Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by dalewa at 2015-04-30 08:58:12 Run:2
Running from E:\diag
Loaded Profiles: dalewa (Available profiles: dalewa & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Startup: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.HTML [2015-03-30] ()
Startup: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.PNG [2015-03-30] ()
Startup: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.TXT [2015-03-30] ()
InternetURL: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1788223648-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...J0AC90207002070
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF SearchPlugin: C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\searchplugins\V9.xml [2015-03-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml [2015-03-29]
FF Extension: Fast Start - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\Extensions\istart_ffnt@gmail.com [2015-03-29]
FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\extensions\detgdp@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\extensions\istart_ffnt@gmail.com
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2014-08-28] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [X]
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2015-04-14] ()
S3 FTDIBUS; system32\drivers\ftdibus.sys [X]
S3 FTSER2K; system32\drivers\ftser2k.sys [X]
S3 MGHwCtrl; \??\U:\RESCUE\MGHwCtrl.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S2 SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
C:\windows\system32\Drivers\EsgScanner.sys
C:\HELP_DECRYPT.*
C:\Documents and Settings\dalewa\Dane aplikacji\HELP_DECRYPT.*
C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.*
C:\Documents and Settings\All Users\HELP_DECRYPT.*
C:\Documents and Settings\dalewa\TempWmicBatchFile.bat
C:\Documents and Settings\Administrator\Pulpit\GRY\Call of Duty dla jednego gracza.lnk
C:\Documents and Settings\Administrator\Pulpit\GRY\Call of Duty dla wielu graczy.lnk
C:\Documents and Settings\Administrator\NetHood\SharedDocs na DOM (Sławek)\target.lnk
C:\Documents and Settings\Administrator\NetHood\d na DOM (Sławek)\target.lnk
C:\Documents and Settings\Administrator\Menu Start\Programy\XP Codec Pack 2.5.1\Codec Detective.lnk
C:\Documents and Settings\Administrator\Menu Start\Programy\XP Codec Pack 2.5.1\Media Player Classic.lnk
C:\Documents and Settings\Administrator\Menu Start\Programy\XP Codec Pack 2.5.1\Readme.lnk
C:\Documents and Settings\Administrator\Menu Start\Programy\VAG-COM-PL\LCode.lnk
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software) -> hxxp://www.delta-homes.com/?type=sc&ts=1418843543&from=wpm12173&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070
ShortcutWithArgument: C:\Documents and Settings\dalewa\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software) -> hxxp://www.delta-homes.com/?type=sc&ts=1418843543&from=wpm12173&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070
InternetURL: C:\Documents and Settings\Administrator\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
InternetURL: C:\Documents and Settings\Administrator\Ustawienia lokalne\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
InternetURL: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
InternetURL: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
InternetURL: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
InternetURL: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx
EmptyTemp:
*****************

C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.HTML not found.
C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.PNG not found.
C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.TXT not found.
C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.URL not found.
"C:\windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-839522115-1788223648-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found. 
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\searchplugins\V9.xml" => not found.
"C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml" => not found.
C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\Extensions\istart_ffnt@gmail.com => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\detgdp@gmail.com => Value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\istart_ffnt@gmail.com => Value not found.
C:\Program Files\mozilla firefox\firefox.cfg => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg => Key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
iSafeService => Service not found.
EsgScanner => Service deleted successfully.
FTDIBUS => Service deleted successfully.
FTSER2K => Service deleted successfully.
MGHwCtrl => Service deleted successfully.
netfilter2 => Service deleted successfully.
Rts516xIR => Service deleted successfully.
SSPORT => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\windows\system32\Drivers\EsgScanner.sys => Moved successfully.
C:\HELP_DECRYPT.* => Moved successfully.
C:\Documents and Settings\dalewa\Dane aplikacji\HELP_DECRYPT.* => Moved successfully.
C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.* => Moved successfully.
C:\Documents and Settings\All Users\HELP_DECRYPT.* => Moved successfully.
C:\Documents and Settings\dalewa\TempWmicBatchFile.bat => Moved successfully.
C:\Documents and Settings\Administrator\Pulpit\GRY\Call of Duty dla jednego gracza.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Pulpit\GRY\Call of Duty dla wielu graczy.lnk => Moved successfully.
C:\Documents and Settings\Administrator\NetHood\SharedDocs na DOM (Sławek)\target.lnk => Moved successfully.
C:\Documents and Settings\Administrator\NetHood\d na DOM (Sławek)\target.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Menu Start\Programy\XP Codec Pack 2.5.1\Codec Detective.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Menu Start\Programy\XP Codec Pack 2.5.1\Media Player Classic.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Menu Start\Programy\XP Codec Pack 2.5.1\Readme.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Menu Start\Programy\VAG-COM-PL\LCode.lnk => Moved successfully.
C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk => Shortcut argument was removed successfully.
C:\Documents and Settings\dalewa\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Opera.lnk => Shortcut argument was removed successfully.
C:\Documents and Settings\Administrator\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\HELP_DECRYPT.URL => Moved successfully.
EmptyTemp: => Removed 507.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 08:59:32 ====