CloseProcesses:
CreateRestorePoint:
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX"
CHR DefaultSearchKeyword: Default -> omiga-plus
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\mirra\AppData\Roaming\Mozilla\Firefox\Profiles\wi0p2q8g.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\mirra\AppData\Roaming\Mozilla\Firefox\Profiles\wi0p2q8g.default\extensions\faststartff@gmail.com
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx [2013-06-13]
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [Not Found]
GroupPolicyUsers\S-1-5-21-564767970-4186023011-380315173-1000\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-564767970-4186023011-380315173-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKU\S-1-5-21-564767970-4186023011-380315173-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-564767970-4186023011-380315173-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-564767970-4186023011-380315173-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CustomCLSID: HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mirra\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mirra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mirra\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {5384B913-52FC-4B56-8482-5B4F92AE9D34} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {6DD3AC14-94AA-47B0-8763-EAE57D273563} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {88C6A8CA-71F3-4178-B80A-19893AB30BBB} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {D56931E0-CFF4-4F9B-B864-6A271341731C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
HKLM\...\Run: [] => [X]
BootExecute: autocheck autochk * sdnclean64.exe
S1 SBRE; No ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
C:\ProgramData\{*}.log
C:\Users\mirra\AppData\Local\{8AED41B0-2002-4217-ACEB-40285C17092B}
C:\Users\mirra\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\mirra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage*
C:\Users\mirra\AppData\Roaming\Opera Software\Opera Stable\Local Storage\*localstorage*
C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Math Problem Solver
C:\Users\mirra\Downloads\*(*)-dp*.exe
C:\Users\mirra\Downloads\11737-FVDSetup_sciagnij.exe
C:\Windows\system32\SET*.tmp
CMD: for /d %f in (C:\Users\mirra\AppData\Local\{*}) do rd /s /q "%f"
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp: