Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by mirra at 2015-01-30 19:52:20 Run:1
Running from C:\Users\mirra\Downloads
Loaded Profiles: mirra (Available profiles: mirra)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX"
CHR DefaultSearchKeyword: Default -> omiga-plus
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\mirra\AppData\Roaming\Mozilla\Firefox\Profiles\wi0p2q8g.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\mirra\AppData\Roaming\Mozilla\Firefox\Profiles\wi0p2q8g.default\extensions\faststartff@gmail.com
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx [2013-06-13]
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [Not Found]
GroupPolicyUsers\S-1-5-21-564767970-4186023011-380315173-1000\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-564767970-4186023011-380315173-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
HKU\S-1-5-21-564767970-4186023011-380315173-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-564767970-4186023011-380315173-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-564767970-4186023011-380315173-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422391891&from=cor&uid=HitachiXHTS547575A9E384_J2540054J3ZNTEJ3ZNTEX&q={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CustomCLSID: HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mirra\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mirra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mirra\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {5384B913-52FC-4B56-8482-5B4F92AE9D34} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {6DD3AC14-94AA-47B0-8763-EAE57D273563} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {88C6A8CA-71F3-4178-B80A-19893AB30BBB} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {D56931E0-CFF4-4F9B-B864-6A271341731C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
HKLM\...\Run: [] => [X]
BootExecute: autocheck autochk * sdnclean64.exe
S1 SBRE; No ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
C:\ProgramData\{*}.log
C:\Users\mirra\AppData\Local\{8AED41B0-2002-4217-ACEB-40285C17092B}
C:\Users\mirra\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\mirra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage*
C:\Users\mirra\AppData\Roaming\Opera Software\Opera Stable\Local Storage\*localstorage*
C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Math Problem Solver
C:\Users\mirra\Downloads\*(*)-dp*.exe
C:\Users\mirra\Downloads\11737-FVDSetup_sciagnij.exe
C:\Windows\system32\SET*.tmp
CMD: for /d %f in (C:\Users\mirra\AppData\Local\{*}) do rd /s /q "%f"
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole" => Key deleted successfully.
C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp" => Key deleted successfully.
C:\windows\system32\GroupPolicyUsers\S-1-5-21-564767970-4186023011-380315173-1000\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\S-1-5-21-564767970-4186023011-380315173-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-564767970-4186023011-380315173-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKU\S-1-5-21-564767970-4186023011-380315173-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-564767970-4186023011-380315173-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-564767970-4186023011-380315173-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5384B913-52FC-4B56-8482-5B4F92AE9D34}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5384B913-52FC-4B56-8482-5B4F92AE9D34}" => Key deleted successfully.
C:\Windows\System32\Tasks\SvcDelay => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SvcDelay" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DD3AC14-94AA-47B0-8763-EAE57D273563}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD3AC14-94AA-47B0-8763-EAE57D273563}" => Key deleted successfully.
C:\Windows\System32\Tasks\EasyPartitionManager => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyPartitionManager" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88C6A8CA-71F3-4178-B80A-19893AB30BBB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88C6A8CA-71F3-4178-B80A-19893AB30BBB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Express Files Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D56931E0-CFF4-4F9B-B864-6A271341731C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D56931E0-CFF4-4F9B-B864-6A271341731C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
SBRE => Service deleted successfully.
pccsmcfd => Service deleted successfully.
C:\ProgramData\{*}.log => Moved successfully.
C:\Users\mirra\AppData\Local\{8AED41B0-2002-4217-ACEB-40285C17092B} => Moved successfully.
C:\Users\mirra\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully.
C:\Users\mirra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully.
C:\Users\mirra\AppData\Roaming\Opera Software\Opera Stable\Local Storage\*localstorage* => Moved successfully.
C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Math Problem Solver => Moved successfully.
C:\Users\mirra\Downloads\*(*)-dp*.exe => Moved successfully.
C:\Users\mirra\Downloads\11737-FVDSetup_sciagnij.exe => Moved successfully.
C:\Windows\system32\SET*.tmp => Moved successfully.

=========  for /d %f in (C:\Users\mirra\AppData\Local\{*}) do rd /s /q "%f" =========


========= End of CMD: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Bť¤D: System nie znalaz w rejestrze okrelonego klucza albo wartoci.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Bť¤D: System nie znalaz w rejestrze okrelonego klucza albo wartoci.


========= End of Reg: =========

EmptyTemp: => Removed 2.6 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:54:40 ====