Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Izabela at 2014-09-21 21:12:26 Run:1
Running from C:\Users\Izabela\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61624 2014-08-06] (StdLib)
R1 {825c5be7-672f-4c14-9929-48a3a5e1a660}Gw64; C:\Windows\System32\drivers\{825c5be7-672f-4c14-9929-48a3a5e1a660}Gw64.sys [61120 2014-07-08] (StdLib)
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [325408 2014-09-21] ()
R2 Update Rock Turner; C:\Program Files (x86)\Rock Turner\updateRockTurner.exe [325408 2014-09-21] ()
R2 UpdaterSvcRockTurner; C:\Program Files (x86)\Rock Turner\updater.exe [135968 2014-07-09] ()
R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [325408 2014-09-21] ()
R2 Util Rock Turner; C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe [325408 2014-09-21] ()
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
HKU\S-1-5-21-3416864892-2804832870-1591593753-1001\...\Run: [Yahoo! Search] => C:\Users\Izabela\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe [438632 2014-09-18] (Pay By Ads LTD)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210960 2014-04-08] (Aztec Media Inc)
Task: C:\Windows\Tasks\Yahoo! Search Udpater.job => C:\Users\Izabela\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\Yahoo! Search.job => C:\Users\Izabela\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe <==== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.
com
?affID=na
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=n&ver=12349&tm=334&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=n&ver=12349&tm=334&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=n&ver=12349&tm=334&src=ds&p={searchTerms}
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO-x32: Rock Turner -> {527b365c-1bd3-4a66-906f-8729805ce78c} -> C:\Program Files (x86)\Rock Turner\RockTurnerbho.dll (Rock Turner)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
CHR HomePage: Default -> hxxp://rts.dsrlte.com?affID=na
CHR RestoreOnStartup: Default -> "hxxp://rts.dsrlte.com?affID=na"
CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com?affID=na"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Program Files (x86)\Linkey
C:\ProgramData\AVAST Software
C:\ProgramData\TEMP
C:\Users\Izabela\AppData\Roaming\SimilarSites
C:\Users\Izabela\Downloads\uninstall.exe
C:\Windows\SysWOW64\GroupPolicy\GPT.INI
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys
C:\Windows\System32\drivers\{825c5be7-672f-4c14-9929-48a3a5e1a660}Gw64.sys
Folder: C:\Users\Izabela\AppData\Roaming\Opera Software\Opera Stable\Extensions
CMD: type "C:\Users\Izabela\AppData\Roaming\Opera Software\Opera Stable\Preferences"
Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s
*****************

Processes closed successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64 => Unable to stop service
{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64 => Service deleted successfully.
{825c5be7-672f-4c14-9929-48a3a5e1a660}Gw64 => Unable to stop service
{825c5be7-672f-4c14-9929-48a3a5e1a660}Gw64 => Service deleted successfully.
Update NetCrawl => Unable to stop service
Update NetCrawl => Service deleted successfully.
Update Rock Turner => Unable to stop service
Update Rock Turner => Service deleted successfully.
UpdaterSvcRockTurner => Service deleted successfully.
Util NetCrawl => Unable to stop service
Util NetCrawl => Service deleted successfully.
Util Rock Turner => Unable to stop service
Util Rock Turner => Service deleted successfully.
Nero BackItUp Scheduler 4.0 => Service deleted successfully.
HKU\S-1-5-21-3416864892-2804832870-1591593753-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully.
"C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll" => Value Data removed successfully.
C:\Windows\Tasks\Yahoo! Search Udpater.job => Moved successfully.
C:\Windows\Tasks\Yahoo! Search.job => Moved successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
com => Error: No automatic fix found for this entry.
?affID=na => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
"HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{527b365c-1bd3-4a66-906f-8729805ce78c}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{527b365c-1bd3-4a66-906f-8729805ce78c}" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
Chrome HomePage deleted successfully.
Chrome RestoreOnStartup deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Program Files (x86)\Linkey => Moved successfully.
C:\ProgramData\AVAST Software => Moved successfully.
C:\ProgramData\TEMP => Moved successfully.
C:\Users\Izabela\AppData\Roaming\SimilarSites => Moved successfully.
C:\Users\Izabela\Downloads\uninstall.exe => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.INI => Moved successfully.
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys => Moved successfully.
C:\Windows\System32\drivers\{825c5be7-672f-4c14-9929-48a3a5e1a660}Gw64.sys => Moved successfully.

========================= Folder: C:\Users\Izabela\AppData\Roaming\Opera Software\Opera Stable\Extensions ========================

Directory Not Found

=========  type "C:\Users\Izabela\AppData\Roaming\Opera Software\Opera Stable\Preferences" =========


========= End of CMD: =========


========= reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========



The system needed a reboot. 

==== End of Fixlog ====