Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2015 01 Ran by user at 2015-04-20 18:32:04 Run:1 Running from C:\Users\user\Desktop\skan Loaded Profiles: UpdatusUser & user (Available profiles: UpdatusUser & user) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tt.2.126.2015.rar.lnk [2015-03-08] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140914 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140914 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-570667405-809793547-468171985-1002 -> DefaultScope {DCB811C6-E54A-4D26-92BB-64B90605BF8C} URL = SearchScopes: HKU\S-1-5-21-570667405-809793547-468171985-1002 -> {DCB811C6-E54A-4D26-92BB-64B90605BF8C} URL = SearchScopes: HKU\S-1-5-21-570667405-809793547-468171985-1002 -> {ED4235A7-3875-48B4-8E8B-9AB4FDEC7DC8} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=404 S3 cpuz136; \??\C:\Users\user\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" C:\Program Files (x86)\CoupMania C:\Program Files (x86)\WhiatteCoUpon C:\Program Files (x86)\Mozilla Firefox C:\ProgramData\{c7505c27-787c-1612-c750-05c27787709d} C:\ProgramData\8831565796815270903 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk C:\Users\user\AppData\Local\Mozilla C:\Users\user\AppData\Roaming\Mozilla C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk Folder: C:\Windows\SchCache Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Tt.2.126.2015.rar.lnk /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\HKU\S-1-5-21-570667405-809793547-468171985-1001\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\HKU\S-1-5-21-570667405-809793547-468171985-1001\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Restore point was successfully created. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tt.2.126.2015.rar.lnk => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKU\S-1-5-21-570667405-809793547-468171985-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-570667405-809793547-468171985-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DCB811C6-E54A-4D26-92BB-64B90605BF8C}" => Key deleted successfully. HKCR\CLSID\{DCB811C6-E54A-4D26-92BB-64B90605BF8C} => Key not found. HKU\S-1-5-21-570667405-809793547-468171985-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED4235A7-3875-48B4-8E8B-9AB4FDEC7DC8} => Key not found. HKCR\CLSID\{ED4235A7-3875-48B4-8E8B-9AB4FDEC7DC8} => Key not found. cpuz136 => Service deleted successfully. IntcAzAudAddService => Service deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => Key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp => Key not found. C:\Program Files (x86)\CoupMania => Moved successfully. C:\Program Files (x86)\WhiatteCoUpon => Moved successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\ProgramData\{c7505c27-787c-1612-c750-05c27787709d} => Moved successfully. C:\ProgramData\8831565796815270903 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk => Moved successfully. C:\Users\user\AppData\Local\Mozilla => Moved successfully. C:\Users\user\AppData\Roaming\Mozilla => Moved successfully. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk => Moved successfully. ========================= Folder: C:\Windows\SchCache ======================== ====== End of Folder: ====== ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Tt.2.126.2015.rar.lnk /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\HKU\S-1-5-21-570667405-809793547-468171985-1001\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\HKU\S-1-5-21-570667405-809793547-468171985-1001\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= EmptyTemp: => Removed 5.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:39:45 ====