Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015 Ran by Live at 2015-07-28 21:30:55 Run:1 Running from C:\Users\Live\Desktop Loaded Profiles: Live (Available Profiles: Live) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: (Pay By Ads LTD) C:\Users\Live\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\...\Run: [Yahoo! Search] => C:\Users\Live\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [660736 2015-07-28] (Pay By Ads LTD) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsimple-a.akamaihd.net/?affID=prA-00 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_tele_15_06&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0A0Azzzy0DtAtBtBtC0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0E0F0FtB0DtByBtG0C0FtDzztGyDyDzz0BtGtByE0A0DtGyCzz0CtA0E0A0FyDtAtCyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0B0C0ByCyByDyCtGtDtAyC0EtGyEyE0A0DtG0A0ByB0FtGzytA0DtDtC0Bzzzy0DtCyE0A2Q&cr=1171097245&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_tele_15_06&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0A0Azzzy0DtAtBtBtC0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0E0F0FtB0DtByBtG0C0FtDzztGyDyDzz0BtGtByE0A0DtGyCzz0CtA0E0A0FyDtAtCyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0B0C0ByCyByDyCtGtDtAyC0EtGyEyE0A0DtG0A0ByB0FtGzytA0DtDtC0Bzzzy0DtCyE0A2Q&cr=1171097245&ir= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2327678848-2729833923-3921942238-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchsimple-a.akamaihd.net/?affID=prA-00&q={searchTerms}&r=447 SearchScopes: HKU\S-1-5-21-2327678848-2729833923-3921942238-1001 -> OldSearch URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_tele_15_06&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0A0Azzzy0DtAtBtBtC0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0E0F0FtB0DtByBtG0C0FtDzztGyDyDzz0BtGtByE0A0DtGyCzz0CtA0E0A0FyDtAtCyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0B0C0ByCyByDyCtGtDtAyC0EtGyEyE0A0DtG0A0ByB0FtGzytA0DtDtC0Bzzzy0DtCyE0A2Q&cr=1171097245&ir= SearchScopes: HKU\S-1-5-21-2327678848-2729833923-3921942238-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchsimple-a.akamaihd.net/?affID=prA-00&q={searchTerms}&r=447 FF NewTab: hxxp://searchsimple-a.akamaihd.net/?m=tab&affID=prA-00 FF Homepage: hxxp://searchsimple-a.akamaihd.net/?affID=prA-00 FF Keyword.URL: hxxp://searchsimple-a.akamaihd.net/?q= FF Extension: Techgile 1.0.1 - C:\Users\Live\AppData\Roaming\Mozilla\Firefox\Profiles\0hx80260.default\Extensions\{f8cb8569-1f1b-4031-9006-6efba1b07d17}.xpi [2014-12-27] 2015-07-15 22:27 - 2015-07-15 22:28 - 00532784 _____ C:\Users\Live\Downloads\cacaoweb.exe C:\Users\Live\Downloads\cacaoweb.exe 2015-07-28 18:22 - 2015-02-05 20:51 - 00000000 ____D C:\Users\Live\AppData\Local\Binkiland 2015-06-28 14:21 - 2014-12-29 23:03 - 00000159 _____ C:\Users\Live\AppData\Roaming\WB.CFG 2015-02-16 21:49 - 2015-03-01 01:49 - 0000010 _____ () C:\Users\Live\AppData\Local\DSI.DAT 2015-03-13 19:33 - 2015-04-12 15:30 - 0274045 _____ () C:\Users\Live\AppData\Local\dsi1.dat 2015-03-13 19:33 - 2015-04-12 15:30 - 0161916 _____ () C:\Users\Live\AppData\Local\dsi2.dat 2015-02-16 21:49 - 2015-02-16 21:49 - 0022528 _____ () C:\Users\Live\AppData\Local\dsisetup361314692.exe 2014-12-29 23:03 - 2015-06-28 14:21 - 0000159 _____ () C:\Users\Live\AppData\Roaming\WB.CFG C:\Users\Live\ZHPCleaner.exe Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION Yahoo! Search (HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION Task: {C15B31FC-837A-47BA-BFAF-76E7359D5652} - System32\Tasks\Yahoo! Search Updater => Wscript.exe //B "C:\Users\Live\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\..\updt.js" <==== ATTENTION FirewallRules: [TCP Query User{E51885AD-1C94-462D-8A39-EE3641ED15A1}C:\users\live\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\live\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [UDP Query User{A62C016F-3095-44F6-BE03-7BCFC6EE35D7}C:\users\live\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\live\appdata\roaming\cacaoweb\cacaoweb.exe EmptyTemp: end ***************** Processes closed successfully. Restore point was successfully created. C:\Users\Live\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe => No running process found HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully HKCR\CLSID\OldSearch => key not found. "HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. Firefox newtab removed successfully Firefox homepage removed successfully Firefox Keyword.URL removed successfully C:\Users\Live\AppData\Roaming\Mozilla\Firefox\Profiles\0hx80260.default\Extensions\{f8cb8569-1f1b-4031-9006-6efba1b07d17}.xpi => moved successfully. C:\Users\Live\Downloads\cacaoweb.exe => moved successfully. "C:\Users\Live\Downloads\cacaoweb.exe" => File/Folder not found. C:\Users\Live\AppData\Local\Binkiland => moved successfully. C:\Users\Live\AppData\Roaming\WB.CFG => moved successfully. C:\Users\Live\AppData\Local\DSI.DAT => moved successfully. C:\Users\Live\AppData\Local\dsi1.dat => moved successfully. C:\Users\Live\AppData\Local\dsi2.dat => moved successfully. C:\Users\Live\AppData\Local\dsisetup361314692.exe => moved successfully. "C:\Users\Live\AppData\Roaming\WB.CFG" => File/Folder not found. C:\Users\Live\ZHPCleaner.exe => moved successfully. Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION => Error: No automatic fix found for this entry. Yahoo! Search (HKU\S-1-5-21-2327678848-2729833923-3921942238-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C15B31FC-837A-47BA-BFAF-76E7359D5652}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C15B31FC-837A-47BA-BFAF-76E7359D5652}" => key removed successfully C:\Windows\System32\Tasks\Yahoo! Search Updater => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E51885AD-1C94-462D-8A39-EE3641ED15A1}C:\users\live\appdata\roaming\cacaoweb\cacaoweb.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A62C016F-3095-44F6-BE03-7BCFC6EE35D7}C:\users\live\appdata\roaming\cacaoweb\cacaoweb.exe => value removed successfully EmptyTemp: => 91.4 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 21:31:47 ====