Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015 Ran by user at 2015-01-08 09:40:30 Run:1 Running from C:\Users\user\Downloads Loaded Profile: user (Available profiles: USER_ & user) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 {27899312-155f-40f3-8661-fb6675d82b4b}Gw64; C:\Windows\System32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw64.sys [48784 2014-12-21] (StdLib) R1 {40d1e549-9fca-4f25-a19d-d845842dd635}Gw64; C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys [48784 2014-12-30] (StdLib) R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64; C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys [48776 2014-12-03] (StdLib) R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64; C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [48784 2014-12-15] (StdLib) R1 {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64; C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys [48784 2015-01-04] (StdLib) R1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64; C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys [48784 2015-01-06] (StdLib) R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64; C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [48784 2014-12-28] (StdLib) R1 {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64; C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [48776 2014-12-01] (StdLib) R1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64; C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys [48784 2014-12-18] (StdLib) R2 Update Hold Page; C:\Program Files (x86)\Hold Page\updateHoldPage.exe [529136 2015-01-07] () R2 Util Hold Page; C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe [529136 2015-01-07] () Task: {184B4C47-FF24-4F7C-8F92-F91488BD1FF4} - System32\Tasks\Yahoo! Search => C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\dsrlte.exe [2015-01-07] (Pay By Ads LTD) <==== ATTENTION Task: {4351D2E2-B783-40CB-962D-877C23883FB8} - System32\Tasks\Yahoo! Search Updater => C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\dsrsetup.exe [2015-01-07] (Pay By Ads LTD) <==== ATTENTION HKU\S-1-5-21-33010299-566735224-18553354-1003\...\Run: [Yahoo! Search] => C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\dsrlte.exe [634576 2015-01-07] (Pay By Ads LTD) HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKU\S-1-5-21-33010299-566735224-18553354-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na SearchScopes: HKU\S-1-5-21-33010299-566735224-18553354-1003 -> {DFE9D180-5155-46AA-B372-7D4A5B4C27EF} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=438 BHO-x32: Hold Page 1.0.0.6 -> {6c14185e-4de6-4a79-985b-19f23fd1e638} -> C:\Program Files (x86)\Hold Page\HoldPageBHO.dll (Hold Page) C:\Program Files\Enigma Software Group C:\Program Files\mks_vir_9 C:\Program Files (x86)\Mozilla Firefox C:\Users\user\AppData\Local\CrashRpt C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\user\AppData\Roaming\LavasoftStatistics C:\windows\BEAD140D65134B00AE0FD4A7222F0BF9.TMP C:\Windows\System32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw64.sys C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys Reg: reg delete HKCU\Software\Mozilla\Firefox /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /s ***************** Processes closed successfully. Restore point was successfully created. {27899312-155f-40f3-8661-fb6675d82b4b}Gw64 => Service stopped successfully. {27899312-155f-40f3-8661-fb6675d82b4b}Gw64 => Service deleted successfully. {40d1e549-9fca-4f25-a19d-d845842dd635}Gw64 => Service stopped successfully. {40d1e549-9fca-4f25-a19d-d845842dd635}Gw64 => Service deleted successfully. {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64 => Service stopped successfully. {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64 => Service deleted successfully. {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64 => Service stopped successfully. {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64 => Service deleted successfully. {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64 => Service stopped successfully. {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64 => Service deleted successfully. {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64 => Unable to stop service {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64 => Service deleted successfully. {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64 => Service stopped successfully. {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64 => Service deleted successfully. {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64 => Service stopped successfully. {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64 => Service deleted successfully. {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64 => Service stopped successfully. {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64 => Service deleted successfully. Update Hold Page => Unable to stop service Update Hold Page => Service deleted successfully. Util Hold Page => Unable to stop service Util Hold Page => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{184B4C47-FF24-4F7C-8F92-F91488BD1FF4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{184B4C47-FF24-4F7C-8F92-F91488BD1FF4}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4351D2E2-B783-40CB-962D-877C23883FB8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4351D2E2-B783-40CB-962D-877C23883FB8}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search Updater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => Key deleted successfully. HKU\S-1-5-21-33010299-566735224-18553354-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MfeEpePcMonitor => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully. C:\windows\system32\GroupPolicy\Machine => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-33010299-566735224-18553354-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKU\S-1-5-21-33010299-566735224-18553354-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFE9D180-5155-46AA-B372-7D4A5B4C27EF}" => Key deleted successfully. HKCR\CLSID\{DFE9D180-5155-46AA-B372-7D4A5B4C27EF} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c14185e-4de6-4a79-985b-19f23fd1e638}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6c14185e-4de6-4a79-985b-19f23fd1e638}" => Key deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files\mks_vir_9 => Moved successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Users\user\AppData\Local\CrashRpt => Moved successfully. C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\user\AppData\Roaming\LavasoftStatistics => Moved successfully. C:\windows\BEAD140D65134B00AE0FD4A7222F0BF9.TMP => Moved successfully. C:\Windows\System32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys => Moved successfully. ========= reg delete HKCU\Software\Mozilla\Firefox /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs blank REG_SZ res://mshtml.dll/blank.htm NoAdd-onsInfo REG_SZ res://ieframe.dll/noaddoninfo.htm InPrivate REG_SZ res://ieframe.dll/inprivate_win7.htm NavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NoAdd-ons REG_SZ res://ieframe.dll/noaddon.htm Home REG_DWORD 0x10e PostNotCached REG_SZ res://ieframe.dll/repost.htm DesktopItemNavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NavigationCanceled REG_SZ res://ieframe.dll/navcancl.htm SecurityRisk REG_SZ res://ieframe.dll/securityatrisk.htm ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs blank REG_SZ res://mshtml.dll/blank.htm NoAdd-onsInfo REG_SZ res://ieframe.dll/noaddoninfo.htm InPrivate REG_SZ res://ieframe.dll/inprivate_win7.htm NavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NoAdd-ons REG_SZ res://ieframe.dll/noaddon.htm Home REG_DWORD 0x10e PostNotCached REG_SZ res://ieframe.dll/repost.htm DesktopItemNavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NavigationCanceled REG_SZ res://ieframe.dll/navcancl.htm SecurityRisk REG_SZ res://ieframe.dll/securityatrisk.htm ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog 09:41:37 ====