Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by justynka at 2015-04-17 16:56:46 Run:1
Running from C:\Users\justynka\Desktop
Loaded Profiles: justynka (Available profiles: justynka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
R1 {40d1e549-9fca-4f25-a19d-d845842dd635}Gw64; C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys [48784 2014-12-30] (StdLib)
R1 {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64; C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys [48784 2015-01-02] (StdLib)
R1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64; C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys [48784 2015-01-05] (StdLib)
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64; C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [48784 2014-12-27] (StdLib)
R1 {ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64; C:\Windows\System32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64.sys [48784 2014-12-25] (StdLib)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-30] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-05-30] (Symantec Corporation) [File not signed]
R2 OnlineMapFinder_9pService; C:\Program Files (x86)\OnlineMapFinder_9p\bar\3.bin\9pbarsvc.exe [90696 2014-09-10] (Mindspark)
R2 Update Hold Page; C:\Program Files (x86)\Hold Page\updateHoldPage.exe [405232 2015-04-07] ()
R2 Util Hold Page; C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe [405232 2015-04-07] ()
S3 MEMSWEEP2; C:\Windows\system32\7969.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
Task: {5EF66B58-FD4B-426E-ACE0-3777DE38B7E7} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {60A561B7-6128-4FBC-8FA4-3478ABC3C177} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EB6ACF4C-5B1C-4113-BFD0-392B6DE28786} - System32\Tasks\Price Fountain => C:\Users\justynka\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FCCC593C-6416-426C-8233-674E2F9F240B} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\justynka\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2535683076-3279026183-770477073-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426432548&from=cor&uid=TOSHIBAXMQ01ABF050_343UCPCNTXX343UCPCNT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426432548&from=cor&uid=TOSHIBAXMQ01ABF050_343UCPCNTXX343UCPCNT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426432548&from=cor&uid=TOSHIBAXMQ01ABF050_343UCPCNTXX343UCPCNT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426432548&from=cor&uid=TOSHIBAXMQ01ABF050_343UCPCNTXX343UCPCNT&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2535683076-3279026183-770477073-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2535683076-3279026183-770477073-1001 -> {EFC0AAC0-0D53-4499-A0E6-C37FBCEF3E55} URL =
FF Plugin-x32: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\3.bin\NP9pStub.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
C:\Program Files (x86)\Common Files\Symantec Shared
C:\Program Files (x86)\Hold Page
C:\Program Files (x86)\OnlineMapFinder_9p
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
C:\ProgramData\Norton
C:\ProgramData\WildTangent
C:\ProgramData\Microsoft\Windows\GameExplorer\{e923cba5-ed90-4670-bf07-064d14a1cd55}
C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}
C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}
C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}
C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}
C:\ProgramData\Microsoft\Windows\GameExplorer\{22A975C0-D22F-482C-A387-637EEC15870F}
C:\ProgramData\Microsoft\Windows\GameExplorer\{227680FF-28CE-48EE-AADF-8D009B2813A9}
C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}
C:\Users\justynka\AppData\Local\Pay-By-Ads
C:\Users\justynka\AppData\Roaming\PriceFountain
C:\Users\justynka\Desktop\wszystko\2009-02-10 justnka\IMG_9093.lnk
C:\Users\justynka\Desktop\wszystko\2009-02-10 justnka\TOSHIBA DVD PLAYER.lnk
C:\Users\justynka\Desktop\wszystko\2009-02-10 justnka\18-stka frycka\*.lnk
C:\Windows\System32\*.tmp
C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys
C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys
C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys
C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys
C:\Windows\System32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64.sys
C:\Windows\System32\log
C:\Windows\System32\Tasks\Norton Anti-Theft
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft
Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /s
Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /s
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64 => Unable to stop service
{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64 => Service deleted successfully.
{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64 => Unable to stop service
{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64 => Service deleted successfully.
{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64 => Unable to stop service
{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64 => Service deleted successfully.
{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64 => Unable to stop service
{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64 => Service deleted successfully.
{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64 => Unable to stop service
{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64 => Service deleted successfully.
eeCtrl => Service deleted successfully.
EraserUtilRebootDrv => Service deleted successfully.
OnlineMapFinder_9pService => Service deleted successfully.
Update Hold Page => Unable to stop service
Update Hold Page => Service deleted successfully.
Util Hold Page => Unable to stop service
Util Hold Page => Service deleted successfully.
MEMSWEEP2 => Service deleted successfully.
iSafeKrnlMon => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EF66B58-FD4B-426E-ACE0-3777DE38B7E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EF66B58-FD4B-426E-ACE0-3777DE38B7E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A561B7-6128-4FBC-8FA4-3478ABC3C177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A561B7-6128-4FBC-8FA4-3478ABC3C177}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB6ACF4C-5B1C-4113-BFD0-392B6DE28786}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB6ACF4C-5B1C-4113-BFD0-392B6DE28786}" => Key deleted successfully.
C:\Windows\System32\Tasks\Price Fountain => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Fountain" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCCC593C-6416-426C-8233-674E2F9F240B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCCC593C-6416-426C-8233-674E2F9F240B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Anti-Theft\Norton Error Processor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => Key deleted successfully.
C:\Windows\Tasks\Price Fountain.job => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-21-2535683076-3279026183-770477073-1001\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2535683076-3279026183-770477073-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2535683076-3279026183-770477073-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFC0AAC0-0D53-4499-A0E6-C37FBCEF3E55}" => Key deleted successfully.
HKCR\CLSID\{EFC0AAC0-0D53-4499-A0E6-C37FBCEF3E55} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@OnlineMapFinder_9p.com/Plugin" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Symantec Shared => Moved successfully.

"C:\Program Files (x86)\Hold Page" directory move:

Could not move "C:\Program Files (x86)\Hold Page" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\OnlineMapFinder_9p => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
C:\ProgramData\WildTangent => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{e923cba5-ed90-4670-bf07-064d14a1cd55} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{22A975C0-D22F-482C-A387-637EEC15870F} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{227680FF-28CE-48EE-AADF-8D009B2813A9} => Moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4} => Moved successfully.
C:\Users\justynka\AppData\Local\Pay-By-Ads => Moved successfully.
C:\Users\justynka\AppData\Roaming\PriceFountain => Moved successfully.
C:\Users\justynka\Desktop\wszystko\2009-02-10 justnka\IMG_9093.lnk => Moved successfully.
C:\Users\justynka\Desktop\wszystko\2009-02-10 justnka\TOSHIBA DVD PLAYER.lnk => Moved successfully.
"C:\Users\justynka\Desktop\wszystko\2009-02-10 justnka\18-stka frycka\*.lnk" => File/Directory not found.
C:\Windows\System32\*.tmp => Moved successfully.
C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys => Moved successfully.
C:\Windows\System32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64.sys => Moved successfully.
C:\Windows\System32\log => Moved successfully.
C:\Windows\System32\Tasks\Norton Anti-Theft => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft => Key Deleted successfully.

========= reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    DefaultScope    REG_SZ    {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFC0AAC0-0D53-4499-A0E6-C37FBCEF3E55}
    DisplayName    REG_SZ    Bing
    URL    REG_SZ    http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
    ShowSearchSuggestions    REG_DWORD    0x1
    FaviconURL    REG_SZ    http://www.bing.com/favicon.ico
    SuggestionsURL    REG_SZ    http://api.bing.com/qsml.aspx?query={searchTerms}&src={referrer:source?}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}



========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
    DefaultScope    REG_SZ    {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EFC0AAC0-0D53-4499-A0E6-C37FBCEF3E55}
    DisplayName    REG_SZ    Bing
    URL    REG_SZ    http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
    ShowSearchSuggestions    REG_DWORD    0x1
    FaviconURL    REG_SZ    http://www.bing.com/favicon.ico
    SuggestionsURL    REG_SZ    http://api.bing.com/qsml.aspx?query={searchTerms}&src={referrer:source?}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}



========= End of Reg: =========

EmptyTemp: => Removed 1.7 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-17 17:10:08)<=

C:\Program Files (x86)\Hold Page => Is moved successfully.

==== End of Fixlog 17:10:08 ====