Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01 Ran by user at 2014-05-12 09:51:14 Run:1 Running from C:\Users\user\Downloads\FRST-OlderVersion Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Program Files (x86)\Show-Password-soft\Show-Passwordnt161.exe () C:\Program Files (x86)\Show-Password-soft\Show-Passwordh.exe R2 Show-Password; C:\Program Files (x86)\Show-Password-soft\Show-Passwordnt161.exe [143872 2014-04-30] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] Task: {27E92876-D87A-4AB0-B97F-45776E3DD17D} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION Task: {7F2A4DC4-1390-456B-B189-7396D8FE1B32} - System32\Tasks\Show-Password_wd => C:\Program Files (x86)\Show-Password-soft\Show-Passwordh.exe [2014-04-30] () <==== ATTENTION Task: C:\Windows\Tasks\Show-Password_wd.job => C:\Program Files (x86)\Show-Password-soft\Show-Passwordh.exe <==== ATTENTION FF HKCU\...\Firefox\Extensions: [{CF65F30F-93B5-EF17-1F6C-B680986E4544}] - C:\Program Files (x86)\Show-Password-soft\161.xpi GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:14366 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {5DDB52BC-A883-4865-91B7-A85ECC079FB3} URL = SearchScopes: HKCU - {5DDB52BC-A883-4865-91B7-A85ECC079FB3} URL = C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player C:\Users\user\Desktop\FLV Player.lnk C:\Windows\SysWOW64\GroupPolicy\GPT.INI C:\Windows\SysWOW64\sqlite3.dll C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤 Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {5DDB52BC-A883-4865-91B7-A85ECC079FB3} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reboot: ***************** [1156] C:\Program Files (x86)\Show-Password-soft\Show-Passwordnt161.exe => Process closed successfully. [111088] C:\Program Files (x86)\Show-Password-soft\Show-Passwordh.exe => Process closed successfully. Show-Password => Service deleted successfully. catchme => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27E92876-D87A-4AB0-B97F-45776E3DD17D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27E92876-D87A-4AB0-B97F-45776E3DD17D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F2A4DC4-1390-456B-B189-7396D8FE1B32} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F2A4DC4-1390-456B-B189-7396D8FE1B32} => Key deleted successfully. C:\Windows\System32\Tasks\Show-Password_wd => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Show-Password_wd => Key deleted successfully. C:\Windows\Tasks\Show-Password_wd.job => Moved successfully. HKCU\Software\Mozilla\Firefox\Extensions\\{CF65F30F-93B5-EF17-1F6C-B680986E4544} => Value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DDB52BC-A883-4865-91B7-A85ECC079FB3} => Key deleted successfully. HKCR\CLSID\{5DDB52BC-A883-4865-91B7-A85ECC079FB3} => Key not found. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player => Moved successfully. C:\Users\user\Desktop\FLV Player.lnk => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.INI => Moved successfully. C:\Windows\SysWOW64\sqlite3.dll => Moved successfully. "C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤" => File/Directory not found. ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {5DDB52BC-A883-4865-91B7-A85ECC079FB3} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====