Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Soob at 2015-01-25 15:52:59 Run:1 Running from C:\Users\Soob\Desktop Loaded Profiles: Soob (Available profiles: Soob) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S3 zgdcat; No ImagePath S3 zgdcdiag; No ImagePath S3 zgdcmdm; No ImagePath S3 zgdcnet; No ImagePath S3 zgdcnmea; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X] ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File CHR HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-682461631-3795882564-1583022148-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-682461631-3795882564-1583022148-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-682461631-3795882564-1583022148-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3306681&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP7F1F2992-7DB7-4668-8818-942EDA2EA8F3&q={SearchTerms} SearchScopes: HKU\S-1-5-21-682461631-3795882564-1583022148-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3306681&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP7F1F2992-7DB7-4668-8818-942EDA2EA8F3&q={SearchTerms} SearchScopes: HKU\S-1-5-21-682461631-3795882564-1583022148-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=ch_4802&q={searchTerms} SearchScopes: HKU\S-1-5-21-682461631-3795882564-1583022148-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] CHR HKLM-x32\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\Soob\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jfeamifeonnccnmggejamaikapdibimp] - No Path FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\testlog.txt FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml Task: {0830B297-349A-407D-B5FD-FBE685B9DCCA} - System32\Tasks\{31D1E1E9-B724-4E28-9D65-0AEACB3B40B7} => pcalua.exe -a C:\Users\Soob\Desktop\vcredist_x86.exe -d C:\Users\Soob\Desktop Task: {20783438-550F-45C8-97F5-147F41023EB2} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {6FCA8E90-440F-4EC5-8DD5-621D079A3D00} - System32\Tasks\OptimizerPro1UpdaterTask{AE29BFE2-1241-4086-A447-4C28B29CE804} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION Task: {84834236-7A05-47CA-B478-B644CBCBC7C3} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe Task: {A2B9BF98-0C65-4146-A6FB-B3396DAA26B5} - System32\Tasks\{31B9440E-4B0D-4FC2-A723-EE51EDE9C5CA} => pcalua.exe -a D:\Manhunt\Manhunt\setup.exe -d D:\Manhunt\Manhunt Task: {AEF3D121-4AC7-4058-AA81-E29BB94AB182} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION Task: {B0628BB6-CB65-4924-917C-F1A1B8337821} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f C:\Program Files (x86)\DLLSuite C:\ProgramData\APN C:\ProgramData\TEMP C:\ProgramData\Weskysoft C:\Users\Soob\AppData\Roaming\LiveSupport.exe_log.txt C:\Users\Soob\AppData\Roaming\mbam.context.scan C:\Users\Soob\AppData\Roaming\regsvr32.exe_log.txt C:\Users\Soob\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com C:\Users\Soob\AppData\Roaming\Solvusoft C:\Windows\system32\roboot64.exe EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. zgdcat => Service deleted successfully. zgdcdiag => Service deleted successfully. zgdcmdm => Service deleted successfully. zgdcnet => Service deleted successfully. zgdcnmea => Service deleted successfully. catchme => Service deleted successfully. gdrv => Service deleted successfully. massfilter_lte => Service deleted successfully. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => Key not found. "HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-682461631-3795882564-1583022148-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKU\S-1-5-21-682461631-3795882564-1583022148-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. "HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully. HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found. "HKU\S-1-5-21-682461631-3795882564-1583022148-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully. HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aohddidmgooofkgohkbkaohadkolgejj" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfeamifeonnccnmggejamaikapdibimp" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\testlog.txt => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0830B297-349A-407D-B5FD-FBE685B9DCCA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0830B297-349A-407D-B5FD-FBE685B9DCCA}" => Key deleted successfully. C:\Windows\System32\Tasks\{31D1E1E9-B724-4E28-9D65-0AEACB3B40B7} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31D1E1E9-B724-4E28-9D65-0AEACB3B40B7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20783438-550F-45C8-97F5-147F41023EB2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20783438-550F-45C8-97F5-147F41023EB2}" => Key deleted successfully. C:\Windows\System32\Tasks\DLL-files.com Fixer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLL-files.com Fixer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6FCA8E90-440F-4EC5-8DD5-621D079A3D00}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FCA8E90-440F-4EC5-8DD5-621D079A3D00}" => Key deleted successfully. C:\Windows\System32\Tasks\OptimizerPro1UpdaterTask{AE29BFE2-1241-4086-A447-4C28B29CE804} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OptimizerPro1UpdaterTask{AE29BFE2-1241-4086-A447-4C28B29CE804}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84834236-7A05-47CA-B478-B644CBCBC7C3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84834236-7A05-47CA-B478-B644CBCBC7C3}" => Key deleted successfully. C:\Windows\System32\Tasks\Installation App Launcher => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installation App Launcher" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2B9BF98-0C65-4146-A6FB-B3396DAA26B5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2B9BF98-0C65-4146-A6FB-B3396DAA26B5}" => Key deleted successfully. C:\Windows\System32\Tasks\{31B9440E-4B0D-4FC2-A723-EE51EDE9C5CA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31B9440E-4B0D-4FC2-A723-EE51EDE9C5CA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEF3D121-4AC7-4058-AA81-E29BB94AB182}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEF3D121-4AC7-4058-AA81-E29BB94AB182}" => Key deleted successfully. C:\Windows\System32\Tasks\DealPlyUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0628BB6-CB65-4924-917C-F1A1B8337821}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0628BB6-CB65-4924-917C-F1A1B8337821}" => Key deleted successfully. C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= BŁĄD: System nie znalazł w rejestrze określonego klucza albo wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= C:\Program Files (x86)\DLLSuite => Moved successfully. C:\ProgramData\APN => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\Weskysoft => Moved successfully. C:\Users\Soob\AppData\Roaming\LiveSupport.exe_log.txt => Moved successfully. C:\Users\Soob\AppData\Roaming\mbam.context.scan => Moved successfully. C:\Users\Soob\AppData\Roaming\regsvr32.exe_log.txt => Moved successfully. C:\Users\Soob\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com => Moved successfully. C:\Users\Soob\AppData\Roaming\Solvusoft => Moved successfully. C:\Windows\system32\roboot64.exe => Moved successfully. EmptyTemp: => Removed 36 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:53:10 ====