Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015 Ran by win7 at 2015-01-28 17:56:26 Run:1 Running from C:\Users\win7\Downloads Loaded Profiles: win7 (Available profiles: win7) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-25] (SysTool PasSame LIMITED) [File not signed] S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] Task: {1ADF0A09-1B0C-4C8C-BB96-DFECE1D35489} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25] (globalUpdate) <==== ATTENTION Task: {250A0613-3670-4117-9016-40C3402D1ECB} - System32\Tasks\{75882F08-92C7-4CDF-B4BB-F3684C95289D} => pcalua.exe -a C:\Users\win7\AppData\Local\Temp\Temp1_ga1031_pcl6_v249_Vista_64bit_pl.zip\2K&XP&Vista_64bit\Disk1\setup.exe Task: {52F30E3D-DA04-469E-9DC4-E6460020F8F9} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25] (globalUpdate) <==== ATTENTION Task: {73B97580-A808-4773-AEFC-B878C360DC05} - System32\Tasks\{C47902CD-2327-4E71-B422-E4661ED5E86D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -c -runfromtemp -l0x415 -removeonly Task: {8DF9F217-440B-4021-88B4-761929EA0796} - System32\Tasks\IEBUZ => C:\Users\win7\AppData\Roaming\IEBUZ.exe [2015-01-25] (joep) <==== ATTENTION Task: {DCAF96F9-5A59-4E4B-B66D-E485DBD3D724} - System32\Tasks\KVKOP => C:\Users\win7\AppData\Roaming\KVKOP.exe [2015-01-25] (joep) <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\IEBUZ.job => C:\Users\win7\AppData\Roaming\IEBUZ.exe <==== ATTENTION Task: C:\Windows\Tasks\KVKOP.job => C:\Users\win7\AppData\Roaming\KVKOP.exe <==== ATTENTION IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as HKLM\...\Run: [BCSSync] => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AQQUpdate.lnk ShortcutWithArgument: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 ShortcutWithArgument: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 ShortcutWithArgument: C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 ShortcutWithArgument: C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\XTab C:\ProgramData\IHProtectUpDate C:\ProgramData\Mozilla C:\ProgramData\WindowsMangerProtect C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims C:\Users\win7\AppData\Local\globalUpdate C:\Users\win7\AppData\Local\Mozilla C:\Users\win7\AppData\Roaming\Mozilla C:\Users\win7\AppData\Roaming\IEBUZ C:\Users\win7\AppData\Roaming\IEBUZ.exe C:\Users\win7\AppData\Roaming\KVKOP C:\Users\win7\AppData\Roaming\KVKOP.exe C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat C:\Users\win7\Downloads\FLVPlayer-FF.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. globalUpdate => Service not found. globalUpdatem => Service not found. IHProtect Service => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. ose64 => Service deleted successfully. RtsUIR => Service deleted successfully. USBCCID => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ADF0A09-1B0C-4C8C-BB96-DFECE1D35489} => Key not found. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{250A0613-3670-4117-9016-40C3402D1ECB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{250A0613-3670-4117-9016-40C3402D1ECB}" => Key deleted successfully. C:\Windows\System32\Tasks\{75882F08-92C7-4CDF-B4BB-F3684C95289D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75882F08-92C7-4CDF-B4BB-F3684C95289D}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F30E3D-DA04-469E-9DC4-E6460020F8F9} => Key not found. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73B97580-A808-4773-AEFC-B878C360DC05}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B97580-A808-4773-AEFC-B878C360DC05}" => Key deleted successfully. C:\Windows\System32\Tasks\{C47902CD-2327-4E71-B422-E4661ED5E86D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C47902CD-2327-4E71-B422-E4661ED5E86D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DF9F217-440B-4021-88B4-761929EA0796}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF9F217-440B-4021-88B4-761929EA0796}" => Key deleted successfully. C:\Windows\System32\Tasks\IEBUZ => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEBUZ" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCAF96F9-5A59-4E4B-B66D-E485DBD3D724}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCAF96F9-5A59-4E4B-B66D-E485DBD3D724}" => Key deleted successfully. C:\Windows\System32\Tasks\KVKOP => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KVKOP" => Key deleted successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found. C:\Windows\Tasks\IEBUZ.job => Moved successfully. C:\Windows\Tasks\KVKOP.job => Moved successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedUpMyComputer => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully. C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AQQUpdate.lnk => Moved successfully. C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully. C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. "HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. "HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully. HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found. "HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully. HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService" => Key deleted successfully. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. C:\ProgramData\IHProtectUpDate => Moved successfully. C:\ProgramData\Mozilla => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims => Moved successfully. C:\Users\win7\AppData\Local\globalUpdate => Moved successfully. C:\Users\win7\AppData\Local\Mozilla => Moved successfully. C:\Users\win7\AppData\Roaming\Mozilla => Moved successfully. C:\Users\win7\AppData\Roaming\IEBUZ => Moved successfully. C:\Users\win7\AppData\Roaming\IEBUZ.exe => Moved successfully. C:\Users\win7\AppData\Roaming\KVKOP => Moved successfully. C:\Users\win7\AppData\Roaming\KVKOP.exe => Moved successfully. C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat => Moved successfully. C:\Users\win7\Downloads\FLVPlayer-FF.exe => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 9 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:04:08 ====