Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015 Ran by Agata (2015-07-30 16:23:57) Run:1 Running from C:\Users\Agata\Downloads Loaded Profiles: Agata (Available Profiles: Agata) Boot Mode: Normal ============================================== fixlist content: ***************** Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f AppInit_DLLs: C:\ProgramData\SecurityUtility\SecurityUtility64.dll => C:\ProgramData\SecurityUtility\SecurityUtility64.dll [978944 2015-07-29] (SecurityUtility) AppInit_DLLs-x32: C:\ProgramData\SecurityUtility\SecurityUtility32.dll => C:\ProgramData\SecurityUtility\SecurityUtility32.dll [784896 2015-07-29] (SecurityUtility) Task: {0427B3E3-3FEE-4871-8F77-AFD137F52C93} - System32\Tasks\{8677B996-FCE6-4F54-885C-93E7FF6C2567} => pcalua.exe -a C:\Users\Agata\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor Task: {05E23C15-8EA3-4439-91C3-6DF4EA18D4DC} - System32\Tasks\{784998BD-9782-43A0-8144-2A24F015D57C} => pcalua.exe -a C:\Windows\COREL\UNINST32.EXE C:\Users\Agata\AppData\Roaming\sweet-page\ Task: {288418E6-D1DC-46FF-AF49-4CDE00F62B18} - System32\Tasks\{2832CF76-0316-497A-866E-AE880A48B69F} => pcalua.exe -a C:\Users\Agata\Desktop\Easy_Display_Manager_3.2.5.0\setup.exe -d C:\Users\Agata\Desktop\Easy_Display_Manager_3.2.5.0 Task: {42B0AD6E-AE06-4001-A811-2C4768D28BE1} - System32\Tasks\{A804097A-2F3B-426F-A49C-F8BDB1ED6BC1} => pcalua.exe -a C:\Users\Agata\Desktop\Easy_Display_Manager_3.1.5.0\setup.exe -d C:\Users\Agata\Desktop\Easy_Display_Manager_3.1.5.0 Task: {5572AC11-9D13-4526-953B-A4A7E7ED6BCA} - System32\Tasks\{81EA23D6-C2B6-4641-9AB4-D08EFEBA95E9} => pcalua.exe -a D:\MOVIE_MAKER_PL_INSTALLER.exe -d D:\ Task: {56B5ED1C-7BC6-4731-BDCB-0D380B75809C} - System32\Tasks\{6013FD13-7A16-4B35-9804-A6DD4F370CEC} => pcalua.exe -a C:\Users\Agata\Downloads\Swf2Avi_Setup(2).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {65E6C50E-3833-4439-AAC4-AF32BDB11DE8} - System32\Tasks\DZTRCFHC1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe [2015-07-29] (SecurityUtility) <==== ATTENTION Task: {9547888E-55BA-4118-AE36-D14F4626A577} - System32\Tasks\{285166DF-E7B7-43A5-9DDC-B955D2373709} => pcalua.exe -a "C:\Program Files (x86)\Corel\Corel Painter 11\Setup\Setup.exe" -d "C:\Program Files (x86)\Corel\Corel Painter 11\Setup" Task: {97221805-52A6-4150-B485-4B03825C5ED1} - System32\Tasks\{1C186B48-74E2-42FE-8B7E-DA4AD8436A7D} => pcalua.exe -a E:\setup.exe -d E:\ Task: {9B8B34FC-DEA9-4B7F-9925-777A05981026} - System32\Tasks\{EA218B42-D195-4AB2-BA5F-13DABA1E4740} => pcalua.exe -a C:\Users\Agata\Desktop\FontLab\FLS5WinFull.exe -d C:\Users\Agata\Desktop\FontLab Task: {B2B82C1D-AA83-43B8-B947-3F6DF9D9744E} - System32\Tasks\{6576076C-4EE9-49CF-A169-DFC4AD9F2C1D} => pcalua.exe -a "C:\Users\Agata\Desktop\Natural Ilusion Studio\Crack Nufsoft.Nature.Illusion.Studio.v2.20 «Ô www.zaza.net.ua.exe" -d "C:\Users\Agata\Desktop\Natural Ilusion Studio" Task: {D67DAF37-19AC-457D-BD26-51B760E6F834} - System32\Tasks\{CA557465-BAF3-4EA9-A3E6-F6DF57A1EFF5} => pcalua.exe -a "C:\Users\Agata\Desktop\Crack Nufsoft.Nature.Illusion.Studio.v2.20 «Ô www.zaza.net.ua.exe" -d C:\Users\Agata\Desktop Task: {DE8AD3B5-9977-402F-B401-2FFF9B7363B1} - System32\Tasks\{0395B830-924C-4B93-8D95-484AA276CD7D} => pcalua.exe -a C:\Users\Agata\Downloads\FLS5WinDemo.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {E1F518D0-822F-4BAC-A97F-942B015BF2E5} - System32\Tasks\{C5AB39F4-056E-4882-8D03-FCCF41263DF9} => pcalua.exe -a C:\Users\Agata\Downloads\HijackThis_v1.99.1.exe -d C:\Users\Agata\Downloads Task: C:\Windows\Tasks\DZTRCFHC1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION C:\ProgramData\SecurityUtility HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-07-03] <==== ATTENTION S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe" [X] C:\Windows\System32\Tasks\DZTRCFHC1 EmptyTemp: ***************** ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= "C:\ProgramData\SecurityUtility\SecurityUtility64.dll" => Value data not found. "C:\ProgramData\SecurityUtility\SecurityUtility32.dll" => Value data not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0427B3E3-3FEE-4871-8F77-AFD137F52C93}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0427B3E3-3FEE-4871-8F77-AFD137F52C93}" => key removed successfully C:\Windows\System32\Tasks\{8677B996-FCE6-4F54-885C-93E7FF6C2567} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8677B996-FCE6-4F54-885C-93E7FF6C2567}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05E23C15-8EA3-4439-91C3-6DF4EA18D4DC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05E23C15-8EA3-4439-91C3-6DF4EA18D4DC}" => key removed successfully C:\Windows\System32\Tasks\{784998BD-9782-43A0-8144-2A24F015D57C} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{784998BD-9782-43A0-8144-2A24F015D57C}" => key removed successfully "C:\Users\Agata\AppData\Roaming\sweet-page" => File/Folder not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{288418E6-D1DC-46FF-AF49-4CDE00F62B18}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{288418E6-D1DC-46FF-AF49-4CDE00F62B18}" => key removed successfully C:\Windows\System32\Tasks\{2832CF76-0316-497A-866E-AE880A48B69F} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2832CF76-0316-497A-866E-AE880A48B69F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B0AD6E-AE06-4001-A811-2C4768D28BE1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B0AD6E-AE06-4001-A811-2C4768D28BE1}" => key removed successfully C:\Windows\System32\Tasks\{A804097A-2F3B-426F-A49C-F8BDB1ED6BC1} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A804097A-2F3B-426F-A49C-F8BDB1ED6BC1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5572AC11-9D13-4526-953B-A4A7E7ED6BCA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5572AC11-9D13-4526-953B-A4A7E7ED6BCA}" => key removed successfully C:\Windows\System32\Tasks\{81EA23D6-C2B6-4641-9AB4-D08EFEBA95E9} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81EA23D6-C2B6-4641-9AB4-D08EFEBA95E9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56B5ED1C-7BC6-4731-BDCB-0D380B75809C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56B5ED1C-7BC6-4731-BDCB-0D380B75809C}" => key removed successfully C:\Windows\System32\Tasks\{6013FD13-7A16-4B35-9804-A6DD4F370CEC} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6013FD13-7A16-4B35-9804-A6DD4F370CEC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65E6C50E-3833-4439-AAC4-AF32BDB11DE8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E6C50E-3833-4439-AAC4-AF32BDB11DE8}" => key removed successfully C:\Windows\System32\Tasks\DZTRCFHC1 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DZTRCFHC1" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9547888E-55BA-4118-AE36-D14F4626A577}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9547888E-55BA-4118-AE36-D14F4626A577}" => key removed successfully C:\Windows\System32\Tasks\{285166DF-E7B7-43A5-9DDC-B955D2373709} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{285166DF-E7B7-43A5-9DDC-B955D2373709}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97221805-52A6-4150-B485-4B03825C5ED1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97221805-52A6-4150-B485-4B03825C5ED1}" => key removed successfully C:\Windows\System32\Tasks\{1C186B48-74E2-42FE-8B7E-DA4AD8436A7D} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C186B48-74E2-42FE-8B7E-DA4AD8436A7D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B8B34FC-DEA9-4B7F-9925-777A05981026}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B8B34FC-DEA9-4B7F-9925-777A05981026}" => key removed successfully C:\Windows\System32\Tasks\{EA218B42-D195-4AB2-BA5F-13DABA1E4740} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA218B42-D195-4AB2-BA5F-13DABA1E4740}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B82C1D-AA83-43B8-B947-3F6DF9D9744E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B82C1D-AA83-43B8-B947-3F6DF9D9744E}" => key removed successfully C:\Windows\System32\Tasks\{6576076C-4EE9-49CF-A169-DFC4AD9F2C1D} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6576076C-4EE9-49CF-A169-DFC4AD9F2C1D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D67DAF37-19AC-457D-BD26-51B760E6F834}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67DAF37-19AC-457D-BD26-51B760E6F834}" => key removed successfully C:\Windows\System32\Tasks\{CA557465-BAF3-4EA9-A3E6-F6DF57A1EFF5} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA557465-BAF3-4EA9-A3E6-F6DF57A1EFF5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE8AD3B5-9977-402F-B401-2FFF9B7363B1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE8AD3B5-9977-402F-B401-2FFF9B7363B1}" => key removed successfully C:\Windows\System32\Tasks\{0395B830-924C-4B93-8D95-484AA276CD7D} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0395B830-924C-4B93-8D95-484AA276CD7D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1F518D0-822F-4BAC-A97F-942B015BF2E5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1F518D0-822F-4BAC-A97F-942B015BF2E5}" => key removed successfully C:\Windows\System32\Tasks\{C5AB39F4-056E-4882-8D03-FCCF41263DF9} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5AB39F4-056E-4882-8D03-FCCF41263DF9}" => key removed successfully C:\Windows\Tasks\DZTRCFHC1.job => moved successfully. C:\ProgramData\SecurityUtility => moved successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully. WsDrvInst => service removed successfully "C:\Windows\System32\Tasks\DZTRCFHC1" => File/Folder not found. EmptyTemp: => 165.1 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:24:14 ====