Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015 Ran by Komputer (2015-08-20 20:04:59) Run:1 Running from C:\Users\Komputer\Desktop Loaded Profiles: Komputer (Available Profiles: Komputer) Boot Mode: Normal ============================================== fixlist content: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1969771943-1992250132-2515998065-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f C:\Users\Public\AlexaNSISPlugin.4388.dll C:\ProgramData\19e5eb8800006947 C:\ProgramData\2289201406361604925 C:\ProgramData\393af48300007833 C:\Program Files (x86)\SystemSafeguard R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib) R1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112 2014-05-26] (StdLib) R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-04-28] (StdLib) C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys S4 24b98b58; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaRunner\BocaRunner.dll",serv S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] c:\Program Files (x86)\BocaRunner R2 fd3b02ee; c:\Program Files (x86)\SystemSafeguard\SystemSafeguard.dll [2712576 2015-08-13] () [File not signed] c:\Program Files (x86)\SystemSafeguard FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Komputer\AppData\Roaming\Mozilla\Firefox\Profiles\r60vco4w.default-1401830103760\extensions\searchengine@gmail.com FF Extension: Mini - Adblocker - C:\Users\Komputer\AppData\Roaming\Mozilla\Firefox\Profiles\nu54x2o1.default-1428679692836\Extensions\pxxavgpylscurt@jtkokkcabntoqiggjz.org [2015-08-14] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File] Toolbar: HKU\S-1-5-21-1969771943-1992250132-2515998065-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9&q={searchTerms} HKU\S-1-5-21-1969771943-1992250132-2515998065-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427367248&from=wpc&uid=ST500LT012-9WS142_W0V15EA9XXXXW0V15EA9 EmptyTemp: ***************** "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKU\S-1-5-21-1969771943-1992250132-2515998065-1001\SOFTWARE\Policies\Google" => key removed successfully ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= C:\Users\Public\AlexaNSISPlugin.4388.dll => moved successfully C:\ProgramData\19e5eb8800006947 => moved successfully C:\ProgramData\2289201406361604925 => moved successfully C:\ProgramData\393af48300007833 => moved successfully "C:\Program Files (x86)\SystemSafeguard" => File/Folder not found. {55685567-4840-4a91-962b-49a412e9485a}Gw64 => Service stopped successfully. {55685567-4840-4a91-962b-49a412e9485a}Gw64 => service removed successfully {55685567-4840-4a91-962b-49a412e9485a}w64 => Service stopped successfully. {55685567-4840-4a91-962b-49a412e9485a}w64 => service removed successfully {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Service stopped successfully. {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => service removed successfully C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys => moved successfully C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys => moved successfully C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys => moved successfully 24b98b58 => service removed successfully gupdate => service removed successfully gupdatem => service removed successfully McAfee SiteAdvisor Service => service removed successfully "c:\Program Files (x86)\BocaRunner" => File/Folder not found. fd3b02ee => service not found. "c:\Program Files (x86)\SystemSafeguard" => File/Folder not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\searchengine@gmail.com => value removed successfully C:\Users\Komputer\AppData\Roaming\Mozilla\Firefox\Profiles\nu54x2o1.default-1428679692836\Extensions\pxxavgpylscurt@jtkokkcabntoqiggjz.org => moved successfully C:\Users\Komputer\AppData\Roaming\Mozilla\Firefox\Profiles\nu54x2o1.default-1428679692836\Extensions\pxxavgpylscurt@jtkokkcabntoqiggjz.org => path removed successfully"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully HKU\S-1-5-21-1969771943-1992250132-2515998065-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-1969771943-1992250132-2515998065-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully EmptyTemp: => 5.7 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 20:08:23 ====