System32\Tasks\0 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF42F613-DD74-4474-9A8A-1887375C2457}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF42F613-DD74-4474-9A8A-1887375C2457}" => key removed successfully C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE" => key removed successfully C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => moved successfully C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => moved successfully C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2446A0E6-380F-42CB-8E53-836F961F560F} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DA9FF1C-D2F4-4114-AA58-C3184F9C22A2} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{287B5641-7777-40CE-A95B-F383D10E4F50} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE54EE7F-7439-4B5C-BB2C-65A5036EFC1C} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B9DA29F-B0F0-49BC-98BA-7614FCD0A4A9} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD5A0336-7141-4F2A-BF5B-EA0D0787944C} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9609F-0943-4ED0-AB1A-4189DB3178E7} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E58E154-B495-4869-9777-3F60A3C06424} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4743DCAC-A94F-460A-9431-314AB329A059} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D21C52C4-A6AD-4A9C-9392-7322863DCC8D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAA67218-3C5B-450F-812B-82244A52B5B4} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F8097CB-A22F-41D9-B9E6-74C57C225ADC} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1F90AC6-64D2-4FB2-B7B7-813E05D8DE87} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B21A1A2C-3017-4A3D-AD7A-DDDFCD1A6A35} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{248953EE-6BB0-44AD-87CB-225BD4DCAFA0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80905D32-D2F9-48CF-A1D1-A6415D411017} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB3D593E-B176-488D-A448-5FFC58B70593} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3250A909-7858-426C-9891-CB6012DB701C} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{541A7B7B-F849-407F-9A09-1AA8B621C316} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{855B9242-CD00-4362-BDFD-FA533B3F7AF0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{527E7780-361B-477E-97D2-1826D0C04C61} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2B96845-2E88-49B9-BDCD-8131581233B7} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A41BB430-412A-422E-897C-4BA7114AF2C1} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{476932F0-B4AA-4E8A-8864-BB476252489F} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{114E96A2-BB13-4C28-8FFF-A8891F4172B7} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D489927-7BE7-41E2-AE63-B654B165EB70} => value removed successfully Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-12-2016 11:36:37) "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move ==== End of Fixlog 11:36:38 ====