Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 Ran by user at 2014-10-28 15:48:22 Run:1 Running from C:\Users\user\Desktop Loaded Profile: user (Available profiles: user) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {0AC84B8D-C29A-41AA-896B-182F9EEFCA51} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-4 No Task File <==== ATTENTION Task: {0FB1E323-CF6F-4A3C-B3D7-49BFE05E609F} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-6 No Task File <==== ATTENTION Task: {56D2E489-A0B4-4245-9726-A922F777D0DD} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-2 No Task File <==== ATTENTION Task: {657BF2F6-5E31-4E92-AE6B-75D59FA839AA} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-7 No Task File <==== ATTENTION Task: {B85C45D3-7A19-40F3-ABB8-956C3F77E4B9} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-1 No Task File <==== ATTENTION HKU\S-1-5-21-1593833016-2535897038-1932122431-1000\...\Run: [Browser Extensions] => "C:\Users\user\AppData\Roaming\Browser Extensions\CouponsHelper.exe" HKLM-x32\...\Run: [] => [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {3023DAE5-E649-48B1-A0FF-5F2740EC6EC3} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt C:\Windows\system32\Drivers\*.winsecurity Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE68B04B-ABF4-4E83-87FF-42AF4C3F1D5B} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AC84B8D-C29A-41AA-896B-182F9EEFCA51}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC84B8D-C29A-41AA-896B-182F9EEFCA51}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5aa3d933-32c7-4b03-9bcf-13d56020c4b9-4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FB1E323-CF6F-4A3C-B3D7-49BFE05E609F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB1E323-CF6F-4A3C-B3D7-49BFE05E609F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5aa3d933-32c7-4b03-9bcf-13d56020c4b9-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56D2E489-A0B4-4245-9726-A922F777D0DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56D2E489-A0B4-4245-9726-A922F777D0DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5aa3d933-32c7-4b03-9bcf-13d56020c4b9-2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{657BF2F6-5E31-4E92-AE6B-75D59FA839AA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{657BF2F6-5E31-4E92-AE6B-75D59FA839AA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5aa3d933-32c7-4b03-9bcf-13d56020c4b9-7" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B85C45D3-7A19-40F3-ABB8-956C3F77E4B9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B85C45D3-7A19-40F3-ABB8-956C3F77E4B9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5aa3d933-32c7-4b03-9bcf-13d56020c4b9-1" => Key deleted successfully. HKU\S-1-5-21-1593833016-2535897038-1932122431-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Extensions => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully. dgderdrv => Service deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3023DAE5-E649-48B1-A0FF-5F2740EC6EC3}" => Key deleted successfully. "HKCR\CLSID\{3023DAE5-E649-48B1-A0FF-5F2740EC6EC3}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully. C:\Windows\system32\Drivers\*.winsecurity => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE68B04B-ABF4-4E83-87FF-42AF4C3F1D5B} /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= EmptyTemp: => Removed 435.7 MB temporary data. The system needed a reboot. ==== End of Fixlog ====