Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 Ran by Rafał at 2015-05-24 16:45:43 Run:1 Running from C:\Users\Rafał\Downloads Loaded Profiles: Rafał (Available Profiles: Rafał) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1432142901&z=fe9e96c2f9bba27db48de62g0z6c5o6g9z4oab3t7t&from=wpm05203&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1432142901&z=fe9e96c2f9bba27db48de62g0z6c5o6g9z4oab3t7t&from=wpm05203&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422989154&from=cor&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422989154&from=cor&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1432142901&z=fe9e96c2f9bba27db48de62g0z6c5o6g9z4oab3t7t&from=wpm05203&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1432142901&z=fe9e96c2f9bba27db48de62g0z6c5o6g9z4oab3t7t&from=wpm05203&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422989154&from=cor&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422989154&from=cor&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585&q={searchTerms} HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422989191&from=cor&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585&q={searchTerms} HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1432142901&z=fe9e96c2f9bba27db48de62g0z6c5o6g9z4oab3t7t&from=wpm05203&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585 HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1432142901&z=fe9e96c2f9bba27db48de62g0z6c5o6g9z4oab3t7t&from=wpm05203&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585 HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422989191&from=cor&uid=WDCXWD5000AAKX-08ERMA0_WD-WCC2ES90658506585&q={searchTerms} SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.webisawsome.info/?l=1&q={searchTerms}&pid=34&r=2014/02/19&hid=4921377448043011931&lg=EN&cc=PL&unqvl=49 SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {3DA9F426-42D2-4BA2-94A8-2E3F5582F2C0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {DD7E9A8E-6F15-44C3-8621-40805CA1FFAC} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3649748547-3529485049-2285032309-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib) R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [44688 2014-09-21] (StdLib) S3 ALSysIO; \??\C:\Users\RAFA~1\AppData\Local\Temp\ALSysIO64.sys [X] S3 ESEADriver2; \??\C:\Users\RAFA~1\AppData\Local\Temp\ESEADriver2.sys [X] Task: {23CCB286-2528-4179-BFB6-22B8AB4274B5} - \GoforFilesUpdate No Task File <==== ATTENTION Task: {7280E84F-A575-4B9E-8570-5A73950589A9} - \FoxTab No Task File <==== ATTENTION Task: {A7F65B3D-A6B8-41A1-A545-F7E446E04344} - System32\Tasks\{D7B21016-DE73-455B-AE79-7ACF0DD74B6A} => pcalua.exe -a C:\Users\Rafał\Downloads\deluxe.ski.jump_idg_downloader_894_gry.exe -d C:\Users\Rafał\Downloads Task: {CD821D24-3AA1-44E0-9344-F88892B21CBD} - \DealPly No Task File <==== ATTENTION Task: {F98D346A-4FC8-4637-85FF-318BE030B16A} - System32\Tasks\{8B238A45-056B-4540-BE8D-07403FEF434B} => pcalua.exe -a C:\Users\Rafał\Desktop\mafia11-13pl.exe -d C:\Users\Rafał\Desktop EmptyTemp: ***************** Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key Removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key Removed successfully HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key Removed successfully HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key Removed successfully HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key Removed successfully HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3DA9F426-42D2-4BA2-94A8-2E3F5582F2C0}" => key Removed successfully HKCR\CLSID\{3DA9F426-42D2-4BA2-94A8-2E3F5582F2C0} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key Removed successfully HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD7E9A8E-6F15-44C3-8621-40805CA1FFAC}" => key Removed successfully HKCR\CLSID\{DD7E9A8E-6F15-44C3-8621-40805CA1FFAC} => key not found. "HKU\S-1-5-21-3649748547-3529485049-2285032309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key Removed successfully HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. {55685567-4840-4a91-962b-49a412e9485a}Gw64 => Service stopped successfully. {55685567-4840-4a91-962b-49a412e9485a}Gw64 => Service Removed successfully {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64 => Service stopped successfully. {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64 => Service Removed successfully ALSysIO => Service Removed successfully ESEADriver2 => Service Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23CCB286-2528-4179-BFB6-22B8AB4274B5}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23CCB286-2528-4179-BFB6-22B8AB4274B5}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7280E84F-A575-4B9E-8570-5A73950589A9}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7280E84F-A575-4B9E-8570-5A73950589A9}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7F65B3D-A6B8-41A1-A545-F7E446E04344}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F65B3D-A6B8-41A1-A545-F7E446E04344}" => key Removed successfully C:\Windows\System32\Tasks\{D7B21016-DE73-455B-AE79-7ACF0DD74B6A} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7B21016-DE73-455B-AE79-7ACF0DD74B6A}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD821D24-3AA1-44E0-9344-F88892B21CBD}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD821D24-3AA1-44E0-9344-F88892B21CBD}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F98D346A-4FC8-4637-85FF-318BE030B16A}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F98D346A-4FC8-4637-85FF-318BE030B16A}" => key Removed successfully C:\Windows\System32\Tasks\{8B238A45-056B-4540-BE8D-07403FEF434B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8B238A45-056B-4540-BE8D-07403FEF434B}" => key Removed successfully EmptyTemp: => Removed 580.3 MB temporary data. The system needed a reboot. ==== End of Fixlog 16:46:02 ====