Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Paula at 2015-06-02 22:09:32 Run:1 Running from C:\Users\Paula\Downloads Loaded Profiles: Paula (Available Profiles: Paula) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: R1 {1fceab11-b7eb-4010-811f-3f56268f9366}Gw64; C:\Windows\System32\drivers\{1fceab11-b7eb-4010-811f-3f56268f9366}Gw64.sys [48776 2014-12-30] (StdLib) R1 {2b4f8230-394e-4951-9495-bafd44d837da}Gw64; C:\Windows\System32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gw64.sys [48776 2014-12-27] (StdLib) R1 {3211ae5b-d056-4176-9f6e-b51496f003f1}Gw64; C:\Windows\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}Gw64.sys [48776 2014-12-11] (StdLib) R1 {3283b201-5c22-4a7d-8767-24ec5d376ea3}Gw64; C:\Windows\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}Gw64.sys [48776 2014-12-09] (StdLib) R1 {34cccceb-a541-48ac-a26b-92818f06439d}Gw64; C:\Windows\System32\drivers\{34cccceb-a541-48ac-a26b-92818f06439d}Gw64.sys [48776 2015-01-02] (StdLib) R1 {47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64; C:\Windows\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64.sys [48776 2014-12-15] (StdLib) R1 {8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64; C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64.sys [48776 2014-12-21] (StdLib) R1 {97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gw64; C:\Windows\System32\drivers\{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gw64.sys [48776 2014-12-24] (StdLib) R1 {993baf86-643c-42e9-95e5-094f337533f0}Gw64; C:\Windows\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}Gw64.sys [48776 2014-12-18] (StdLib) R1 {9eaa49e2-6918-49c4-9a04-be590dd80dc6}Gw64; C:\Windows\System32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}Gw64.sys [48776 2015-01-05] (StdLib) R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption) R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-23] (Corsica) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\...\Firefox\Extensions: [{90344A70-EE77-AEF2-6F86-28FB25040EDE}] - C:\Program Files (x86)\ver1SpeedCheck\184.xpi FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com/web/?type=ds&ts=1418161599&from=cor&uid=HitachiXHTS547575A9E384_J2140054FY1JAAFY1JAAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com/web/?type=ds&ts=1418161599&from=cor&uid=HitachiXHTS547575A9E384_J2140054FY1JAAFY1JAAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_960mB0xkw-HWovJZ93XGZ80FcSjXIMBclkbVRn2Rg2b20No_WIBK6855c9WcGyLXPvjKih2dyhQ2lhckPExLZYO417MuO8PcFGr6UUAjpjpdj5wmoCU3GdIv1-w73j-pMoQZx6ZpEWwf&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3488301984-1419051250-2166679065-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3488301984-1419051250-2166679065-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_960mB0xkw-HWovJZ93XGZ80FcSjXIMBclkbVRn2Rg2b20No_WIBK6855c9WcGyLXPvjKih2dyhQ2lhckPExLZYO417MuO8PcFGr6UUAjpjpdj5wmoCU3GdIv1-w73j-pMoQZx6ZpEWwY&q={searchTerms} SearchScopes: HKU\S-1-5-21-3488301984-1419051250-2166679065-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3488301984-1419051250-2166679065-1002 -> {D9DFA36E-064F-482C-B041-BFBE00CE54B8} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=353 SearchScopes: HKU\S-1-5-21-3488301984-1419051250-2166679065-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" C:\Program Files (x86)\Google C:\Program Files (x86)\Mozilla Firefox\plugins C:\Program Files (x86)\ver1SpeedCheck C:\Users\Paula\AppData\Local\Google C:\Users\Paula\AppData\Roaming\sp_data.sys C:\Users\Paula\AppData\Roaming\TMVHZJB.exe C:\Users\Paula\AppData\Roaming\WEZSFQQ.exe C:\Users\Public\Desktop\ASUS\Entertainment\Game Park Console.lnk C:\Windows\System32\drivers\{1fceab11-b7eb-4010-811f-3f56268f9366}Gw64.sys C:\Windows\System32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gw64.sys C:\Windows\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}Gw64.sys C:\Windows\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}Gw64.sys C:\Windows\System32\drivers\{34cccceb-a541-48ac-a26b-92818f06439d}Gw64.sys C:\Windows\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64.sys C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64.sys C:\Windows\System32\drivers\{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gw64.sys C:\Windows\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}Gw64.sys C:\Windows\System32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}Gw64.sys C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys C:\Windows\system32\drivers\webinstrNewH.sys Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b} /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. {1fceab11-b7eb-4010-811f-3f56268f9366}Gw64 => Service stopped successfully. {1fceab11-b7eb-4010-811f-3f56268f9366}Gw64 => Service Removed successfully {2b4f8230-394e-4951-9495-bafd44d837da}Gw64 => Service stopped successfully. {2b4f8230-394e-4951-9495-bafd44d837da}Gw64 => Service Removed successfully {3211ae5b-d056-4176-9f6e-b51496f003f1}Gw64 => Service stopped successfully. {3211ae5b-d056-4176-9f6e-b51496f003f1}Gw64 => Service Removed successfully {3283b201-5c22-4a7d-8767-24ec5d376ea3}Gw64 => Service stopped successfully. {3283b201-5c22-4a7d-8767-24ec5d376ea3}Gw64 => Service Removed successfully {34cccceb-a541-48ac-a26b-92818f06439d}Gw64 => Service stopped successfully. {34cccceb-a541-48ac-a26b-92818f06439d}Gw64 => Service Removed successfully {47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64 => Service stopped successfully. {47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64 => Service Removed successfully {8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64 => Service stopped successfully. {8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64 => Service Removed successfully {97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gw64 => Service stopped successfully. {97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gw64 => Service Removed successfully {993baf86-643c-42e9-95e5-094f337533f0}Gw64 => Service stopped successfully. {993baf86-643c-42e9-95e5-094f337533f0}Gw64 => Service Removed successfully {9eaa49e2-6918-49c4-9a04-be590dd80dc6}Gw64 => Service stopped successfully. {9eaa49e2-6918-49c4-9a04-be590dd80dc6}Gw64 => Service Removed successfully ccnfd_1_10_0_5 => Unable to stop service. ccnfd_1_10_0_5 => Service Removed successfully webinstrNewH => Service stopped successfully. webinstrNewH => Service Removed successfully C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => key Removed successfully HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Mozilla\Firefox\Extensions\\{90344A70-EE77-AEF2-6F86-28FB25040EDE} => value Removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key Removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key Removed successfully "HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\Software\Microsoft\Internet Explorer\Main\\Search Bar => value Removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key Removed successfully HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key Removed successfully HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully "HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key Removed successfully HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. "HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9DFA36E-064F-482C-B041-BFBE00CE54B8}" => key Removed successfully HKCR\CLSID\{D9DFA36E-064F-482C-B041-BFBE00CE54B8} => key not found. "HKU\S-1-5-21-3488301984-1419051250-2166679065-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key Removed successfully HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found. HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value Removed successfully "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key Removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value not found. HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value Removed successfully "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key Removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key Removed successfully C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Program Files (x86)\ver1SpeedCheck => Moved successfully. "C:\Users\Paula\AppData\Local\Google" => File/Folder not found. C:\Users\Paula\AppData\Roaming\sp_data.sys => Moved successfully. C:\Users\Paula\AppData\Roaming\TMVHZJB.exe => Moved successfully. C:\Users\Paula\AppData\Roaming\WEZSFQQ.exe => Moved successfully. C:\Users\Public\Desktop\ASUS\Entertainment\Game Park Console.lnk => Moved successfully. C:\Windows\System32\drivers\{1fceab11-b7eb-4010-811f-3f56268f9366}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{34cccceb-a541-48ac-a26b-92818f06439d}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys => Moved successfully. C:\Windows\system32\drivers\webinstrNewH.sys => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 22:11:55 ====