Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Clockwork at 2015-01-25 19:20:17 Run:1 Running from C:\Users\Clockwork\Desktop Loaded Profiles: Clockwork (Available profiles: Clockwork) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-1414089619-1553986795-2700891581-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1414089619-1553986795-2700891581-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF DefaultSearchEngine: DuckDuckGo FF SelectedSearchEngine: S2 SMUpdPlus; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service [X] S4 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [X] S4 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [X] U3 aoprqlfx; C:\Windows\System32\Drivers\aoprqlfx.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 WPN111; system32\DRIVERS\WPN111vx.sys [X] 2015-01-25 14:21 - 2015-01-25 14:21 - 00004280 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3131363031343633352d3437415a556c2a3223346c41 2015-01-25 14:21 - 2015-01-25 14:21 - 00003616 _____ () C:\Windows\System32\Tasks\SMWPUpd 2015-01-25 14:10 - 2015-01-25 14:09 - 00613057 _____ (CMI Limited) C:\Users\Clockwork\AppData\Local\nsk258A.tmp C:\Users\Clockwork\AppData\Local\Temp\92972F13-F8BE-181F-217F-BEC5917BA197.dll C:\Users\Clockwork\AppData\Local\Temp\92972F13-F8BE-181F-217F-BEC5917BA197.exe C:\Users\Clockwork\AppData\Local\Temp\amisetup0366__11003.exe C:\Users\Clockwork\AppData\Local\Temp\amisetup0376__11005.exe C:\Users\Clockwork\AppData\Local\Temp\bitool.dll C:\Users\Clockwork\AppData\Local\Temp\E255D629-F42E-35CE-0147-CCF769AD8585.exe C:\Users\Clockwork\AppData\Local\Temp\ICReinstall_Windows 7 Start Orb Changer.exe C:\Users\Clockwork\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Clockwork\AppData\Local\Temp\nvStInst.exe C:\Users\Clockwork\AppData\Local\Temp\OnlineBackup.exe C:\Users\Clockwork\AppData\Local\Temp\Quarantine.exe C:\Users\Clockwork\AppData\Local\Temp\SkypeSetup.exe C:\Users\Clockwork\AppData\Local\Temp\sqlite3.dll C:\Users\Clockwork\AppData\Local\Temp\tu17p84.exe C:\Users\Clockwork\AppData\Local\Temp\vcredist_x64.exe C:\Users\Clockwork\AppData\Local\Temp\ytdkiemon_amodk_setup.exe C:\Users\Clockwork\AppData\Local\Temp\_is5946.exe Task: {06B5E59C-DD08-4E4D-800E-2A992E1FE96F} - System32\Tasks\{D404FC82-2E27-42B2-B277-E7474FDB76C1} => pcalua.exe -a "C:\Users\Clockwork\Desktop\SAVE ME\evac 11-14-14\drivers\win7-64\CPSetup.exe" -d "C:\Users\Clockwork\Desktop\SAVE ME\evac 11-14-14\drivers\win7-64" Task: {0A70A148-5C98-42B7-A476-461902DBAFA7} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exe Task: {2FC2E3C6-31F9-4BF1-93EB-F551BC921673} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {5DC96D56-DF29-42F2-9535-BAA4CCBDFD46} - System32\Tasks\SMWPUpd => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\updater.exe <==== ATTENTION Task: {67C2E7A1-5C85-4ECF-93D5-4407DBD32AC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd) Task: {DAD871FF-F915-4BC9-BAF0-E46F13876136} - System32\Tasks\SMW_UpdateTask_Time_3131363031343633352d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION Task: {E13B7965-FF9E-4DB0-8552-713B26F6EE88} - System32\Tasks\{A929CD59-96EE-4BA7-95EE-A959ABFF50BB} => pcalua.exe -a "C:\Users\Clockwork\Desktop\SAVE ME\evac 11-14-14\drivers\win7-64\setup.exe" -d "C:\Users\Clockwork\Desktop\SAVE ME\evac 11-14-14\drivers\win7-64" Task: {F307BBC2-92B8-44F6-911F-C23235F6E168} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION ***************** HKU\S-1-5-21-1414089619-1553986795-2700891581-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. "HKU\S-1-5-21-1414089619-1553986795-2700891581-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. SMUpdPlus => Service deleted successfully. WindowsVNT_R3 => Service deleted successfully. YouTubeDownload_P4 => Service deleted successfully. aoprqlfx => Service deleted successfully. EagleX64 => Service deleted successfully. WPN111 => Service deleted successfully. C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3131363031343633352d3437415a556c2a3223346c41 => Moved successfully. C:\Windows\System32\Tasks\SMWPUpd => Moved successfully. C:\Users\Clockwork\AppData\Local\nsk258A.tmp => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\92972F13-F8BE-181F-217F-BEC5917BA197.dll => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\92972F13-F8BE-181F-217F-BEC5917BA197.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\amisetup0366__11003.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\amisetup0376__11005.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\bitool.dll => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\E255D629-F42E-35CE-0147-CCF769AD8585.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\ICReinstall_Windows 7 Start Orb Changer.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\OnlineBackup.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\sqlite3.dll => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\tu17p84.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\vcredist_x64.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\ytdkiemon_amodk_setup.exe => Moved successfully. C:\Users\Clockwork\AppData\Local\Temp\_is5946.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06B5E59C-DD08-4E4D-800E-2A992E1FE96F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B5E59C-DD08-4E4D-800E-2A992E1FE96F}" => Key deleted successfully. C:\Windows\System32\Tasks\{D404FC82-2E27-42B2-B277-E7474FDB76C1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D404FC82-2E27-42B2-B277-E7474FDB76C1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A70A148-5C98-42B7-A476-461902DBAFA7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A70A148-5C98-42B7-A476-461902DBAFA7}" => Key deleted successfully. C:\Windows\System32\Tasks\PastaLeads => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FC2E3C6-31F9-4BF1-93EB-F551BC921673}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FC2E3C6-31F9-4BF1-93EB-F551BC921673}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DC96D56-DF29-42F2-9535-BAA4CCBDFD46}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DC96D56-DF29-42F2-9535-BAA4CCBDFD46}" => Key deleted successfully. C:\Windows\System32\Tasks\SMWPUpd not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpd" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67C2E7A1-5C85-4ECF-93D5-4407DBD32AC9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67C2E7A1-5C85-4ECF-93D5-4407DBD32AC9}" => Key deleted successfully. C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAD871FF-F915-4BC9-BAF0-E46F13876136}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAD871FF-F915-4BC9-BAF0-E46F13876136}" => Key deleted successfully. C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3131363031343633352d3437415a556c2a3223346c41 not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3131363031343633352d3437415a556c2a3223346c41" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E13B7965-FF9E-4DB0-8552-713B26F6EE88}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E13B7965-FF9E-4DB0-8552-713B26F6EE88}" => Key deleted successfully. C:\Windows\System32\Tasks\{A929CD59-96EE-4BA7-95EE-A959ABFF50BB} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A929CD59-96EE-4BA7-95EE-A959ABFF50BB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F307BBC2-92B8-44F6-911F-C23235F6E168}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F307BBC2-92B8-44F6-911F-C23235F6E168}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully. ==== End of Fixlog 19:20:18 ====