Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by ZST2 at 2015-03-20 22:34:20 Run:2 Running from D:\Downloads Loaded Profiles: ZST2 (Available profiles: ZST2) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-12] (SysTool PasSame LIMITED) S2 Update webget; "C:\Program Files (x86)\webget\updatewebget.exe" [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1423735065&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1423735065&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1423735065&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1423735065&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dspp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dspp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} SearchScopes: HKU\S-1-5-21-2304537269-2391276559-412557570-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dspp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} SearchScopes: HKU\S-1-5-21-2304537269-2391276559-412557570-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&ts=1423735149&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2304537269-2391276559-412557570-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&ts=1423735149&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2304537269-2391276559-412557570-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dspp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&q={searchTerms} SearchScopes: HKU\S-1-5-21-2304537269-2391276559-412557570-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP&ts=1423735149&type=default&q={searchTerms} BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File CHR HomePage: Default -> hxxp://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP CHR StartupUrls: Default -> "hxxp://www.key-find.com/?type=hppp&ts=1423735133&from=cor&uid=ST9320325AS_5VD3QDGPXXXX5VD3QDGP" FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\ZST2\AppData\Roaming\Mozilla\Firefox\Profiles\rnjoc2g5.default-1394660289860\extensions\fftoolbar2014@etech.com Task: {89D35390-E23B-4F9A-87B4-2FE814087571} - System32\Tasks\{DF4D094B-0912-448A-B8FE-49BF8AC1166A} => pcalua.exe -a "C:\Program Files (x86)\HDvid Codec V6.0\Uninstall.exe" -c /fromcontrolpanel=1 Task: {B0ED85DC-C320-46DD-B868-86E87DBB3612} - System32\Tasks\{EEEF41B2-B597-4575-8C03-5BE3F67C0C49} => pcalua.exe -a "D:\Downloads\sonicstage [1].exe" -d D:\Downloads HKU\S-1-5-21-2304537269-2391276559-412557570-1000\...\MountPoints2: {9dc4f8c3-95cc-11e4-848e-485b395ba884} - F:\_AUTORUN\AUTORUN.EXE HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File C:\Program Files (x86)\Mozilla Firefox\plugins C:\Program Files (x86)\XTab C:\ProgramData\{*}.log C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce C:\ProgramData\IHProtectUpDate C:\ProgramData\WindowsMangerProtect C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk C:\Users\ZST2\AppData\Local\{976222BF-FF50-4DE1-95D6-C4AC44D37A0A} C:\Users\ZST2\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\ZST2\AppData\Roaming\key-find C:\Users\ZST2\AppData\Roaming\Microsoft\Excel\wersja%20pierwsza%20Zestawienie%20uczestników%20pr304177612576894628\wersja%20pierwsza%20Zestawienie%20uczestników%20projektu222.xls.lnk C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS WebStorage" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Service stopped successfully. {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Service deleted successfully. IHProtect Service => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. Update webget => Service deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2304537269-2391276559-412557570-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2304537269-2391276559-412557570-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2304537269-2391276559-412557570-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. "HKU\S-1-5-21-2304537269-2391276559-412557570-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-2304537269-2391276559-412557570-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c723a437-2eaf-466d-a95b-3fa0966bf88c}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{c723a437-2eaf-466d-a95b-3fa0966bf88c}" => Key deleted successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89D35390-E23B-4F9A-87B4-2FE814087571}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89D35390-E23B-4F9A-87B4-2FE814087571}" => Key deleted successfully. C:\Windows\System32\Tasks\{DF4D094B-0912-448A-B8FE-49BF8AC1166A} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF4D094B-0912-448A-B8FE-49BF8AC1166A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0ED85DC-C320-46DD-B868-86E87DBB3612}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0ED85DC-C320-46DD-B868-86E87DBB3612}" => Key deleted successfully. C:\Windows\System32\Tasks\{EEEF41B2-B597-4575-8C03-5BE3F67C0C49} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEEF41B2-B597-4575-8C03-5BE3F67C0C49}" => Key deleted successfully. "HKU\S-1-5-21-2304537269-2391276559-412557570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dc4f8c3-95cc-11e4-848e-485b395ba884}" => Key deleted successfully. HKCR\CLSID\{9dc4f8c3-95cc-11e4-848e-485b395ba884} => Key not found. HKU\S-1-5-21-2304537269-2391276559-412557570-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. C:\ProgramData\{*}.log => Moved successfully. C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce => Moved successfully. C:\ProgramData\IHProtectUpDate => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk => Moved successfully. C:\Users\ZST2\AppData\Local\{976222BF-FF50-4DE1-95D6-C4AC44D37A0A} => Moved successfully. C:\Users\ZST2\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\ZST2\AppData\Roaming\key-find => Moved successfully. C:\Users\ZST2\AppData\Roaming\Microsoft\Excel\wersja%20pierwsza%20Zestawienie%20uczestników%20pr304177612576894628\wersja%20pierwsza%20Zestawienie%20uczestników%20projektu222.xls.lnk => Moved successfully. C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS WebStorage" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog 22:35:50 ====