Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2014 Ran by abc at 2014-05-05 21:58:02 Run:1 Running from C:\Users\abc\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Program Files (x86)\fst_pl_14\fst_pl_14.exe (Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe (Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\systemku.exe () C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe () C:\Program Files (x86)\WiseEnhance\bin\WiseEnhance.PurBrowse64.exe () C:\Program Files (x86)\WiseEnhance\bin\WiseEnhance.BrowserAdapter.exe () C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe S3 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R3 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3543056 2014-04-28] (Aztec Media Inc) R3 Update WiseEnhance; C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe [316704 2014-05-05] () R3 Util WiseEnhance; C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe [316704 2014-05-04] () R3 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-29] (Cherished Technololgy LIMITED) R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-04-28] (Aztec Media Inc) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib) S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] Task: {0CBCABCB-0F24-4502-A37C-FCBDCA184266} - System32\Tasks\MetaCrawler => C:\Users\abc\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {BCE1778E-DA89-4AD6-BB02-130C4C2FA851} - System32\Tasks\windealistSWU => Cscript.exe "C:\Program Files (x86)\windealist\Internet Explorer\swu.vbs" <==== ATTENTION Task: {EF72784F-3088-4030-B7E2-3214233DF60D} - System32\Tasks\DSite => C:\Users\abc\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\DSite.job => C:\Users\abc\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\MetaCrawler.job => C:\Users\abc\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM\...\Policies\Explorer: [NoControlPanel] 0 IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-04-28] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-04-28] () ShortcutWithArgument: C:\Users\abc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX ShortcutWithArgument: C:\Users\abc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12521&tm=333&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12521&tm=333&src=ds&p={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E21D2016D8CB9AD1&affID=119357&tt=280813_noccp&tsp=4989 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398787401&from=smt&uid=HitachiXHTS545050A7E380_TE851449CXJBJWCXJBJWX&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={E164AD32-D755-42D6-8A97-DB7A60A88E77}&mid=fc8d5749ca8d47d29cf3f15f9e2f7322-3e996707f6841224b7f83b46a023169f4ff0dbdc&lang=pl&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-05-05 19:01:02&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12521&tm=333&src=ds&p={searchTerms} BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc) BHO-x32: WinDealist - {B8F10001-9552-4F40-8F61-6765CD22DD9E} - C:\Program Files (x86)\windealist\Internet Explorer\windealist.dll () BHO-x32: WiseEnhance - {bc8c4384-d19c-474b-a298-c90b7e5c5204} - C:\Program Files (x86)\WiseEnhance\WiseEnhancebho.dll (WiseEnhance) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll No File Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\7vqnnva8.default\extensions\quick_start@gmail.com CHR HKLM\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\Users\abc\AppData\Local\metacrawler-speeddial.crx [2013-11-03] CHR HKCU\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\Users\abc\AppData\Local\metacrawler-speeddial.crx [2013-11-03] CHR HKLM-x32\...\Chrome\Extension: [cogkkcgdhndddhnkcebakjmifjllamkb] - C:\Program Files (x86)\windealist\Chrome\windealist-1.0.464.crx [2013-12-12] CHR HKLM-x32\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\Users\abc\AppData\Local\metacrawler-speeddial.crx [2013-11-03] CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2013-11-03] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" C:\Program Files (x86)\BonanzaDeals C:\Program Files (x86)\BonanzaDealsLive C:\Program Files (x86)\Opera C:\Users\abc\AppData\Local\Opera Software C:\Users\abc\AppData\Roaming\my_intel.sys C:\Users\abc\AppData\Roaming\sp_data.sys C:\Users\abc\AppData\Roaming\(DC-3E-F8-9F-F2-94) C:\Users\abc\AppData\Roaming\3909 C:\Users\abc\AppData\Roaming\Babylon C:\Users\abc\AppData\Roaming\Opera Software C:\Users\abc\Desktop\Kill2Me.exe C:\Users\abc\Downloads\kill2me_v111zip.exe C:\Users\abc\Downloads\DAEMON-Tools-Lite(12708).exe C:\Users\abc\Downloads\FlashPlayersetup__2583_i594981276_il7.exe C:\Users\abc\Downloads\LOL_OPGG_Observer_812898976 (1).bat C:\Users\abc\Downloads\SoftonicDownloader_dla_papers-please.exe C:\Users\abc\Downloads\yet_another_cleaner*.exe C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fst_pl_14" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcpltui_exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VNT" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f CMD: netsh advfirewall reset Reboot: ***************** [4784] C:\Program Files (x86)\fst_pl_14\fst_pl_14.exe => Process closed successfully. C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe => Failed to close process. C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe => Failed to close process. C:\Program Files (x86)\Settings Manager\systemk\systemku.exe => Failed to close process. [3968] C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe => Process closed successfully. [2208] C:\ProgramData\WPM\wprotectmanager.exe => Process closed successfully. [6568] C:\Program Files (x86)\WiseEnhance\bin\WiseEnhance.PurBrowse64.exe => Process closed successfully. [6632] C:\Program Files (x86)\WiseEnhance\bin\WiseEnhance.BrowserAdapter.exe => Process closed successfully. [6788] C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe => Process closed successfully. IePluginService => Service deleted successfully. SystemkService => Unable to stop service SystemkService => Error deleting Service Update WiseEnhance => Service deleted successfully. Util WiseEnhance => Unable to stop service Util WiseEnhance => Service deleted successfully. Wpm => Service deleted successfully. F06DEFF2-5B9C-490D-910F-35D3A91196222 => Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A91196222 => Error deleting Service {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 => Unable to stop service {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 => Service deleted successfully. xhunter1 => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CBCABCB-0F24-4502-A37C-FCBDCA184266} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CBCABCB-0F24-4502-A37C-FCBDCA184266} => Key deleted successfully. C:\Windows\System32\Tasks\MetaCrawler => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MetaCrawler => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCE1778E-DA89-4AD6-BB02-130C4C2FA851} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCE1778E-DA89-4AD6-BB02-130C4C2FA851} => Key deleted successfully. C:\Windows\System32\Tasks\windealistSWU => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\windealistSWU => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF72784F-3088-4030-B7E2-3214233DF60D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF72784F-3088-4030-B7E2-3214233DF60D} => Key deleted successfully. C:\Windows\System32\Tasks\DSite => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully. C:\Windows\Tasks\DSite.job => Moved successfully. C:\Windows\Tasks\MetaCrawler.job => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully. C:\Users\abc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\abc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument was removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully. HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8F10001-9552-4F40-8F61-6765CD22DD9E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B8F10001-9552-4F40-8F61-6765CD22DD9E} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc8c4384-d19c-474b-a298-c90b7e5c5204} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{bc8c4384-d19c-474b-a298-c90b7e5c5204} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully. C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quick_start@gmail.com => Value deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\doobfiogmfmpjnoofjhhgjehmlofngfp => Key deleted successfully. C:\Users\abc\AppData\Local\metacrawler-speeddial.crx => Moved successfully. HKCU\SOFTWARE\Google\Chrome\Extensions\doobfiogmfmpjnoofjhhgjehmlofngfp => Key deleted successfully. "C:\Users\abc\AppData\Local\metacrawler-speeddial.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cogkkcgdhndddhnkcebakjmifjllamkb => Key deleted successfully. C:\Program Files (x86)\windealist\Chrome\windealist-1.0.464.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\doobfiogmfmpjnoofjhhgjehmlofngfp => Key deleted successfully. "C:\Users\abc\AppData\Local\metacrawler-speeddial.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj => Key deleted successfully. "C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx" => File/Directory not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key deleted successfully. C:\Program Files (x86)\BonanzaDeals => Moved successfully. C:\Program Files (x86)\BonanzaDealsLive => Moved successfully. C:\Program Files (x86)\Opera => Moved successfully. C:\Users\abc\AppData\Local\Opera Software => Moved successfully. C:\Users\abc\AppData\Roaming\my_intel.sys => Moved successfully. C:\Users\abc\AppData\Roaming\sp_data.sys => Moved successfully. C:\Users\abc\AppData\Roaming\(DC-3E-F8-9F-F2-94) => Moved successfully. C:\Users\abc\AppData\Roaming\3909 => Moved successfully. C:\Users\abc\AppData\Roaming\Babylon => Moved successfully. C:\Users\abc\AppData\Roaming\Opera Software => Moved successfully. "C:\Users\abc\Desktop\Kill2Me.exe" => File/Directory not found. C:\Users\abc\Downloads\kill2me_v111zip.exe => Moved successfully. C:\Users\abc\Downloads\DAEMON-Tools-Lite(12708).exe => Moved successfully. C:\Users\abc\Downloads\FlashPlayersetup__2583_i594981276_il7.exe => Moved successfully. C:\Users\abc\Downloads\LOL_OPGG_Observer_812898976 (1).bat => Moved successfully. C:\Users\abc\Downloads\SoftonicDownloader_dla_papers-please.exe => Moved successfully. C:\Users\abc\Downloads\yet_another_cleaner*.exe => Moved successfully. C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fst_pl_14" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcpltui_exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VNT" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====