Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015 Ran by Sergiusz (2015-07-30 16:33:10) Run:1 Running from C:\Users\Sergiusz\Desktop Loaded Profiles: Sergiusz (Available Profiles: Sergiusz) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {0509FAF6-07A9-4F6E-90EC-783847EB937C} - System32\Tasks\PFExe => C:\Users\Sergiusz\AppData\Local\PriceFountain\pricefountain.exe Task: {82EFEAAF-951A-42E9-812F-8B664530633C} - System32\Tasks\HealthBooster => c:\programdata\{39724e61-4869-7441-3972-24e614863985}\arksurvivalevolvedfreedownloadfullversionpcgame.exe-1437673382842.exe <==== ATTENTION C:\Users\Sergiusz\AppData\Local\PriceFountain c:\programdata\{39724e61-4869-7441-3972-24e614863985} Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f HKU\S-1-5-21-2962764545-2036589733-128886746-1000\...\Run: [BingSvc] => C:\Users\Sergiusz\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (Sale Clipper) - C:\Users\Sergiusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlhikpaegeblidjhkeefjdjegganhpg [2015-07-23] OPR Extension: (Sale Clipper) - C:\Users\Sergiusz\AppData\Roaming\Opera Software\Opera Stable\Extensions\odlhikpaegeblidjhkeefjdjegganhpg [2015-07-23] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 wasvc_1.10.0.19; "C:\Program Files (x86)\WordAnchor_1.10.0.19\Service\wasvc.exe" [X] C:\Program Files (x86)\WordAnchor_1.10.0.19 C:\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi C:\ProgramData\14517000821272660046 C:\Windows\Tasks\HealthBooster.job C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b C:\Windows\System32\Tasks\HealthBooster C:\Windows\Tasks\HealthBooster.job EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0509FAF6-07A9-4F6E-90EC-783847EB937C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0509FAF6-07A9-4F6E-90EC-783847EB937C}" => key removed successfully C:\Windows\System32\Tasks\PFExe => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PFExe" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82EFEAAF-951A-42E9-812F-8B664530633C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82EFEAAF-951A-42E9-812F-8B664530633C}" => key removed successfully C:\Windows\System32\Tasks\HealthBooster => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HealthBooster" => key removed successfully "C:\Users\Sergiusz\AppData\Local\PriceFountain" => File/Folder not found. "c:\programdata\{39724e61-4869-7441-3972-24e614863985}" => File/Folder not found. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= HKU\S-1-5-21-2962764545-2036589733-128886746-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully C:\Users\Sergiusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlhikpaegeblidjhkeefjdjegganhpg => moved successfully. C:\Users\Sergiusz\AppData\Roaming\Opera Software\Opera Stable\Extensions\odlhikpaegeblidjhkeefjdjegganhpg => moved successfully. gupdate => service removed successfully gupdatem => service removed successfully wasvc_1.10.0.19 => service removed successfully "C:\Program Files (x86)\WordAnchor_1.10.0.19" => File/Folder not found. C:\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi => moved successfully. C:\ProgramData\14517000821272660046 => moved successfully. C:\Windows\Tasks\HealthBooster.job => moved successfully. C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b => moved successfully. "C:\Windows\System32\Tasks\HealthBooster" => File/Folder not found. "C:\Windows\Tasks\HealthBooster.job" => File/Folder not found. EmptyTemp: => 660.6 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:33:50 ====