Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by Asus at 2014-12-15 22:23:18 Run:1 Running from C:\Users\Asus\Downloads Loaded Profile: Asus (Available profiles: Asus) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {0df690c1-d9b3-4141-afdc-d714e19d9a12}w64; C:\Windows\System32\drivers\{0df690c1-d9b3-4141-afdc-d714e19d9a12}w64.sys [48776 2014-10-14] (StdLib) R1 {122dd706-8b40-4a1c-86fc-9ffea684e767}w64; C:\Windows\System32\drivers\{122dd706-8b40-4a1c-86fc-9ffea684e767}w64.sys [48776 2014-10-14] (StdLib) R1 {1451f279-8b19-43e6-92be-fda8b8d810d7}w64; C:\Windows\System32\drivers\{1451f279-8b19-43e6-92be-fda8b8d810d7}w64.sys [48776 2014-10-15] (StdLib) R1 {1ffea19d-7c99-423a-a198-c6b90ff23847}w64; C:\Windows\System32\drivers\{1ffea19d-7c99-423a-a198-c6b90ff23847}w64.sys [48776 2014-10-19] (StdLib) R1 {29939914-f8df-4dc3-800d-6e4253a04e3e}w64; C:\Windows\System32\drivers\{29939914-f8df-4dc3-800d-6e4253a04e3e}w64.sys [48776 2014-10-16] (StdLib) R1 {372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64; C:\Windows\System32\drivers\{372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64.sys [48776 2014-10-17] (StdLib) R1 {3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64; C:\Windows\System32\drivers\{3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64.sys [48776 2014-10-18] (StdLib) R1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [44728 2014-09-16] (StdLib) R1 {6c040542-e4d8-449f-9075-ee080e3c93a3}w64; C:\Windows\System32\drivers\{6c040542-e4d8-449f-9075-ee080e3c93a3}w64.sys [48776 2014-10-17] (StdLib) R1 {79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64; C:\Windows\System32\drivers\{79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64.sys [48776 2014-10-20] (StdLib) R1 {a3650fd0-e039-4b5a-b4cd-52f4d60871bd}w64; C:\Windows\System32\drivers\{a3650fd0-e039-4b5a-b4cd-52f4d60871bd}w64.sys [48776 2014-10-22] (StdLib) R1 {b75d34e3-cf9c-41d4-bb80-1d1cbdd91a2e}w64; C:\Windows\System32\drivers\{b75d34e3-cf9c-41d4-bb80-1d1cbdd91a2e}w64.sys [48776 2014-10-21] (StdLib) R1 {bfb10c93-5530-4015-9a3f-61dfa880af58}w64; C:\Windows\System32\drivers\{bfb10c93-5530-4015-9a3f-61dfa880af58}w64.sys [48776 2014-10-22] (StdLib) R1 {d26c8a52-bad3-4ccc-827a-07a116647557}w64; C:\Windows\System32\drivers\{d26c8a52-bad3-4ccc-827a-07a116647557}w64.sys [48776 2014-10-16] (StdLib) R1 {e90ad290-24ce-44cf-8a63-caa4cb6f0cbb}w64; C:\Windows\System32\drivers\{e90ad290-24ce-44cf-8a63-caa4cb6f0cbb}w64.sys [48776 2014-10-16] (StdLib) S4 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [523544 2014-10-29] () S4 Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe [523544 2014-10-29] () U3 catchme; \??\C:\ComboFix\catchme.sys [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-746962273-3746358900-1730051239-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-746962273-3746358900-1730051239-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-746962273-3746358900-1730051239-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-746962273-3746358900-1730051239-1000 -> {926697FC-E360-4A72-B5B0-5F5AB7C5E17A} URL = http://rts.dsrlte.com/?q={searchTerms}&r=926 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKU\S-1-5-21-746962273-3746358900-1730051239-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) Task: {5ABA170B-9F1C-430C-A3F4-746551D4A453} - System32\Tasks\{69771687-76DA-4214-99DB-C7BF3E69A9A1} => pcalua.exe -a C:\Users\Asus\Downloads\vcredist_x64.exe -d C:\Users\Asus\Downloads C:\Program Files (x86)\mozilla firefox\plugins C:\Program Files (x86)\webget C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus C:\ProgramData\TEMP C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\Asus\Desktop\Continue Nokia Monitor Test Installation.lnk C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup C:\Windows\System32\drivers\{0df690c1-d9b3-4141-afdc-d714e19d9a12}w64.sys C:\Windows\System32\drivers\{122dd706-8b40-4a1c-86fc-9ffea684e767}w64.sys C:\Windows\System32\drivers\{1451f279-8b19-43e6-92be-fda8b8d810d7}w64.sys C:\Windows\System32\drivers\{1ffea19d-7c99-423a-a198-c6b90ff23847}w64.sys C:\Windows\System32\drivers\{29939914-f8df-4dc3-800d-6e4253a04e3e}w64.sys C:\Windows\System32\drivers\{372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64.sys C:\Windows\System32\drivers\{3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64.sys C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys C:\Windows\System32\drivers\{6c040542-e4d8-449f-9075-ee080e3c93a3}w64.sys C:\Windows\System32\drivers\{79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64.sys C:\Windows\System32\drivers\{a3650fd0-e039-4b5a-b4cd-52f4d60871bd}w64.sys C:\Windows\System32\drivers\{b75d34e3-cf9c-41d4-bb80-1d1cbdd91a2e}w64.sys C:\Windows\System32\drivers\{bfb10c93-5530-4015-9a3f-61dfa880af58}w64.sys C:\Windows\System32\drivers\{d26c8a52-bad3-4ccc-827a-07a116647557}w64.sys C:\Windows\System32\drivers\{e90ad290-24ce-44cf-8a63-caa4cb6f0cbb}w64.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update webget" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Util webget" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** Processes closed successfully. {0df690c1-d9b3-4141-afdc-d714e19d9a12}w64 => Service stopped successfully. {0df690c1-d9b3-4141-afdc-d714e19d9a12}w64 => Service deleted successfully. {122dd706-8b40-4a1c-86fc-9ffea684e767}w64 => Service stopped successfully. {122dd706-8b40-4a1c-86fc-9ffea684e767}w64 => Service deleted successfully. {1451f279-8b19-43e6-92be-fda8b8d810d7}w64 => Service stopped successfully. {1451f279-8b19-43e6-92be-fda8b8d810d7}w64 => Service deleted successfully. {1ffea19d-7c99-423a-a198-c6b90ff23847}w64 => Service stopped successfully. {1ffea19d-7c99-423a-a198-c6b90ff23847}w64 => Service deleted successfully. {29939914-f8df-4dc3-800d-6e4253a04e3e}w64 => Service stopped successfully. {29939914-f8df-4dc3-800d-6e4253a04e3e}w64 => Service deleted successfully. {372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64 => Service stopped successfully. {372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64 => Service deleted successfully. {3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64 => Service stopped successfully. {3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64 => Service deleted successfully. {55685567-4840-4a91-962b-49a412e9485a}w64 => Service stopped successfully. {55685567-4840-4a91-962b-49a412e9485a}w64 => Service deleted successfully. {6c040542-e4d8-449f-9075-ee080e3c93a3}w64 => Service stopped successfully. {6c040542-e4d8-449f-9075-ee080e3c93a3}w64 => Service deleted successfully. {79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64 => Service stopped successfully. {79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64 => Service deleted successfully. {a3650fd0-e039-4b5a-b4cd-52f4d60871bd}w64 => Service stopped successfully. {a3650fd0-e039-4b5a-b4cd-52f4d60871bd}w64 => Service deleted successfully. {b75d34e3-cf9c-41d4-bb80-1d1cbdd91a2e}w64 => Service stopped successfully. {b75d34e3-cf9c-41d4-bb80-1d1cbdd91a2e}w64 => Service deleted successfully. {bfb10c93-5530-4015-9a3f-61dfa880af58}w64 => Service stopped successfully. {bfb10c93-5530-4015-9a3f-61dfa880af58}w64 => Service deleted successfully. {d26c8a52-bad3-4ccc-827a-07a116647557}w64 => Service stopped successfully. {d26c8a52-bad3-4ccc-827a-07a116647557}w64 => Service deleted successfully. {e90ad290-24ce-44cf-8a63-caa4cb6f0cbb}w64 => Service stopped successfully. {e90ad290-24ce-44cf-8a63-caa4cb6f0cbb}w64 => Service deleted successfully. Update webget => Service deleted successfully. Util webget => Service deleted successfully. catchme => Service deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-746962273-3746358900-1730051239-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-746962273-3746358900-1730051239-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-746962273-3746358900-1730051239-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKU\S-1-5-21-746962273-3746358900-1730051239-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{926697FC-E360-4A72-B5B0-5F5AB7C5E17A}" => Key deleted successfully. "HKCR\CLSID\{926697FC-E360-4A72-B5B0-5F5AB7C5E17A}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. HKU\S-1-5-21-746962273-3746358900-1730051239-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ABA170B-9F1C-430C-A3F4-746551D4A453}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ABA170B-9F1C-430C-A3F4-746551D4A453}" => Key deleted successfully. C:\Windows\System32\Tasks\{69771687-76DA-4214-99DB-C7BF3E69A9A1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{69771687-76DA-4214-99DB-C7BF3E69A9A1}" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. C:\Program Files (x86)\webget => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\Asus\Desktop\Continue Nokia Monitor Test Installation.lnk => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. C:\Windows\System32\drivers\{0df690c1-d9b3-4141-afdc-d714e19d9a12}w64.sys => Moved successfully. C:\Windows\System32\drivers\{122dd706-8b40-4a1c-86fc-9ffea684e767}w64.sys => Moved successfully. C:\Windows\System32\drivers\{1451f279-8b19-43e6-92be-fda8b8d810d7}w64.sys => Moved successfully. C:\Windows\System32\drivers\{1ffea19d-7c99-423a-a198-c6b90ff23847}w64.sys => Moved successfully. C:\Windows\System32\drivers\{29939914-f8df-4dc3-800d-6e4253a04e3e}w64.sys => Moved successfully. C:\Windows\System32\drivers\{372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64.sys => Moved successfully. C:\Windows\System32\drivers\{3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64.sys => Moved successfully. C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys => Moved successfully. C:\Windows\System32\drivers\{6c040542-e4d8-449f-9075-ee080e3c93a3}w64.sys => Moved successfully. C:\Windows\System32\drivers\{79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64.sys => Moved successfully. C:\Windows\System32\drivers\{a3650fd0-e039-4b5a-b4cd-52f4d60871bd}w64.sys => Moved successfully. C:\Windows\System32\drivers\{b75d34e3-cf9c-41d4-bb80-1d1cbdd91a2e}w64.sys => Moved successfully. C:\Windows\System32\drivers\{bfb10c93-5530-4015-9a3f-61dfa880af58}w64.sys => Moved successfully. C:\Windows\System32\drivers\{d26c8a52-bad3-4ccc-827a-07a116647557}w64.sys => Moved successfully. C:\Windows\System32\drivers\{e90ad290-24ce-44cf-8a63-caa4cb6f0cbb}w64.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update webget" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Util webget" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 592.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ====