Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01 Ran by Monia at 2015-02-28 18:56:05 Run:1 Running from C:\Users\Monia\Desktop Loaded Profiles: UpdatusUser & Monia (Available profiles: UpdatusUser & Monia) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: R1 {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64; C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys [48792 2015-01-27] (StdLib) R1 {31c21995-b861-4864-ab50-4a53fbca73d4}Gw64; C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys [48784 2015-02-03] (StdLib) R1 {371bcf01-e691-44bf-9345-60788e5d16a5}Gw64; C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys [48792 2015-01-28] (StdLib) R1 {df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64; C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys [48784 2015-01-31] (StdLib) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X] S2 Util Solution Real; "C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe" [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422472447&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1817082201-820790361-2850418920-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1817082201-820790361-2850418920-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&ts=1422472479&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1817082201-820790361-2850418920-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&ts=1422472479&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1817082201-820790361-2850418920-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1817082201-820790361-2850418920-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&ts=1422472479&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1817082201-820790361-2850418920-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX&ts=1422472479&type=default&q={searchTerms} BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422472462&from=cor&uid=ST9500325AS_S2W0RCCXXXXXS2W0RCCX" FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Monia\AppData\Roaming\Mozilla\Firefox\Profiles\c3eb13e0.default\extensions\faststartff@gmail.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk C:\Program Files (x86)\Solution Real C:\Program Files (x86)\XTab C:\Users\Public\Desktop\AsusTools\Network\ASUS WebStorage.lnk C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall" /f Reg: reg delete HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Windows\CurrentVersion\Run /f Reg: reg delete "HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Restore point was successfully created. {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64 => Service stopped successfully. {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64 => Service deleted successfully. {31c21995-b861-4864-ab50-4a53fbca73d4}Gw64 => Unable to stop service {31c21995-b861-4864-ab50-4a53fbca73d4}Gw64 => Service deleted successfully. {371bcf01-e691-44bf-9345-60788e5d16a5}Gw64 => Service stopped successfully. {371bcf01-e691-44bf-9345-60788e5d16a5}Gw64 => Service deleted successfully. {df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64 => Service stopped successfully. {df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64 => Service deleted successfully. IHProtect Service => Service stopped successfully. IHProtect Service => Service deleted successfully. Update Solution Real => Service deleted successfully. Util Solution Real => Service deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1817082201-820790361-2850418920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1817082201-820790361-2850418920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-1817082201-820790361-2850418920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. "HKU\S-1-5-21-1817082201-820790361-2850418920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-1817082201-820790361-2850418920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. "HKU\S-1-5-21-1817082201-820790361-2850418920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk => Moved successfully. "C:\Program Files (x86)\Solution Real" directory move: C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab504a53fbca73d4.dll => Moved successfully. C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab504a53fbca73d464.dll => Moved successfully. C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe => Moved successfully. C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe => Moved successfully. C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe => Moved successfully. C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe => Moved successfully. C:\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll => Moved successfully. C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe => Moved successfully. Could not move "C:\Program Files (x86)\Solution Real" directory. => Scheduled to move on reboot. C:\Program Files (x86)\XTab => Moved successfully. C:\Users\Public\Desktop\AsusTools\Network\ASUS WebStorage.lnk => Moved successfully. C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1817082201-820790361-2850418920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Windows\CurrentVersion\Run /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1817082201-820790361-2850418920-1000\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.1 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-28 19:15:11)<= C:\Program Files (x86)\Solution Real => Is moved successfully. ==== End of Fixlog 19:15:11 ====