Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-01-2015 Ran by Mikus at 2015-01-06 14:39:27 Run:1 Running from C:\Users\Mikus\Desktop Loaded Profile: Mikus (Available profiles: Mikus) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: CHR HKLM\...\Chrome\Extension: [ajbfjlbjonnckokbmkeiammcgkdciial] - C:\Users\Mikus\AppData\Local\Temp\tbch.crx [Not Found] URLSearchHook: HKU\S-1-5-21-1441841916-1275126410-3063703315-1000 - (No Name) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1441841916-1275126410-3063703315-1000\...\Run: [LightShot] => C:\Users\Mikus\AppData\Local\Skillbrains\lightshot\Lightshot.exe S4 sptd; System32\Drivers\sptd.sys [X] S3 TEAM; system32\DRIVERS\RtTeam60.sys [X] Task: {02685336-0BFF-4F6C-9E6C-F0090D9234A6} - System32\Tasks\{779689FF-CCDF-406C-8FEA-947D3EB44A46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{153898EE-EECA-471E-8E33-C8485EA84C07}\setup.exe" -c -runfromtemp -l0x0009 -removeonly Task: {1D19BA5A-1AF6-49C5-9C64-AADA31B86051} - System32\Tasks\{43F6DD23-29A7-4548-8721-619679E9B816} => pcalua.exe -a C:\Users\Mikus\Desktop\Zumas.Revenge.v1.0.Cracked-F4CG_zolin\setup.exe -d C:\Users\Mikus\Desktop\Zumas.Revenge.v1.0.Cracked-F4CG_zolin Task: {315A49F9-4341-40A9-B27A-E2F1022DEBA4} - System32\Tasks\{9BED32EE-4706-4024-9348-209EE86B1E18} => pcalua.exe -a "C:\Users\Mikus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RTRKYNZ\ImageShackToolbar[1].exe" -d C:\Users\Mikus\Desktop Task: {6C1CD95D-F706-4D74-99FD-21FB14DA12A3} - System32\Tasks\{583F1885-4329-43CD-A3F1-7DF8676298E4} => pcalua.exe -a C:\Users\Mikus\Desktop\LCVM_PCDRV_US_1_03_02.exe -d C:\Users\Mikus\Desktop Task: {CBA2652D-DB9E-4137-A263-95076034F755} - System32\Tasks\{8139D3A7-823E-4BC0-861B-B67D06427267} => pcalua.exe -a "C:\Program Files\MailShare\Downloads\TurboMahjong.exe" -d "C:\Program Files\MailShare\Downloads" Task: {E60BB5C5-D662-41C9-AA00-F82E0643B292} - System32\Tasks\{B696C274-90C6-44F1-B7A1-B0C240800631} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/pl/abandoninstall?page=tsProgressBar Task: {E7ECB289-5FD7-40E8-BCB9-440937704220} - System32\Tasks\{81A7B6CF-65DD-4029-9D27-01C43FE8F6C7} => pcalua.exe -a F:\TL-WN722N\QSS-722.exe -d F:\TL-WN722N Task: {F715FF60-032F-464E-98A9-6E369646F3CF} - System32\Tasks\{983FAF59-1059-47FC-B6E3-456798541854} => pcalua.exe -a "D:\Gry\c&c 3\CNC3.exe" -d "D:\Gry\c&c 3" C:\ProgramData\TEMP C:\Users\Mikus\AppData\Local\Temp*.html C:\Users\Mikus\AppData\Roaming\WebTest Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Google\Chrome\Extensions\ajbfjlbjonnckokbmkeiammcgkdciial" => Key deleted successfully. HKU\S-1-5-21-1441841916-1275126410-3063703315-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8532a8b7-c06a-41bb-936a-8ce73e4711ed} => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-1441841916-1275126410-3063703315-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LightShot => value deleted successfully. sptd => Service deleted successfully. TEAM => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02685336-0BFF-4F6C-9E6C-F0090D9234A6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02685336-0BFF-4F6C-9E6C-F0090D9234A6}" => Key deleted successfully. C:\Windows\System32\Tasks\{779689FF-CCDF-406C-8FEA-947D3EB44A46} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{779689FF-CCDF-406C-8FEA-947D3EB44A46}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D19BA5A-1AF6-49C5-9C64-AADA31B86051}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D19BA5A-1AF6-49C5-9C64-AADA31B86051}" => Key deleted successfully. C:\Windows\System32\Tasks\{43F6DD23-29A7-4548-8721-619679E9B816} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43F6DD23-29A7-4548-8721-619679E9B816}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{315A49F9-4341-40A9-B27A-E2F1022DEBA4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{315A49F9-4341-40A9-B27A-E2F1022DEBA4}" => Key deleted successfully. C:\Windows\System32\Tasks\{9BED32EE-4706-4024-9348-209EE86B1E18} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BED32EE-4706-4024-9348-209EE86B1E18}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C1CD95D-F706-4D74-99FD-21FB14DA12A3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1CD95D-F706-4D74-99FD-21FB14DA12A3}" => Key deleted successfully. C:\Windows\System32\Tasks\{583F1885-4329-43CD-A3F1-7DF8676298E4} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{583F1885-4329-43CD-A3F1-7DF8676298E4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBA2652D-DB9E-4137-A263-95076034F755}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA2652D-DB9E-4137-A263-95076034F755}" => Key deleted successfully. C:\Windows\System32\Tasks\{8139D3A7-823E-4BC0-861B-B67D06427267} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8139D3A7-823E-4BC0-861B-B67D06427267}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E60BB5C5-D662-41C9-AA00-F82E0643B292}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E60BB5C5-D662-41C9-AA00-F82E0643B292}" => Key deleted successfully. C:\Windows\System32\Tasks\{B696C274-90C6-44F1-B7A1-B0C240800631} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B696C274-90C6-44F1-B7A1-B0C240800631}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7ECB289-5FD7-40E8-BCB9-440937704220}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7ECB289-5FD7-40E8-BCB9-440937704220}" => Key deleted successfully. C:\Windows\System32\Tasks\{81A7B6CF-65DD-4029-9D27-01C43FE8F6C7} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81A7B6CF-65DD-4029-9D27-01C43FE8F6C7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F715FF60-032F-464E-98A9-6E369646F3CF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F715FF60-032F-464E-98A9-6E369646F3CF}" => Key deleted successfully. C:\Windows\System32\Tasks\{983FAF59-1059-47FC-B6E3-456798541854} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{983FAF59-1059-47FC-B6E3-456798541854}" => Key deleted successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Mikus\AppData\Local\Temp*.html => Moved successfully. C:\Users\Mikus\AppData\Roaming\WebTest => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog 14:40:26 ====