Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015 Ran by Jimi Hendrix at 2015-07-25 15:23:10 Run:1 Running from C:\Users\Jimi Hendrix\Desktop\no Loaded Profiles: Jimi Hendrix (Available Profiles: Jimi Hendrix) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {7C8EEE2F-3B77-44C7-83FF-B150442228DA} - System32\Tasks\GestureControls => c:\programdata\{f2b250ba-e551-9bb4-f2b2-250bae5542eb}\rimworldalpha11win.zip.exe <==== ATTENTION Task: {6F4A47FE-FE5E-4466-9355-08642AB8BF1C} - System32\Tasks\{5CAFEF63-DF37-4B4F-9BB0-C829456F8A6D} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enGB --uid=wow_engb "--displayname=World of Warcraft" Task: {B16D68EB-816B-48F8-885D-911D92F48C50} - System32\Tasks\{6A71D823-C651-4573-B6E2-FF6BFFF250D3} => pcalua.exe -a G:\setup.exe -d G:\ -c /autorun Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis5574.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GestureControls.job => c:\programdata\{f2b250ba-e551-9bb4-f2b2-250bae5542eb}\rimworldalpha11win.zip.exe <==== ATTENTION c:\programdata\{f2b250ba-e551-9bb4-f2b2-250bae5542eb} C:\ProgramData\cis5574.exe HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis5574.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S4 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] S4 X6va022; \??\C:\WINDOWS\SysWOW64\Drivers\X6va022 [X] S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X] C:\ProgramData\SetStretch.VBS Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32" /s Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" /s Reg: reg query "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" /s Reg: reg query "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32" /s Reg: reg query "HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32" /s Reg: reg query "HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" /s File: C:\Windows\System32\ExplorerFrame.dll File: C:\Windows\SysWOW64\ExplorerFrame.dll EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C8EEE2F-3B77-44C7-83FF-B150442228DA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C8EEE2F-3B77-44C7-83FF-B150442228DA}" => key removed successfully C:\Windows\System32\Tasks\GestureControls => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GestureControls" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F4A47FE-FE5E-4466-9355-08642AB8BF1C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F4A47FE-FE5E-4466-9355-08642AB8BF1C}" => key removed successfully C:\Windows\System32\Tasks\{5CAFEF63-DF37-4B4F-9BB0-C829456F8A6D} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CAFEF63-DF37-4B4F-9BB0-C829456F8A6D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B16D68EB-816B-48F8-885D-911D92F48C50}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B16D68EB-816B-48F8-885D-911D92F48C50}" => key removed successfully C:\Windows\System32\Tasks\{6A71D823-C651-4573-B6E2-FF6BFFF250D3} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A71D823-C651-4573-B6E2-FF6BFFF250D3}" => key removed successfully C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => moved successfully. C:\WINDOWS\Tasks\GestureControls.job => moved successfully. c:\programdata\{f2b250ba-e551-9bb4-f2b2-250bae5542eb} => moved successfully. "C:\ProgramData\cis5574.exe" => File/Folder not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully BRDriver64_1_3_3_E02B25FC => service removed successfully EagleX64 => service removed successfully X6va022 => service removed successfully X6va029 => service removed successfully C:\ProgramData\SetStretch.VBS => moved successfully. ========= reg query "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32" /s ========= ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32" /s ========= ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 (Default) REG_EXPAND_SZ %SystemRoot%\system32\explorerframe.dll ThreadingModel REG_SZ Apartment ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} (Default) REG_SZ Task Bar Communication HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 (Default) REG_EXPAND_SZ %SystemRoot%\system32\explorerframe.dll ThreadingModel REG_SZ Apartment ========= End of Reg: ========= ========================= File: C:\Windows\System32\ExplorerFrame.dll ======================== MD5: 711D110F426EF6C2E705AE1E749F8F02 Creation and modification date: 2015-07-15 11:17 - 2015-05-07 19:00 Size: 3109376 Attributes: ----A Company Name: Microsoft Corporation Internal Name: ExplorerFrame Original Name: ExplorerFrame.dll.mui Product Name: System operacyjny Microsoft® Windows® Description: ExplorerFrame File Version: 6.3.9600.16384 (winblue_rtm.130821-1623) Product Version: 6.3.9600.16384 Copyright: © Microsoft Corporation. Wszelkie prawa zastrzeżone. ====== End of File: ====== ========================= File: C:\Windows\SysWOW64\ExplorerFrame.dll ======================== MD5: 00E077C85F64897F5A4B093DD45CDE93 Creation and modification date: 2015-07-15 11:17 - 2015-05-07 18:12 Size: 2706432 Attributes: ----A Company Name: Microsoft Corporation Internal Name: ExplorerFrame Original Name: ExplorerFrame.dll.mui Product Name: System operacyjny Microsoft® Windows® Description: ExplorerFrame File Version: 6.3.9600.16384 (winblue_rtm.130821-1623) Product Version: 6.3.9600.16384 Copyright: © Microsoft Corporation. Wszelkie prawa zastrzeżone. ====== End of File: ====== EmptyTemp: => 3.2 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 15:23:57 ====