Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014 Ran by Rafal at 2014-12-14 15:52:49 Run:1 Running from C:\Users\Rafal\Downloads Loaded Profile: Rafal (Available profiles: Rafal) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52001;https=127.0.0.1:52001 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 ShortcutWithArgument: C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/15 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_23_ff&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyCtBtCtCtC0ByE0E0ByB0CtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0F0AzztDzz0A0DtGyBtDyCtAtGyEtB0D0CtG0C0B0ByBtGyC0E0EyC0B0DtC0B0Dzy0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBtByDtCzy0B0EtG0CtA0E0FtGtCyEtDzytG0AtCyCyEtGtAtAtB0CtAyBzy0C0EtB0EtA2Q&cr=546621253&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/15&l=1&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1405261940&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30E99H1567H1567&q={searchTerms} SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/15&l=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3998210539-3065520669-1277161271-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325580&octid=EB_ORIGINAL_CTID&ISID=MC2FF06B1-E2CA-491B-AE66-7A326D4BF7D3&SearchSource=58&CUI=&UM=2&UP=SP56F9FE0D-B7E6-4E80-BF25-645DC58EDA18&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3998210539-3065520669-1277161271-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\0d43dv6q.default\extensions\faststartff@gmail.com FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml Task: {0CA4209E-EDD8-4BFE-ACEC-F0289A76B090} - System32\Tasks\{4B732E7C-B599-41C3-BEE0-1F505D3CE63B} => pcalua.exe -a C:\Users\Rafal\Desktop\irfanview_plugins_428_setup.exe -d C:\Users\Rafal\Desktop Task: {1C15A2E1-51A3-4FC7-A4E6-9C3402225EBE} - System32\Tasks\Speedial => C:\Users\Rafal\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {238E8B05-0444-409E-9651-C3149A5B1E11} - System32\Tasks\{B02C56CF-A9F1-43AA-94DA-124CCABFDC70} => pcalua.exe -a C:\Users\Rafal\Desktop\flashget3.7.0.1156en.exe -d C:\Users\Rafal\Desktop Task: {279B6EDB-F43B-4789-A789-C7DD133D12C5} - System32\Tasks\BrickEnhancer-S-1038644530 => c:\programdata\trusted publisher\brickenhancer\BrickEnhancer.exe <==== ATTENTION Task: {3525CD4E-4A49-4860-A63B-369EE2CCAE82} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION Task: {3C3D48C3-6F0B-42C7-9AE4-3E24B66CFDA7} - \Update Service YourFileDownloader No Task File <==== ATTENTION Task: {3D5BC3D4-DA66-4186-9B06-064C103E4F5F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION Task: {4AD9BC06-F804-4E48-BC09-912C7D524E3F} - System32\Tasks\{349DEBA7-4FFA-4F56-B3F1-950022045950} => pcalua.exe -a E:\autorun.exe -d E:\ Task: {51F76BBB-ABA2-44DE-8F74-C0F56329CA19} - System32\Tasks\{9FABA38F-97C5-445B-A9EC-AFE664B874B3} => pcalua.exe -a D:\Instalator.exe -d D:\ Task: {787515BE-1F65-49C8-82AA-04389D66ABBB} - System32\Tasks\{2BAC461E-DBD5-4DA7-98D0-26413CB1F5C1} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe Task: {996A4107-43A6-461D-9183-42B9578A2BD1} - System32\Tasks\SoftwareEnforcer-S-3192505879 => c:\programdata\trusted publisher\softwareenforcer\SoftwareEnforcer.exe <==== ATTENTION Task: {A56FF2B5-D446-49C0-A269-C10183D42807} - System32\Tasks\SystemLifter-S-814392653 => c:\programdata\trusted publisher\systemlifter\SystemLifter.exe <==== ATTENTION Task: {BAB079BB-9EEC-4C05-BDA7-F03BE03B85CC} - System32\Tasks\{9DC67CBE-33ED-4819-B507-75BF729D3CB6} => pcalua.exe -a "C:\Users\Rafal\Desktop\Disc 1\SETUP.EXE" -d "C:\Users\Rafal\Desktop\Disc 1" Task: {BAFFEE45-BCBE-4E3A-8702-65655BC1E0BC} - System32\Tasks\{6FB01C64-2552-474E-9DB2-D8FE7E3A4747} => pcalua.exe -a D:\Install.exe -d D:\ Task: {CB8A464E-4626-43D7-B076-5A0AA0CD3C8A} - System32\Tasks\{0DF29B43-6570-4820-B2DA-E0CC1565C99C} => pcalua.exe -a C:\Users\Rafal\Downloads\irfanview_plugins_428_setup.exe -d C:\Users\Rafal\Downloads Task: {D6CDAA4A-B8EE-4137-AE1C-DB37AF900D85} - System32\Tasks\SystemBooster-S-3779874333 => c:\programdata\trusted publisher\systembooster\SystemBooster.exe <==== ATTENTION Task: {DB265325-234E-4342-828A-0A58DFC1E3F2} - System32\Tasks\{EA0F0AAC-9F33-4339-A030-DF9071588E5B} => pcalua.exe -a "C:\Users\Rafal\Downloads\rom\Faenil_FlashingKit\Faenil_FlashingKit\Usb Drivers\SSDN_V1.1.808.7165_SETUP_whql.exe" -d "C:\Users\Rafal\Downloads\rom\Faenil_FlashingKit\Faenil_FlashingKit\Usb Drivers" Task: {E041994B-8F6B-490F-B55A-3AA515345743} - \LuckyTab No Task File <==== ATTENTION Task: {E99336F8-537B-4EBC-93C6-0EE9C32FD5BB} - System32\Tasks\{2DA9E005-5D5A-45DB-84C0-1648116738A5} => pcalua.exe -a C:\Users\Rafal\Downloads\iview435_setup.exe -d C:\Users\Rafal\Downloads Task: {EA6D02C3-28CE-490B-B527-1338C2EA01A6} - \GoForFiles Installer Starter No Task File <==== ATTENTION Task: {F732A0FC-C832-4F3E-B66F-B79EBD1AE460} - System32\Tasks\{F9897146-46EC-4EAE-8408-7F2EFB094CAC} => pcalua.exe -a C:\Users\Rafal\Downloads\irfanview_plugins_435_setup.exe -d C:\Users\Rafal\Downloads Task: {FC834F47-87B6-4A87-983D-5162FD72B806} - System32\Tasks\{62BAF2C7-6B9A-4A3F-95E9-577672D95531} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.115&LastError=12002 Task: C:\Windows\Tasks\BrickEnhancer-S-1038644530.job => c:\programdata\trusted publisher\brickenhancer\BrickEnhancer.exe <==== ATTENTION Task: C:\Windows\Tasks\SoftwareEnforcer-S-3192505879.job => c:\programdata\trusted publisher\softwareenforcer\SoftwareEnforcer.exe <==== ATTENTION Task: C:\Windows\Tasks\Speedial.job => C:\Users\Rafal\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\SystemBooster-S-3779874333.job => c:\programdata\trusted publisher\systembooster\SystemBooster.exe <==== ATTENTION Task: C:\Windows\Tasks\SystemLifter-S-814392653.job => c:\programdata\trusted publisher\systemlifter\SystemLifter.exe <==== ATTENTION S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DKbFltr; \SystemRoot\SysWOW64\Drivers\DKbFltr.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S0 sptd; System32\Drivers\sptd.sys [X] U0 SR; No ImagePath U2 srservice; No ImagePath S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\...\RunOnce: [Adobe Speed Launcher] => 1418484034 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION! AlternateDataStreams: C:\Windows:52B26DCB3CFD546A CMD: for /d %f in (C:\Users\Rafal\AppData\Local\{*}) do rd /s /q "%f" C:\Program Files\Google C:\Program Files (x86)\Docudesk C:\Program Files (x86)\Google C:\Program Files (x86)\Mozilla Firefox\plugins C:\Program Files (x86)\LuckyTab C:\Program Files (x86)\SlySoft C:\Program Files (x86)\UltraISO C:\Program Files (x86)\YourFileDownloaderUpdater C:\Program Files (x86)\Common Files\wruninstall.exe C:\ProgramData\*.bdinstall.bin C:\ProgramData\544020358666808469 C:\ProgramData\abnneabpmphhnjmdlgodooopbkldcmei C:\ProgramData\aojhllnpehhehgenedomgkjlefgnncpl C:\ProgramData\hnkmfkpngchicohnlimigjbcnoegahem C:\ProgramData\ibpomfegbjningepadaocdekniojcabf C:\ProgramData\iiepccdcclekcmlellfgifonbihejkfg C:\ProgramData\pllefemhbjgajpjkcdbfojijllfpajec C:\ProgramData\F-Secure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 C:\ProgramData\Temp C:\ProgramData\WindowsMangerProtect C:\Users\Rafal\AppData\Local\{*} C:\Users\Rafal\AppData\Local\setup.exe C:\Users\Rafal\AppData\Local\Google C:\Users\Rafal\AppData\Local\hitsblender C:\Users\Rafal\AppData\Roaming\_ C:\Users\Rafal\AppData\Roaming\WindApp.boostrap.log C:\Users\Rafal\AppData\Roaming\BITS C:\Users\Rafal\AppData\Roaming\CSOdessa C:\Users\Rafal\AppData\Roaming\DAEMON Tools Lite C:\Users\Rafal\AppData\Roaming\DAEMON Tools Pro C:\Users\Rafal\AppData\Roaming\DownloadManager C:\Users\Rafal\AppData\Roaming\FlashGet C:\Users\Rafal\AppData\Roaming\Foxit C:\Users\Rafal\AppData\Roaming\Google C:\Users\Rafal\AppData\Roaming\Leadertech C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage C:\Users\Rafal\AppData\Roaming\newnext.me C:\Users\Rafal\AppData\Roaming\Nosibay C:\Users\Rafal\AppData\Roaming\OpenFM C:\Users\Rafal\AppData\Roaming\Rovio C:\Users\Rafal\AppData\Roaming\SoftDMA C:\Users\Rafal\AppData\Roaming\Speedial C:\Users\Rafal\AppData\Roaming\TeamViewer C:\Users\Rafal\AppData\Roaming\Temp C:\Users\Rafal\AppData\Roaming\ttales C:\Users\Rafal\AppData\Roaming\TuneUp Software C:\Users\Rafal\AppData\Roaming\Uniblue C:\Users\Default\AppData\Roaming\TuneUp Software C:\Windows\SysWow64\Drivers\StarOpen.sys Reg: reg delete HKCU\Software\Google /f Rwg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0} /f Reg: reg delete HKU\S-1-5-19\Software\Classes /f Reg: reg delete HKU\S-1-5-20\Software\Classes /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg delete HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg delete HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /s CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\user\AppData\Local CMD: dir /a C:\Users\user\AppData\LocalLow CMD: dir /a C:\Users\user\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => File not found. C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Firefox.lnk => Shortcut argument was removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully. "HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. "HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found. "HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. "HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CA4209E-EDD8-4BFE-ACEC-F0289A76B090}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA4209E-EDD8-4BFE-ACEC-F0289A76B090}" => Key deleted successfully. C:\Windows\System32\Tasks\{4B732E7C-B599-41C3-BEE0-1F505D3CE63B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B732E7C-B599-41C3-BEE0-1F505D3CE63B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C15A2E1-51A3-4FC7-A4E6-9C3402225EBE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C15A2E1-51A3-4FC7-A4E6-9C3402225EBE}" => Key deleted successfully. C:\Windows\System32\Tasks\Speedial => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{238E8B05-0444-409E-9651-C3149A5B1E11}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{238E8B05-0444-409E-9651-C3149A5B1E11}" => Key deleted successfully. C:\Windows\System32\Tasks\{B02C56CF-A9F1-43AA-94DA-124CCABFDC70} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B02C56CF-A9F1-43AA-94DA-124CCABFDC70}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{279B6EDB-F43B-4789-A789-C7DD133D12C5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{279B6EDB-F43B-4789-A789-C7DD133D12C5}" => Key deleted successfully. C:\Windows\System32\Tasks\BrickEnhancer-S-1038644530 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrickEnhancer-S-1038644530" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3525CD4E-4A49-4860-A63B-369EE2CCAE82}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3525CD4E-4A49-4860-A63B-369EE2CCAE82}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C3D48C3-6F0B-42C7-9AE4-3E24B66CFDA7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C3D48C3-6F0B-42C7-9AE4-3E24B66CFDA7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service YourFileDownloader" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D5BC3D4-DA66-4186-9B06-064C103E4F5F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D5BC3D4-DA66-4186-9B06-064C103E4F5F}" => Key deleted successfully. C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AD9BC06-F804-4E48-BC09-912C7D524E3F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AD9BC06-F804-4E48-BC09-912C7D524E3F}" => Key deleted successfully. C:\Windows\System32\Tasks\{349DEBA7-4FFA-4F56-B3F1-950022045950} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{349DEBA7-4FFA-4F56-B3F1-950022045950}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F76BBB-ABA2-44DE-8F74-C0F56329CA19}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F76BBB-ABA2-44DE-8F74-C0F56329CA19}" => Key deleted successfully. C:\Windows\System32\Tasks\{9FABA38F-97C5-445B-A9EC-AFE664B874B3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FABA38F-97C5-445B-A9EC-AFE664B874B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{787515BE-1F65-49C8-82AA-04389D66ABBB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{787515BE-1F65-49C8-82AA-04389D66ABBB}" => Key deleted successfully. C:\Windows\System32\Tasks\{2BAC461E-DBD5-4DA7-98D0-26413CB1F5C1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2BAC461E-DBD5-4DA7-98D0-26413CB1F5C1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{996A4107-43A6-461D-9183-42B9578A2BD1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{996A4107-43A6-461D-9183-42B9578A2BD1}" => Key deleted successfully. C:\Windows\System32\Tasks\SoftwareEnforcer-S-3192505879 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftwareEnforcer-S-3192505879" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A56FF2B5-D446-49C0-A269-C10183D42807}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A56FF2B5-D446-49C0-A269-C10183D42807}" => Key deleted successfully. C:\Windows\System32\Tasks\SystemLifter-S-814392653 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemLifter-S-814392653" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAB079BB-9EEC-4C05-BDA7-F03BE03B85CC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAB079BB-9EEC-4C05-BDA7-F03BE03B85CC}" => Key deleted successfully. C:\Windows\System32\Tasks\{9DC67CBE-33ED-4819-B507-75BF729D3CB6} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DC67CBE-33ED-4819-B507-75BF729D3CB6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAFFEE45-BCBE-4E3A-8702-65655BC1E0BC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAFFEE45-BCBE-4E3A-8702-65655BC1E0BC}" => Key deleted successfully. C:\Windows\System32\Tasks\{6FB01C64-2552-474E-9DB2-D8FE7E3A4747} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FB01C64-2552-474E-9DB2-D8FE7E3A4747}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB8A464E-4626-43D7-B076-5A0AA0CD3C8A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB8A464E-4626-43D7-B076-5A0AA0CD3C8A}" => Key deleted successfully. C:\Windows\System32\Tasks\{0DF29B43-6570-4820-B2DA-E0CC1565C99C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0DF29B43-6570-4820-B2DA-E0CC1565C99C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6CDAA4A-B8EE-4137-AE1C-DB37AF900D85}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6CDAA4A-B8EE-4137-AE1C-DB37AF900D85}" => Key deleted successfully. C:\Windows\System32\Tasks\SystemBooster-S-3779874333 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemBooster-S-3779874333" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB265325-234E-4342-828A-0A58DFC1E3F2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB265325-234E-4342-828A-0A58DFC1E3F2}" => Key deleted successfully. C:\Windows\System32\Tasks\{EA0F0AAC-9F33-4339-A030-DF9071588E5B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA0F0AAC-9F33-4339-A030-DF9071588E5B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E041994B-8F6B-490F-B55A-3AA515345743}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E041994B-8F6B-490F-B55A-3AA515345743}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E99336F8-537B-4EBC-93C6-0EE9C32FD5BB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E99336F8-537B-4EBC-93C6-0EE9C32FD5BB}" => Key deleted successfully. C:\Windows\System32\Tasks\{2DA9E005-5D5A-45DB-84C0-1648116738A5} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2DA9E005-5D5A-45DB-84C0-1648116738A5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA6D02C3-28CE-490B-B527-1338C2EA01A6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA6D02C3-28CE-490B-B527-1338C2EA01A6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoForFiles Installer Starter" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F732A0FC-C832-4F3E-B66F-B79EBD1AE460}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F732A0FC-C832-4F3E-B66F-B79EBD1AE460}" => Key deleted successfully. C:\Windows\System32\Tasks\{F9897146-46EC-4EAE-8408-7F2EFB094CAC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9897146-46EC-4EAE-8408-7F2EFB094CAC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC834F47-87B6-4A87-983D-5162FD72B806}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC834F47-87B6-4A87-983D-5162FD72B806}" => Key deleted successfully. C:\Windows\System32\Tasks\{62BAF2C7-6B9A-4A3F-95E9-577672D95531} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62BAF2C7-6B9A-4A3F-95E9-577672D95531}" => Key deleted successfully. C:\Windows\Tasks\BrickEnhancer-S-1038644530.job => Moved successfully. C:\Windows\Tasks\SoftwareEnforcer-S-3192505879.job => Moved successfully. C:\Windows\Tasks\Speedial.job => Moved successfully. C:\Windows\Tasks\SystemBooster-S-3779874333.job => Moved successfully. C:\Windows\Tasks\SystemLifter-S-814392653.job => Moved successfully. StarOpen => Service deleted successfully. dgderdrv => Service deleted successfully. DKbFltr => Service deleted successfully. RtsUIR => Service deleted successfully. sptd => Service deleted successfully. SR => Service deleted successfully. srservice => Service deleted successfully. USBCCID => Service deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC" => Key deleted successfully. "HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully. "HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully. "HKU\.DEFAULT\Software\Classes\exefile" => Key not found. "HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Classes\.exe" => Key deleted successfully. "HKU\S-1-5-21-3998210539-3065520669-1277161271-1000\Software\Classes\exefile" => Key not found. C:\Windows => ":52B26DCB3CFD546A" ADS removed successfully. ========= for /d %f in (C:\Users\Rafal\AppData\Local\{*}) do rd /s /q "%f" ========= ========= End of CMD: ========= C:\Program Files\Google => Moved successfully. C:\Program Files (x86)\Docudesk => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Program Files (x86)\LuckyTab => Moved successfully. C:\Program Files (x86)\SlySoft => Moved successfully. C:\Program Files (x86)\UltraISO => Moved successfully. C:\Program Files (x86)\YourFileDownloaderUpdater => Moved successfully. C:\Program Files (x86)\Common Files\wruninstall.exe => Moved successfully. C:\ProgramData\*.bdinstall.bin => Moved successfully. C:\ProgramData\544020358666808469 => Moved successfully. C:\ProgramData\abnneabpmphhnjmdlgodooopbkldcmei => Moved successfully. C:\ProgramData\aojhllnpehhehgenedomgkjlefgnncpl => Moved successfully. C:\ProgramData\hnkmfkpngchicohnlimigjbcnoegahem => Moved successfully. C:\ProgramData\ibpomfegbjningepadaocdekniojcabf => Moved successfully. C:\ProgramData\iiepccdcclekcmlellfgifonbihejkfg => Moved successfully. C:\ProgramData\pllefemhbjgajpjkcdbfojijllfpajec => Moved successfully. C:\ProgramData\F-Secure => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\Rafal\AppData\Local\{*} => Moved successfully. C:\Users\Rafal\AppData\Local\setup.exe => Moved successfully. C:\Users\Rafal\AppData\Local\Google => Moved successfully. C:\Users\Rafal\AppData\Local\hitsblender => Moved successfully. C:\Users\Rafal\AppData\Roaming\_ => Moved successfully. C:\Users\Rafal\AppData\Roaming\WindApp.boostrap.log => Moved successfully. C:\Users\Rafal\AppData\Roaming\BITS => Moved successfully. C:\Users\Rafal\AppData\Roaming\CSOdessa => Moved successfully. C:\Users\Rafal\AppData\Roaming\DAEMON Tools Lite => Moved successfully. C:\Users\Rafal\AppData\Roaming\DAEMON Tools Pro => Moved successfully. C:\Users\Rafal\AppData\Roaming\DownloadManager => Moved successfully. C:\Users\Rafal\AppData\Roaming\FlashGet => Moved successfully. C:\Users\Rafal\AppData\Roaming\Foxit => Moved successfully. C:\Users\Rafal\AppData\Roaming\Google => Moved successfully. C:\Users\Rafal\AppData\Roaming\Leadertech => Moved successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab => Moved successfully. C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully. C:\Users\Rafal\AppData\Roaming\newnext.me => Moved successfully. C:\Users\Rafal\AppData\Roaming\Nosibay => Moved successfully. C:\Users\Rafal\AppData\Roaming\OpenFM => Moved successfully. C:\Users\Rafal\AppData\Roaming\Rovio => Moved successfully. C:\Users\Rafal\AppData\Roaming\SoftDMA => Moved successfully. C:\Users\Rafal\AppData\Roaming\Speedial => Moved successfully. C:\Users\Rafal\AppData\Roaming\TeamViewer => Moved successfully. C:\Users\Rafal\AppData\Roaming\Temp => Moved successfully. C:\Users\Rafal\AppData\Roaming\ttales => Moved successfully. C:\Users\Rafal\AppData\Roaming\TuneUp Software => Moved successfully. C:\Users\Rafal\AppData\Roaming\Uniblue => Moved successfully. C:\Users\Default\AppData\Roaming\TuneUp Software => Moved successfully. C:\Windows\SysWow64\Drivers\StarOpen.sys => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= Rwg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f => Error: No automatic fix found for this entry. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-19\Software\Classes /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-20\Software\Classes /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs blank REG_SZ res://mshtml.dll/blank.htm NoAdd-onsInfo REG_SZ res://ieframe.dll/noaddoninfo.htm InPrivate REG_SZ res://ieframe.dll/inprivate_win7.htm NavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NoAdd-ons REG_SZ res://ieframe.dll/noaddon.htm Home REG_DWORD 0x10e PostNotCached REG_SZ res://ieframe.dll/repost.htm DesktopItemNavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NavigationCanceled REG_SZ res://ieframe.dll/navcancl.htm SecurityRisk REG_SZ res://ieframe.dll/securityatrisk.htm ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs blank REG_SZ res://mshtml.dll/blank.htm NoAdd-onsInfo REG_SZ res://ieframe.dll/noaddoninfo.htm InPrivate REG_SZ res://ieframe.dll/inprivate_win7.htm NavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NoAdd-ons REG_SZ res://ieframe.dll/noaddon.htm Home REG_DWORD 0x10e PostNotCached REG_SZ res://ieframe.dll/repost.htm DesktopItemNavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NavigationCanceled REG_SZ res://ieframe.dll/navcancl.htm SecurityRisk REG_SZ res://ieframe.dll/securityatrisk.htm Tabs REG_SZ res://ieframe.dll/tabswelcome.htm ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C to Acer Numer seryjny woluminu: B839-EB7C Katalog: C:\Program Files 2014-12-14 15:55 . 2014-12-14 15:55 .. 2014-08-22 20:32 360 2012-05-26 17:57 7-Zip 2013-03-09 10:50 Acer 2014-12-12 16:58 CCleaner 2014-06-11 16:48 Common Files 2009-07-14 05:54 174 desktop.ini 2011-11-14 14:08 DIFX 2011-02-23 19:33 DVD Maker 2014-12-09 22:06 Internet Explorer 2014-11-21 22:31 KMSpico 2009-12-31 22:29 Logitech 2009-11-10 01:21 LSI SoftModem 2012-12-15 20:34 Microsoft Analysis Services 2009-07-14 08:45 Microsoft Games 2014-11-20 17:07 Microsoft Office 2014-12-13 16:22 Microsoft Silverlight 2014-11-20 17:08 Microsoft SQL Server 2012-12-15 20:36 Microsoft SQL Server Compact Edition 2012-12-15 20:37 Microsoft Synchronization Services 2014-11-21 00:19 Microsoft.NET 2009-07-14 06:32 MSBuild 2014-11-19 21:23 NVIDIA Corporation 2009-11-17 08:25 Realtek 2009-07-14 06:32 Reference Assemblies 2011-12-30 23:08 SAMSUNG 2009-11-17 08:28 Synaptics 2009-07-14 06:09 Uninstall Information 2011-11-14 14:08 WDCSAM 2013-07-10 10:03 Windows Defender 2012-04-18 20:24 Windows Live 2011-02-23 19:33 Windows Mail 2013-12-15 00:44 Windows Media Player 2009-07-14 06:32 Windows NT 2011-02-23 19:33 Windows Photo Viewer 2011-02-23 19:33 Windows Portable Devices 2014-07-23 18:38 Windows Sidebar 2011-03-22 14:11 WinRAR 1 plik(¢w) 174 bajt¢w 38 katalog(¢w) 16ÿ658ÿ853ÿ888 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C to Acer Numer seryjny woluminu: B839-EB7C Katalog: C:\Program Files (x86) 2014-12-14 15:55 . 2014-12-14 15:55 .. 2013-03-09 10:50 Acer 2011-06-12 18:57 Acer Arcade Deluxe 2011-05-22 18:32 Acer GameZone 2009-11-10 01:52 Acer Inc 2014-02-19 11:47 Adobe 2014-11-19 21:23 AGEIA Technologies 2010-11-18 22:16 Audacity 2014-10-31 22:01 Brother 2011-01-13 00:42 Chicken Invaders 4 - Ultimate Omelette 2010-02-19 19:25 ChickenInvadersROTYXmas 2014-12-14 15:55 Common Files 2014-04-28 11:07 CS Odessa 2009-07-14 05:54 174 desktop.ini 2014-05-29 10:50 DVDVideoSoft 2009-11-10 01:39 EgisTec 2009-11-10 01:39 EgisTec Egis Software Update 2010-07-07 22:48 FlashGet Network 2014-08-15 15:02 globalUpdate 2011-12-30 01:08 HD Tune 2011-05-07 20:56 Help 2014-12-13 15:56 InstallShield Installation Information 2009-11-10 01:15 Intel 2014-12-09 22:06 Internet Explorer 2011-03-13 20:00 IrfanView 2014-07-21 10:47 Java 2014-11-08 12:03 K-Lite Codec Pack 2013-12-26 15:52 LEGO MARVEL Super Heroes 2010-07-16 21:38 Logitech 2013-11-02 22:27 LucasArts 2012-12-13 20:45 Microsoft Analysis Services 2014-11-27 12:13 Microsoft ASP.NET 2010-01-01 02:30 Microsoft CAPICOM 2.1.0.2 2014-11-20 17:00 Microsoft Office 2014-12-13 16:22 Microsoft Silverlight 2014-11-20 17:08 Microsoft SQL Server 2012-12-13 20:59 Microsoft SQL Server Compact Edition 2012-12-13 20:59 Microsoft Sync Framework 2012-12-13 20:59 Microsoft Synchronization Services 2012-12-13 21:04 Microsoft Visual Studio 8 2010-10-08 21:13 Microsoft Works 2014-11-21 00:19 Microsoft.NET 2014-11-27 13:17 MoorHunt 2014-12-14 15:55 Mozilla Firefox 2014-11-20 17:05 MSBuild 2014-07-05 11:45 MSECache 2014-11-05 22:39 NAPI-PROJEKT 2014-08-15 14:47 NewPlayer 2009-11-10 01:48 NewTech Infosystems 2014-08-03 20:05 Nokia 2009-11-10 01:14 Nuvoton Technology Corporation 2014-11-19 21:23 NVIDIA Corporation 2012-06-12 20:26 Oracle 2011-09-19 13:48 PC Connectivity Solution 2014-12-11 18:35 PDFBinder 2009-11-17 08:25 Realtek 2009-07-14 06:32 Reference Assemblies 2014-08-05 10:17 Samsung 2014-06-02 12:50 screenSHU 2014-11-11 19:17 Skype 2009-11-17 08:25 Temp 2014-04-14 01:42 The LEGO Movie - Videogame 2009-07-14 05:57 Uninstall Information 2011-03-20 20:55 UnRar for Windows 2013-02-12 20:26 Warner Bros. Interactive Entertainment 2013-07-10 10:03 Windows Defender 2012-04-18 20:24 Windows Live 2011-02-23 19:33 Windows Mail 2013-12-15 00:44 Windows Media Player 2009-07-14 06:32 Windows NT 2011-02-23 19:33 Windows Photo Viewer 2011-02-23 19:33 Windows Portable Devices 2014-07-23 18:39 Windows Sidebar 2011-03-20 20:55 WinRAR 1 plik(¢w) 174 bajt¢w 74 katalog(¢w) 16ÿ658ÿ849ÿ792 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C to Acer Numer seryjny woluminu: B839-EB7C Katalog: C:\Program Files\Common Files 2014-06-11 16:48 . 2014-06-11 16:48 .. 2014-03-14 14:43 Bitdefender 2014-11-20 17:09 DESIGNER 2014-06-23 20:34 logishrd 2014-11-21 00:19 Microsoft Shared 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2014-11-21 00:24 System 0 plik(¢w) 0 bajt¢w 9 katalog(¢w) 16ÿ658ÿ849ÿ792 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Wolumin w stacji C to Acer Numer seryjny woluminu: B839-EB7C Katalog: C:\Program Files (x86)\Common Files 2014-12-14 15:55 . 2014-12-14 15:55 .. 2009-02-10 21:23 192ÿ484 Acer GameZone online.ico 2014-02-19 11:47 Adobe 2009-11-10 01:48 Adobe AIR 2014-08-23 09:27 Config 2012-12-13 20:59 DESIGNER 2014-05-29 10:49 DVDVideoSoft 2009-11-10 01:39 EgisTec 2011-03-13 16:43 InstallShield 2014-10-19 20:52 Java 2013-07-26 13:28 LogiShrd 2010-07-16 21:38 LWS 2012-11-10 17:08 Macrovision Shared 2014-11-20 17:00 microsoft shared 2014-08-03 20:05 Nokia 2009-11-10 01:22 Oberon Media 2014-08-03 20:05 PCSuite 2012-03-11 12:23 Protexis 2014-01-25 18:05 PX Storage Engine 2009-07-14 04:20 Services 2014-09-06 14:23 Skype 2009-07-14 04:20 SpeechEngines 2012-12-15 18:27 System 2009-12-31 18:57 Windows Live 1 plik(¢w) 192ÿ484 bajt¢w 24 katalog(¢w) 16ÿ658ÿ849ÿ792 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C to Acer Numer seryjny woluminu: B839-EB7C Katalog: C:\ProgramData 2014-12-14 15:55 . 2014-12-14 15:55 .. 2014-09-24 19:47 41 .zreglib 2014-12-12 23:31 360SD 2014-02-19 11:47 Adobe 2009-07-14 06:08 Application Data [C:\ProgramData] 2014-03-18 19:00 ApPure 2010-02-14 23:49 Arcade Lab 2009-11-17 08:37 7ÿ920 ArcadeDeluxe3.log 2014-04-12 18:57 Backup 2009-11-10 01:49 BackupManager 2014-02-12 21:35 BDLogging 2014-03-14 14:43 Bitdefender 2009-12-31 19:37 Brother 2014-07-11 10:28 Common Files 2010-01-06 11:59 CyberLink 2010-02-20 19:33 DAEMON Tools Lite 2010-02-20 19:29 DAEMON Tools Pro 2009-07-14 06:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 06:08 Documents [C:\Users\Public\Documents] 2009-11-10 01:51 EgisTec 2009-11-10 01:49 eSobi 2009-12-31 22:13 56 ezsidmv.dat 2010-02-14 23:45 FarmFrenzy2 2009-07-14 06:08 Favorites [C:\Users\Public\Favorites] 2009-07-18 03:57 36ÿ136 FullRemove.exe 2014-12-14 15:47 Google 2014-08-03 20:05 Installations 2014-03-18 19:00 InstallMate 2011-12-27 15:25 InterAction studios 2014-08-05 10:47 0 LauncherAccess.dt 2010-01-02 16:46 LogiShrd 2010-07-16 21:38 Logitech 2013-11-02 14:52 Logs 2010-02-03 11:41 Make A Voozie 2009-12-31 18:54 McQcModifier-5c47-a7b0 2011-04-22 21:50 Media Get LLC 2014-12-09 22:06 Microsoft 2014-12-09 21:58 Microsoft Help 2014-12-13 22:29 MoorHunt 2012-05-14 19:20 Mozilla 2011-09-19 13:46 NokiaInstallerCache 2010-09-15 15:31 NtiDvdCopy 2014-01-13 00:14 262ÿ144 ntuser.dat 2014-02-12 21:16 5ÿ120 ntuser.dat.LOG1 2014-01-13 00:14 0 ntuser.dat.LOG2 2014-01-13 00:14 65ÿ536 ntuser.dat{078dee40-7b62-11e3-9df1-97504cd9acb4}.TM.blf 2014-01-13 00:14 524ÿ288 ntuser.dat{078dee40-7b62-11e3-9df1-97504cd9acb4}.TMContainer00000000000000000001.regtrans-ms 2014-01-13 00:14 524ÿ288 ntuser.dat{078dee40-7b62-11e3-9df1-97504cd9acb4}.TMContainer00000000000000000002.regtrans-ms 2014-01-13 00:17 65ÿ536 ntuser.dat{078dee51-7b62-11e3-9df1-97504cd9acb4}.TM.blf 2014-01-13 00:17 524ÿ288 ntuser.dat{078dee51-7b62-11e3-9df1-97504cd9acb4}.TMContainer00000000000000000001.regtrans-ms 2014-01-13 00:17 524ÿ288 ntuser.dat{078dee51-7b62-11e3-9df1-97504cd9acb4}.TMContainer00000000000000000002.regtrans-ms 2014-12-13 16:04 NVIDIA 2014-11-26 14:35 NVIDIA Corporation 2009-12-31 18:49 OEM 2011-05-08 21:10 OpenFM 2014-10-19 20:52 Oracle 2011-12-06 09:21 PC Suite 2010-02-15 00:02 PlayFirst 2011-06-12 18:49 91 PS.log 2014-11-20 23:01 regid.1991-06.com.microsoft 2012-10-29 21:23 Samsung 2009-11-10 01:43 SiteAdvisor 2014-11-11 19:17 Skype 2013-01-24 15:06 Skype Extras 2009-07-14 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-03-03 11:55 Steam 2010-04-02 20:33 Sun 2009-07-14 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-04-16 13:05 VS Revo Group 2014-07-11 11:25 {01BD4FC9-2F86-4706-A62E-774BB7E9D308} 15 plik(¢w) 2ÿ539ÿ732 bajt¢w 56 katalog(¢w) 16ÿ658ÿ845ÿ696 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\user\AppData\Local ========= System nie mo¾e odnale«† okre˜lonej ˜cie¾ki. ========= End of CMD: ========= ========= dir /a C:\Users\user\AppData\LocalLow ========= System nie mo¾e odnale«† okre˜lonej ˜cie¾ki. ========= End of CMD: ========= ========= dir /a C:\Users\user\AppData\Roaming ========= System nie mo¾e odnale«† okre˜lonej ˜cie¾ki. ========= End of CMD: ========= EmptyTemp: => Removed 508.6 MB temporary data. The system needed a reboot. ==== End of Fixlog ====