Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 Ran by Agata at 2014-09-21 16:06:37 Run:2 Running from C:\Users\Agata\Downloads\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bzsbkotiu.exe (Telerik) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File HKLM\...\Policies\Explorer: [NoControlPanel] 0 IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyServer: 121.168.120.78:80 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.com/?f=1&a=ast_ir_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0FyCzztA0CyDyBtAzz0BtN0D0Tzu0SzyyByEtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0F0B0B0CtCtDyCtG0D0C0DtAtGyE0Ezz0CtGyEzytB0DtGtC0FtB0DtC0EyCyE0FyDyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzyyBtCyCtCyCtBtGtDtA0BtCtGyEtA0D0EtG0BtCzz0BtG0C0A0AtCtByE0DtAzy0F0EtA2Q&cr=1344596677&ir= URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0FyCzztA0CyDyBtAzz0BtN0D0Tzu0SzyyByEtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0F0B0B0CtCtDyCtG0D0C0DtAtGyE0Ezz0CtGyEzytB0DtGtC0FtB0DtC0EyCyE0FyDyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzyyBtCyCtCyCtBtGtDtA0BtCtGyEtA0D0EtG0BtCzz0BtG0C0A0AtCtByE0DtAzy0F0EtA2Q&cr=1344596677&ir= SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0FyCzztA0CyDyBtAzz0BtN0D0Tzu0SzyyByEtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0F0B0B0CtCtDyCtG0D0C0DtAtGyE0Ezz0CtGyEzytB0DtGtC0FtB0DtC0EyCyE0FyDyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzyyBtCyCtCyCtBtGtDtA0BtCtGyEtA0D0EtG0BtCzz0BtG0C0A0AtCtByE0DtAzy0F0EtA2Q&cr=1344596677&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0FyCzztA0CyDyBtAzz0BtN0D0Tzu0SzyyByEtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0F0B0B0CtCtDyCtG0D0C0DtAtGyE0Ezz0CtGyEzytB0DtGtC0FtB0DtC0EyCyE0FyDyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzyyBtCyCtCyCtBtGtDtA0BtCtGyEtA0D0EtG0BtCzz0BtG0C0A0AtCtByE0DtAzy0F0EtA2Q&cr=1344596677&ir= BHO-x32: Media Buzz -> {12085f9f-1072-476f-a3e5-5e100ec9e25e} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8500\ie\MediaBuzzV1mode8500.dll () BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File CHR HKLM-x32\...\Chrome\Extension: [dfibfcnjcdaaklcgemfmmniabbifhdpo] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4446\ch\MediaViewV1alpha4446.crx [] CHR HKLM-x32\...\Chrome\Extension: [eijphncialmcafkfoodhbigpmaehfmjn] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8500\ch\MediaBuzzV1mode8500.crx [2014-04-24] CHR HKLM-x32\...\Chrome\Extension: [ejjlogcddenldakiifekecjmnjijnkaj] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release601\ch\RichMediaViewV1release601.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [hffkmmfnlgnhdnkfbnhpaabfppdihjcj] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha394\ch\WebexpEnhancedV1alpha394.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividi.crx [2014-05-13] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] CMD: type C:\Windows\System32\Tasks\{6FA58829-370C-4835-AE42-7EF7F8B5D3E1} Task: {027F70DE-8B5A-4B5A-AAC5-BD060467D970} - System32\Tasks\{6E1E2A2A-3B1C-4882-9D5C-BE91949650FF} => D:\gry\wiedzmin\launcher.exe Task: {3FC407CD-3E16-4657-9E9F-95CD5F9CFFF9} - \AmiUpdXp No Task File <==== ATTENTION Task: {666A140D-445E-431A-98A9-051D39E983D8} - System32\Tasks\{E9C2C747-3D10-4E32-B9B6-F62B5FAA0F03} => D:\gry\wiedzmin\launcher.exe Task: {7571D4AD-82D8-460E-91DB-732182BE538D} - System32\Tasks\{6FA58829-370C-4835-AE42-7EF7F8B5D3E1} => C:\Users\Agata\Downloads\dotNetFx35setup.exe [2013-06-07] (Microsoft Corporation) Task: {A9F7431B-73AF-474F-8FA2-D1F3BC470721} - System32\Tasks\{AE34A7C2-CE35-4799-9AD6-94D872AA7E28} => D:\gry\wiedzmin\launcher.exe Task: {D11ACB82-201F-46A4-A2C3-B39D81B129F8} - System32\Tasks\{F1CFC716-57E5-4CDD-ACC8-07A2477C53E9} => D:\gry\wiedzmin\launcher.exe Task: {D58E3CC5-B452-49B5-A890-EF0CD103B6E9} - System32\Tasks\{F9AD3FBD-052A-4E06-B03C-674F16573B2D} => D:\gry\wiedzmin\launcher.exe Task: {E8545700-BABD-4AA7-9485-B51D0D98EC6F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\MediaBuzzV1 C:\Program Files (x86)\Nosibay C:\Program Files (x86)\RichMediaViewV1 C:\Program Files (x86)\WebexpEnhancedV1 C:\Program Files (x86)\Unitech LLC C:\ProgramData\AVAST Software C:\ProgramData\Temp C:\Users\Agata\AppData\Roaming\sp_data.sys C:\Users\Agata\AppData\Roaming\Mozilla C:\Users\Agata\AppData\Roaming\nvidiadisp C:\Users\Agata\AppData\Roaming\OpenCandy C:\Users\Agata\Downloads\9f2c91e72c.ccf C:\Users\Agata\Downloads\9f2c91e72c.rsdf C:\Users\Agata\Downloads\Unconfirmed*.crdownload C:\Windows\pss\MyPC Backup.lnk.Startup C:\Windows\system32\Drivers\aswTap.sys Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Agata^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GetPrivate" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtection" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DA97A20-88A8-03BB-29D5-3D0E10175C9C}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg delete "HKU\S-1-5-21-1368506913-565370030-2556156532-1001\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Folder: C:\Users\Agata\AppData\Roaming\Opera Software\Opera Stable\Extensions CMD: type "C:\Users\Agata\AppData\Roaming\Opera Software\Opera Stable\Preferences" Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s EmptyTemp: ***************** Processes closed successfully. C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bzsbkotiu.exe => Moved successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12085f9f-1072-476f-a3e5-5e100ec9e25e}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{12085f9f-1072-476f-a3e5-5e100ec9e25e}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dfibfcnjcdaaklcgemfmmniabbifhdpo" => Key deleted successfully. "C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4446\ch\MediaViewV1alpha4446.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eijphncialmcafkfoodhbigpmaehfmjn" => Key deleted successfully. C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8500\ch\MediaBuzzV1mode8500.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejjlogcddenldakiifekecjmnjijnkaj" => Key deleted successfully. C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release601\ch\RichMediaViewV1release601.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hffkmmfnlgnhdnkfbnhpaabfppdihjcj" => Key deleted successfully. "C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha394\ch\WebexpEnhancedV1alpha394.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp" => Key deleted successfully. "C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef" => Key deleted successfully. "C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividi.crx" => File/Directory not found. cpuz135 => Service deleted successfully. EagleX64 => Service deleted successfully. ========= type C:\Windows\System32\Tasks\{6FA58829-370C-4835-AE42-7EF7F8B5D3E1} ========= true IgnoreNew false true true false false PT10M PT1H true false true true false false false PT72H 7 C:\Users\Agata\Downloads\dotNetFx35setup.exe Agata-PC\Agata InteractiveToken LeastPrivilege ========= End of CMD: ========= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{027F70DE-8B5A-4B5A-AAC5-BD060467D970}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{027F70DE-8B5A-4B5A-AAC5-BD060467D970}" => Key deleted successfully. C:\Windows\System32\Tasks\{6E1E2A2A-3B1C-4882-9D5C-BE91949650FF} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6E1E2A2A-3B1C-4882-9D5C-BE91949650FF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FC407CD-3E16-4657-9E9F-95CD5F9CFFF9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FC407CD-3E16-4657-9E9F-95CD5F9CFFF9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{666A140D-445E-431A-98A9-051D39E983D8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{666A140D-445E-431A-98A9-051D39E983D8}" => Key deleted successfully. C:\Windows\System32\Tasks\{E9C2C747-3D10-4E32-B9B6-F62B5FAA0F03} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9C2C747-3D10-4E32-B9B6-F62B5FAA0F03}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7571D4AD-82D8-460E-91DB-732182BE538D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7571D4AD-82D8-460E-91DB-732182BE538D}" => Key deleted successfully. C:\Windows\System32\Tasks\{6FA58829-370C-4835-AE42-7EF7F8B5D3E1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FA58829-370C-4835-AE42-7EF7F8B5D3E1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9F7431B-73AF-474F-8FA2-D1F3BC470721}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9F7431B-73AF-474F-8FA2-D1F3BC470721}" => Key deleted successfully. C:\Windows\System32\Tasks\{AE34A7C2-CE35-4799-9AD6-94D872AA7E28} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE34A7C2-CE35-4799-9AD6-94D872AA7E28}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11ACB82-201F-46A4-A2C3-B39D81B129F8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11ACB82-201F-46A4-A2C3-B39D81B129F8}" => Key deleted successfully. C:\Windows\System32\Tasks\{F1CFC716-57E5-4CDD-ACC8-07A2477C53E9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1CFC716-57E5-4CDD-ACC8-07A2477C53E9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D58E3CC5-B452-49B5-A890-EF0CD103B6E9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D58E3CC5-B452-49B5-A890-EF0CD103B6E9}" => Key deleted successfully. C:\Windows\System32\Tasks\{F9AD3FBD-052A-4E06-B03C-674F16573B2D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9AD3FBD-052A-4E06-B03C-674F16573B2D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8545700-BABD-4AA7-9485-B51D0D98EC6F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8545700-BABD-4AA7-9485-B51D0D98EC6F}" => Key deleted successfully. C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Program Files (x86)\MediaBuzzV1 => Moved successfully. "C:\Program Files (x86)\Nosibay" => File/Directory not found. C:\Program Files (x86)\RichMediaViewV1 => Moved successfully. "C:\Program Files (x86)\WebexpEnhancedV1" => File/Directory not found. "C:\Program Files (x86)\Unitech LLC" => File/Directory not found. C:\ProgramData\AVAST Software => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\Users\Agata\AppData\Roaming\sp_data.sys => Moved successfully. C:\Users\Agata\AppData\Roaming\Mozilla => Moved successfully. C:\Users\Agata\AppData\Roaming\nvidiadisp => Moved successfully. C:\Users\Agata\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\Agata\Downloads\9f2c91e72c.ccf => Moved successfully. C:\Users\Agata\Downloads\9f2c91e72c.rsdf => Moved successfully. C:\Users\Agata\Downloads\Unconfirmed*.crdownload => Moved successfully. C:\Windows\pss\MyPC Backup.lnk.Startup => Moved successfully. C:\Windows\system32\Drivers\aswTap.sys => Moved successfully. ========= reg delete HKCU\Software\Mozilla /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Agata^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GetPrivate" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtection" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DA97A20-88A8-03BB-29D5-3D0E10175C9C}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1368506913-565370030-2556156532-1001\Software\Microsoft\Internet Explorer\Search" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========================= Folder: C:\Users\Agata\AppData\Roaming\Opera Software\Opera Stable\Extensions ======================== Directory Not Found ========= type "C:\Users\Agata\AppData\Roaming\Opera Software\Opera Stable\Preferences" ========= ========= End of CMD: ========= ========= reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command (Default) REG_SZ "C:\Program Files (x86)\Opera\Launcher.exe" ========= End of Reg: ========= EmptyTemp: => Removed 9.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====