Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015 Ran by Karol (2015-12-10 17:06:19) Run:1 Running from D:\Programy\FRST Loaded Profiles: Karol & UpdatusUser (Available Profiles: Karol & UpdatusUser) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\eWdMe\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [File not signed] ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition Director's Cut [GOG.com]\The Witcher Enhanced Edition Director's Cut.lnk -> D:\Gry\The Witcher Enhanced Edition Director's Cut\launcher.exe (CD Projekt Red) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\The Witcher 2 - Assassins of Kings Enhanced Edition\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk -> D:\Gry\The Witcher 2 Enhanced Edition\Launcher.exe (CD Projekt RED) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher\Duel of Champions Launcher.lnk -> D:\Gry\Duel of Champions\Launcher.exe (Ubisoft) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Karol\Desktop\Launch The Witcher Enhanced Edition Director's Cut.lnk -> D:\Gry\The Witcher Enhanced Edition Director's Cut\launcher.exe (CD Projekt Red) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Public\Desktop\Duel of Champions Launcher.lnk -> D:\Gry\Duel of Champions\Launcher.exe (Ubisoft) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B ShortcutWithArgument: C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk -> D:\Gry\The Witcher 2 Enhanced Edition\Launcher.exe (CD Projekt RED) -> hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} HKU\S-1-5-21-2774745869-3052220403-4266378736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B HKU\S-1-5-21-2774745869-3052220403-4266378736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B SearchScopes: HKU\S-1-5-21-2774745869-3052220403-4266378736-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} SearchScopes: HKU\S-1-5-21-2774745869-3052220403-4266378736-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B" CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449667856&z=79be82e91a60ba47b425c43g1z8z2tcqbq8m9b9waq&from=ient07021&uid=KINGSTONXSV300S37A120G_50026B773B04AA1B&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07] CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07] FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\dzd0bzkw.default\extensions\sidebarff@gmail.com Task: {29D3E6EF-18B8-4F07-8499-96A8445FCF87} - System32\Tasks\{84B0CEE2-5532-4738-AE82-087E5C433953} => Firefox.exe hxxp://ui skype.com/ui/0/7.8.80.102/pl/abandoninstall?page=tsProgressBar Task: {2BD4E0E5-42D7-4432-9651-1D425BF51C1E} - System32\Tasks\{9C8C2E9A-B2C0-4B6D-BC47-AE0993DB2F8B} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.80.102/pl/abandoninstall?page=tsProgressBar Task: {91981038-F753-4060-82F5-586B08BD34B3} - System32\Tasks\{E74C9ED1-1527-4B40-AE6C-43043BFAC0AA} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pl/abandoninstall?page=tsProgressBar Task: {B638EFC5-26C7-4148-A769-F57B06A2D421} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {D99AA887-51DC-4D1B-900B-3591BDC15EC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] C:\Program Files (x86)\Lenovo C:\Program Files (x86)\Picexa C:\Program Files (x86)\SFK C:\ProgramData\BWMiniProB C:\ProgramData\eWdMe C:\ProgramData\HWdMH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III C:\ProgramData\Microsoft\Windows\Start Menu\Programs\drollbox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fizzy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!\osu! updater.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat C:\Users\Karol\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 C:\Users\Karol\AppData\Local\Lenovo C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft C:\Users\Karol\AppData\Roaming\Mozilla\plugins C:\Windows\System32\Tasks\Lenovo C:\Windows\SysWOW64\pl.html CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. WdMan => service removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition Director's Cut [GOG.com]\The Witcher Enhanced Edition Director's Cut.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\The Witcher 2 - Assassins of Kings Enhanced Edition\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher\Duel of Champions Launcher.lnk => Shortcut argument removed successfully. C:\Users\Karol\Desktop\Launch The Witcher Enhanced Edition Director's Cut.lnk => Shortcut argument removed successfully. C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully. C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Karol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Duel of Champions Launcher.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk => Shortcut argument removed successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-2774745869-3052220403-4266378736-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-2774745869-3052220403-4266378736-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-21-2774745869-3052220403-4266378736-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-2774745869-3052220403-4266378736-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. Chrome HomePage => removed successfully Chrome StartupUrls => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\jdiejbegdjikmehflknhkbieocmnogcf" => key removed successfully C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx => moved successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jdiejbegdjikmehflknhkbieocmnogcf" => key removed successfully "C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx" => not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sidebarff@gmail.com => value removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29D3E6EF-18B8-4F07-8499-96A8445FCF87}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D3E6EF-18B8-4F07-8499-96A8445FCF87}" => key removed successfully C:\Windows\System32\Tasks\{84B0CEE2-5532-4738-AE82-087E5C433953} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84B0CEE2-5532-4738-AE82-087E5C433953}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD4E0E5-42D7-4432-9651-1D425BF51C1E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD4E0E5-42D7-4432-9651-1D425BF51C1E}" => key removed successfully C:\Windows\System32\Tasks\{9C8C2E9A-B2C0-4B6D-BC47-AE0993DB2F8B} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C8C2E9A-B2C0-4B6D-BC47-AE0993DB2F8B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91981038-F753-4060-82F5-586B08BD34B3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91981038-F753-4060-82F5-586B08BD34B3}" => key removed successfully C:\Windows\System32\Tasks\{E74C9ED1-1527-4B40-AE6C-43043BFAC0AA} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E74C9ED1-1527-4B40-AE6C-43043BFAC0AA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B638EFC5-26C7-4148-A769-F57B06A2D421}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B638EFC5-26C7-4148-A769-F57B06A2D421}" => key removed successfully C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D99AA887-51DC-4D1B-900B-3591BDC15EC5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D99AA887-51DC-4D1B-900B-3591BDC15EC5}" => key removed successfully C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => key removed successfully HKLM\SOFTWARE\Wow6432Node\yoursites123Software => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => key removed successfully FairplayKD => service removed successfully C:\Program Files (x86)\Lenovo => moved successfully C:\Program Files (x86)\Picexa => moved successfully C:\Program Files (x86)\SFK => moved successfully C:\ProgramData\BWMiniProB => moved successfully C:\ProgramData\eWdMe => moved successfully C:\ProgramData\HWdMH => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\drollbox => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fizzy => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!\osu! updater.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4 => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat => moved successfully C:\Users\Karol\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => moved successfully C:\Users\Karol\AppData\Local\Lenovo => moved successfully C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk => moved successfully C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft => moved successfully "C:\Users\Karol\AppData\Roaming\Mozilla\plugins" => not found. C:\Windows\System32\Tasks\Lenovo => moved successfully C:\Windows\SysWOW64\pl.html => moved successfully ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => 121.1 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:06:33 ====