Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 Ran by MONSTER (18-02-2017 09:13:04) Run:1 Running from C:\Users\MONSTER\Desktop Loaded Profiles: MONSTER (Available Profiles: defaultuser1 & MONSTER) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: () C:\Windows\Temp\gB524.tmp.exe HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\gB524.tmp.exe [248320 2017-02-17] () SearchScopes: HKU\S-1-5-21-3888481642-677613265-3218227817-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630 SearchScopes: HKU\S-1-5-21-3888481642-677613265-3218227817-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630 S3 catchme; \??\C:\Users\MONSTER\AppData\Local\Temp\catchme.sys [X] 2017-02-12 10:42 - 2017-02-17 21:38 - 00000000 ___HD C:\ProgramData\8958l50A34c720 2017-02-12 10:42 - 2017-02-12 10:42 - 00016812 _____ C:\Windows\System32\Tasks\8958l50A34c720 C:\Windows\TEMP\gB524.tmp.exe Task: {84285716-C276-4AD0-B436-FAA67EE259FF} - System32\Tasks\8958l50A34c720 => Rundll32.exe "C:\ProgramData\8958l50A34c720\8958l50A34c720.dll",lAcqxFh 2017-02-12 10:42 - 2014-03-22 12:34 - 02997760 _____ () C:\ProgramData\8958l50A34c720\8958l50A34c720.dll 2017-02-17 21:42 - 2017-02-17 21:42 - 03288576 _____ () C:\Windows\TEMP\g4FAF.tmp 2017-02-17 21:41 - 2017-02-17 21:41 - 00248320 _____ () C:\Windows\TEMP\gB524.tmp.exe FirewallRules: [{FA2548A3-D0F3-49D4-94F6-73D938C9CE00}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{A9119291-A62D-40B3-BA6D-7CFB3D527622}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{265181B9-3151-4AF5-9CBE-D54A0922A95D}] => (Allow) C:\Windows\System32\rundll32.exe EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. C:\Windows\Temp\gB524.tmp.exe => No running process found HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wd => value not found. HKU\S-1-5-21-3888481642-677613265-3218227817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-3888481642-677613265-3218227817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} => key removed successfully HKCR\CLSID\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} => key not found. HKLM\System\CurrentControlSet\Services\catchme => key removed successfully catchme => service removed successfully C:\ProgramData\8958l50A34c720 => moved successfully C:\Windows\System32\Tasks\8958l50A34c720 => moved successfully C:\Windows\TEMP\gB524.tmp.exe => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{84285716-C276-4AD0-B436-FAA67EE259FF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84285716-C276-4AD0-B436-FAA67EE259FF} => key removed successfully C:\Windows\System32\Tasks\8958l50A34c720 => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8958l50A34c720 => key removed successfully "C:\ProgramData\8958l50A34c720\8958l50A34c720.dll" => not found. C:\Windows\TEMP\g4FAF.tmp => moved successfully "C:\Windows\TEMP\gB524.tmp.exe" => not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2548A3-D0F3-49D4-94F6-73D938C9CE00} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9119291-A62D-40B3-BA6D-7CFB3D527622} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{265181B9-3151-4AF5-9CBE-D54A0922A95D} => value not found. =========== EmptyTemp: ========== BITS transfer queue => 3622852 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 105836225 B Java, Flash, Steam htmlcache => 463570266 B Windows/system/drivers => 16290544 B Edge => 156501971 B Chrome => 353016819 B Firefox => 11517895 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 50022 B NetworkService => 128 B defaultuser1 => 128 B MONSTER => 17800886 B RecycleBin => 5365664 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 09:13:18 ====