Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01 Ran by Damian at 2014-11-28 18:54:47 Run:1 Running from C:\Users\Damian\Desktop Loaded Profile: Damian (Available profiles: Damian) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys [52920 2014-04-28] (StdLib) HKLM\...\Run: [] => [X] HKLM\...\Run: [fst_pl_146] => [X] HKLM\...\Run: [t4pc_en_7] => [X] Task: {4C620EA0-3D2F-4B25-9B7B-1CC851A210CA} - \SW-Booster-S-2112667740 No Task File <==== ATTENTION Task: C:\Windows\Tasks\SW-Booster-S-2112667740.job => c:\programdata\wideblue installer\sw-booster\SW-Booster.exe <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF Extension: seave on - C:\Program Files\Mozilla Firefox\browser\extensions\anykyqhj@bbauogixyi.co.uk [2014-11-10] FF Extension: MySearch - C:\Program Files\Mozilla Firefox\browser\extensions\eao6ztgc@mojz-srxg.com [2014-11-10] FF Extension: save on - C:\Program Files\Mozilla Firefox\browser\extensions\oiq1-sppb@aayooeua.edu [2014-11-10] FF Extension: MySearch - C:\Program Files\Mozilla Firefox\browser\extensions\qbagwu@kpgxuth.edu [2014-11-10] FF Extension: Adblocker - C:\Program Files\Mozilla Firefox\browser\extensions\t1bjkd.fe@aaaolreyi-.net [2014-11-10] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1404135934&from=smt&uid=395049983_1052451_48E04D95&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1404135934&from=smt&uid=395049983_1052451_48E04D95&q={searchTerms} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=2145&r=2014/06/30&hid=13539960392910098093&lg=EN&cc=PL&unqvl=56 SearchScopes: HKU\S-1-5-21-927793373-3573720154-1526932553-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-927793373-3573720154-1526932553-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=2145&r=2014/06/30&hid=13539960392910098093&lg=EN&cc=PL&unqvl=56 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk C:\ProgramData\TEMP C:\Users\Damian\AppData\Local\Google C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrustPortDiskProtectionWatchDog" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb} /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw => Service stopped successfully. {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fst_pl_146 => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\t4pc_en_7 => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C620EA0-3D2F-4B25-9B7B-1CC851A210CA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C620EA0-3D2F-4B25-9B7B-1CC851A210CA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW-Booster-S-2112667740" => Key deleted successfully. C:\Windows\Tasks\SW-Booster-S-2112667740.job => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Program Files\Mozilla Firefox\browser\extensions\anykyqhj@bbauogixyi.co.uk => Moved successfully. C:\Program Files\Mozilla Firefox\browser\extensions\eao6ztgc@mojz-srxg.com => Moved successfully. C:\Program Files\Mozilla Firefox\browser\extensions\oiq1-sppb@aayooeua.edu => Moved successfully. C:\Program Files\Mozilla Firefox\browser\extensions\qbagwu@kpgxuth.edu => Moved successfully. C:\Program Files\Mozilla Firefox\browser\extensions\t1bjkd.fe@aaaolreyi-.net => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. HKU\S-1-5-21-927793373-3573720154-1526932553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-927793373-3573720154-1526932553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Damian\AppData\Local\Google => Moved successfully. C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrustPortDiskProtectionWatchDog" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 377.6 MB temporary data. The system needed a reboot. ==== End of Fixlog ====