Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015 Ran by Manikowscy at 2015-01-23 22:50:24 Run:1 Running from C:\Users\Manikowscy\Downloads Loaded Profiles: Manikowscy (Available profiles: Manikowscy) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR RestoreOnStartup: Default -> "hxxp://rts.dsrlte.com?affID=pr_c8263313-de19-4678-9f0b-91d257cdd5b9" CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com?affID=pr_c8263313-de19-4678-9f0b-91d257cdd5b9" CHR DefaultSearchKeyword: Default -> dsrlte.com HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3202145650-2513813934-557568994-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3202145650-2513813934-557568994-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-3202145650-2513813934-557568994-1000 -> {8B62544C-4F3D-450C-9360-A3238DEBD04B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10809 Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-3202145650-2513813934-557568994-1000 -> No Name - {711B8D74-68F7-4C88-A675-B62BA12B8845} - No File CustomCLSID: HKU\S-1-5-21-3202145650-2513813934-557568994-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe No File CustomCLSID: HKU\S-1-5-21-3202145650-2513813934-557568994-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation No File CustomCLSID: HKU\S-1-5-21-3202145650-2513813934-557568994-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation No File Task: {14440BDE-D079-4399-9D59-5D9CB0B53B2A} - System32\Tasks\{D572B549-5A43-42DA-AE82-7F99A7B76F86} => pcalua.exe -a I:\Update\TWEE_Upgrade-Unregistered.exe -d I:\Update S3 catchme; \??\C:\ComboFix\catchme.sys [X] C:\Program Files (x86)\Opera C:\Users\Manikowscy\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Manikowscy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\Manikowscy\AppData\Local\Opera Software C:\Users\Manikowscy\AppData\Roaming\Opera Software C:\Users\Manikowscy\Desktop\programy\Continue AnyProtect Installation.lnk C:\Users\Manikowscy\Desktop\programy\McAfee Security Scan Plus.lnk C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Manikowscy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. Chrome RestoreOnStartup deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-3202145650-2513813934-557568994-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-3202145650-2513813934-557568994-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKU\S-1-5-21-3202145650-2513813934-557568994-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B62544C-4F3D-450C-9360-A3238DEBD04B}" => Key deleted successfully. HKCR\CLSID\{8B62544C-4F3D-450C-9360-A3238DEBD04B} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. HKU\S-1-5-21-3202145650-2513813934-557568994-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{711B8D74-68F7-4C88-A675-B62BA12B8845} => value deleted successfully. HKCR\CLSID\{711B8D74-68F7-4C88-A675-B62BA12B8845} => Key not found. "HKU\S-1-5-21-3202145650-2513813934-557568994-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}" => Key deleted successfully. "HKU\S-1-5-21-3202145650-2513813934-557568994-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}" => Key deleted successfully. "HKU\S-1-5-21-3202145650-2513813934-557568994-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14440BDE-D079-4399-9D59-5D9CB0B53B2A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14440BDE-D079-4399-9D59-5D9CB0B53B2A}" => Key deleted successfully. C:\Windows\System32\Tasks\{D572B549-5A43-42DA-AE82-7F99A7B76F86} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D572B549-5A43-42DA-AE82-7F99A7B76F86}" => Key deleted successfully. catchme => Service deleted successfully. C:\Program Files (x86)\Opera => Moved successfully. C:\Users\Manikowscy\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\Manikowscy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\Manikowscy\AppData\Local\Opera Software => Moved successfully. C:\Users\Manikowscy\AppData\Roaming\Opera Software => Moved successfully. C:\Users\Manikowscy\Desktop\programy\Continue AnyProtect Installation.lnk => Moved successfully. C:\Users\Manikowscy\Desktop\programy\McAfee Security Scan Plus.lnk => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Manikowscy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: =========