Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 03
Ran by Blysku at 2015-03-09 09:45:24 Run:2
Running from C:\Users\Blysku\Desktop
Loaded Profiles: Blysku (Available profiles: Błysku & Blysku)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hppp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424673280&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hppp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424673280&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&q={searchTerms}
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dspp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&q={searchTerms}
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hppp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hppp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dspp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&q={searchTerms}
SearchScopes: HKU\S-1-5-21-859423121-132849420-3883132106-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dspp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&q={searchTerms}
SearchScopes: HKU\S-1-5-21-859423121-132849420-3883132106-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&ts=1424673325&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-859423121-132849420-3883132106-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&ts=1424673325&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-859423121-132849420-3883132106-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dspp&ts=1424673292&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&q={searchTerms}
SearchScopes: HKU\S-1-5-21-859423121-132849420-3883132106-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST&ts=1424673325&type=default&q={searchTerms}
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll (Thinknice Co. Limited)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1424673280&from=cor&uid=TOSHIBAXMQ01ABD050_X3D7CY2STXXX3D7CY2ST
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Blysku\AppData\Roaming\Mozilla\Firefox\Profiles\2zl3p4u4.default-1424684247287\extensions\fftoolbar2014@etech.com
CustomCLSID: HKU\S-1-5-21-859423121-132849420-3883132106-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Blysku\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
Task: {52E057F4-A6A3-4474-A62A-5CE529D9B68D} - System32\Tasks\{B6E1F1A2-555F-454A-8977-9112DE579C2D} => pcalua.exe -a C:\Users\Błysku\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
C:\Program Files\Opera
C:\Program Files\XTab
C:\ProgramData\IHProtectUpDate
C:\Users\Błysku\AppData\Local\Opera Software
C:\Users\Błysku\AppData\Roaming\Opera Software
C:\Users\Błysku\Downloads\*(*)-dp*.exe
CMD: sc config WinDefend start= demand
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
IHProtect Service => Service deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-859423121-132849420-3883132106-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-859423121-132849420-3883132106-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-859423121-132849420-3883132106-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-859423121-132849420-3883132106-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. 
"HKU\S-1-5-21-859423121-132849420-3883132106-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKU\S-1-5-21-859423121-132849420-3883132106-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully.
"HKU\S-1-5-21-859423121-132849420-3883132106-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52E057F4-A6A3-4474-A62A-5CE529D9B68D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52E057F4-A6A3-4474-A62A-5CE529D9B68D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B6E1F1A2-555F-454A-8977-9112DE579C2D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B6E1F1A2-555F-454A-8977-9112DE579C2D}" => Key deleted successfully.
C:\Program Files\Opera => Moved successfully.
C:\Program Files\XTab => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Users\Błysku\AppData\Local\Opera Software => Moved successfully.
C:\Users\Błysku\AppData\Roaming\Opera Software => Moved successfully.
C:\Users\Błysku\Downloads\*(*)-dp*.exe => Moved successfully.

=========  sc config WinDefend start= demand =========

[SC] ChangeServiceConfig SUKCES

========= End of CMD: =========

EmptyTemp: => Removed 433.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:47:36 ====