Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01 Ran by - at 2015-01-14 20:46:59 Run:1 Running from C:\Users\-\Downloads Loaded Profiles: - & UpdatusUser (Available profiles: - & UpdatusUser & virus & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3842171764-2869596894-789366844-1001\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3842171764-2869596894-789366844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NAV&pvid=21.4.0.13 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3842171764-2869596894-789366844-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3842171764-2869596894-789366844-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NAV&pvid=21.4.0.13 CustomCLSID: HKU\S-1-5-21-3842171764-2869596894-789366844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3842171764-2869596894-789366844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> No File Path Task: {0BDD645A-1D6B-4DB2-B6C3-5E46C85DDF15} - System32\Tasks\{FABF9EBF-0DEA-4A71-A61A-27E3A41FFF8E} => pcalua.exe -a G:\SISetup.exe -d G:\ Task: {34654672-028F-4921-9FDA-A889A4D62CC0} - System32\Tasks\{155D6E6C-5A60-4166-83D1-9FD0F6EB8F31} => pcalua.exe -a C:\Users\-\IN1EGC18WW5.exe -d C:\Users\- Task: {444C6D3A-C651-4BD3-B49A-6E08C791B0BD} - System32\Tasks\{FC4BCAC9-72C6-4E5A-98F2-6A04B840146D} => Chrome.exe Task: {578E4744-B444-4CE4-9734-7CB3CB6CF146} - System32\Tasks\Google Updater and Installer => C:\Users\-\AppData\Local\Google\Update\GoogleUpdate.exe Task: {8D905414-46D3-4741-90A4-738DEDE09920} - System32\Tasks\{A0F0AF63-6FA9-4646-80CB-129CD5DD97DE} => pcalua.exe -a E:\HpSetup.exe -d E:\ Task: {AFC7AF39-D967-48E1-824F-7AA6F17A8247} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: {BC6E7BAF-613D-4638-8979-EEE57C458DA8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: {CD1F8EAA-00CD-4262-951A-EB2FEC8A9FA1} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION HKU\S-1-5-21-3842171764-2869596894-789366844-1001\Software\Classes\exefile: <===== ATTENTION! U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\-\AppData\Local\Temp\catchme.sys [X] S3 gfiark; system32\drivers\gfiark.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath C:\ProgramData\mshaigu.exe C:\Users\-\*.exe C:\Users\-\Downloads\jxpiinstall*.exe C:\Windows\System32\Tasks\Norton Identity Safe CMD: ipconfig /flushdns Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. HKU\S-1-5-21-3842171764-2869596894-789366844-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-3842171764-2869596894-789366844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-3842171764-2869596894-789366844-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-3842171764-2869596894-789366844-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. "HKU\S-1-5-21-3842171764-2869596894-789366844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-3842171764-2869596894-789366844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BDD645A-1D6B-4DB2-B6C3-5E46C85DDF15}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BDD645A-1D6B-4DB2-B6C3-5E46C85DDF15}" => Key deleted successfully. C:\Windows\System32\Tasks\{FABF9EBF-0DEA-4A71-A61A-27E3A41FFF8E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FABF9EBF-0DEA-4A71-A61A-27E3A41FFF8E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34654672-028F-4921-9FDA-A889A4D62CC0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34654672-028F-4921-9FDA-A889A4D62CC0}" => Key deleted successfully. C:\Windows\System32\Tasks\{155D6E6C-5A60-4166-83D1-9FD0F6EB8F31} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{155D6E6C-5A60-4166-83D1-9FD0F6EB8F31}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{444C6D3A-C651-4BD3-B49A-6E08C791B0BD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{444C6D3A-C651-4BD3-B49A-6E08C791B0BD}" => Key deleted successfully. C:\Windows\System32\Tasks\{FC4BCAC9-72C6-4E5A-98F2-6A04B840146D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC4BCAC9-72C6-4E5A-98F2-6A04B840146D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{578E4744-B444-4CE4-9734-7CB3CB6CF146}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{578E4744-B444-4CE4-9734-7CB3CB6CF146}" => Key deleted successfully. C:\Windows\System32\Tasks\Google Updater and Installer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Updater and Installer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D905414-46D3-4741-90A4-738DEDE09920}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D905414-46D3-4741-90A4-738DEDE09920}" => Key deleted successfully. C:\Windows\System32\Tasks\{A0F0AF63-6FA9-4646-80CB-129CD5DD97DE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0F0AF63-6FA9-4646-80CB-129CD5DD97DE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFC7AF39-D967-48E1-824F-7AA6F17A8247}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC7AF39-D967-48E1-824F-7AA6F17A8247}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Analyzer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Analyzer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC6E7BAF-613D-4638-8979-EEE57C458DA8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC6E7BAF-613D-4638-8979-EEE57C458DA8}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Processor => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Processor" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD1F8EAA-00CD-4262-951A-EB2FEC8A9FA1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD1F8EAA-00CD-4262-951A-EB2FEC8A9FA1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => Key deleted successfully. "HKU\S-1-5-21-3842171764-2869596894-789366844-1001\Software\Classes\exefile" => Key deleted successfully. AppMgmt => Service deleted successfully. catchme => Service deleted successfully. gfiark => Service deleted successfully. RtsUIR => Service deleted successfully. sbapifs => Service deleted successfully. USBCCID => Service deleted successfully. Winsock - Google Desktop Search Backup Before First Install => Service deleted successfully. Winsock - Google Desktop Search Backup Before Last Install => Service deleted successfully. C:\ProgramData\mshaigu.exe => Moved successfully. C:\Users\-\*.exe => Moved successfully. C:\Users\-\Downloads\jxpiinstall*.exe => Moved successfully. C:\Windows\System32\Tasks\Norton Identity Safe => Moved successfully. ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr¢¾niono pami©† podr©czn¥ programu rozpoznawania nazw DNS. ========= End of CMD: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 121.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 20:47:31 ====