Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2014 Ran by Grzesiek at 2014-09-05 19:27:56 Run:1 Running from C:\Users\Grzesiek\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Program Files\SmarterPower\bin\utilSmarterPower.exe () C:\Program Files\SmarterPower\bin\SmarterPower.PurBrowse.exe () C:\Program Files\SmarterPower\bin\SmarterPower.BrowserAdapter.exe () C:\Program Files\SmarterPower\updateSmarterPower.exe R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-07-31] (Cherished Technololgy LIMITED) [File not signed] R2 Update SmarterPower; C:\Program Files\SmarterPower\updateSmarterPower.exe [323320 2014-09-05] () R2 Util SmarterPower; C:\Program Files\SmarterPower\bin\utilSmarterPower.exe [323320 2014-09-05] () R1 {5eeb83d0-96ea-4249-942c-beead6847053}Gw; C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw.sys [52376 2014-09-04] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-09] (StdLib) S3 dump_wmimmc; \??\G:\Yulgang2EN\GameGuard\dump_wmimmc.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] HKU\S-1-5-21-3397978267-1128441615-3336433578-1000\...\Run: [MarbleStation] => [X] HKU\S-1-5-21-3397978267-1128441615-3336433578-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Grzesiek\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.istartsurf.com/?type=hp&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - DefaultScope {C33946FC-C759-4842-BAC0-1A899E00F368} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKCU - {C33946FC-C759-4842-BAC0-1A899E00F368} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 ShortcutWithArgument: C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Users\Grzesiek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1406818087&from=smt&uid=SAMSUNGXSP1654N_S0GEJ10L317166 BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File BHO: SmarterPower -> {bd7c9b62-a7d9-4405-be51-7fd633f08791} -> C:\Program Files\SmarterPower\SmarterPowerbho.dll (SmarterPower FF Plugin: @live.heroesandgenerals.com/npretox -> H:\Heroes & Generals\live\npretoxlive.dll No File CustomCLSID: HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Grzesiek\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Grzesiek\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Grzesiek\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Grzesiek\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Grzesiek\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Grzesiek\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File Task: {0621EA11-9665-423A-80C0-D95C41B813B3} - System32\Tasks\{A9D937AE-6F22-4F9F-A5E5-87DE11242E05} => L:\689342\DCIM.exe Task: {13EBF5B7-10F2-4084-B6A7-74479B8EFACC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{D24FF821-C4BF-4218-B2A6-834E7B325B29}.exe Task: {2640E843-E05A-4EAC-95E2-5F518359F9AC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{C2447809-C5D6-4A21-97FD-D20C6BB7CEC0}.exe Task: {527FFEBF-BB2B-45A7-9434-4ACAA1ED29E8} - System32\Tasks\{86D8205B-23CE-4BF6-A315-426454F36707} => L:\689342\DCIM.exe Task: {5EA62580-125B-4361-9571-A931CC3FA4AC} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION Task: {6B5CF4E8-6E0C-4BA4-A47C-F00168BF2460} - System32\Tasks\{CD014EE2-7A27-4E7B-AF40-FEFC21C0415B} => L:\689342\DCIM.exe Task: {C5CC002E-9A57-4EB4-86B6-C5A37B97FA2E} - System32\Tasks\{97D03FDC-6234-4D7D-BA25-F24C6AFF6901} => L:\689342\DCIM.exe Task: {DF00FF46-F939-49D1-86C5-493B278C259D} - System32\Tasks\{95DFA4C8-A8A4-444A-AFE6-FFDCF419CC36} => L:\689342\DCIM.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{D24FF821-C4BF-4218-B2A6-834E7B325B29}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{C2447809-C5D6-4A21-97FD-D20C6BB7CEC0}.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" C:\Program Files\Mozilla Firefox C:\Program Files\SupTab C:\ProgramData\TEMP C:\ProgramData\whoislive C:\Users\Grzesiek\AppData\Local\Temp*.html C:\Users\Grzesiek\AppData\Roaming\Mozilla C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw.sys C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys RemoveDirectory: C:\Autorun.inf RemoveDirectory: D:\Autorun.inf RemoveDirectory: E:\Autorun.inf RemoveDirectory: F:\Autorun.inf RemoveDirectory: G:\Autorun.inf RemoveDirectory: H:\Autorun.inf Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reboot: ***************** [336] C:\Program Files\SmarterPower\bin\utilSmarterPower.exe => Process closed successfully. [3592] C:\Program Files\SmarterPower\bin\SmarterPower.PurBrowse.exe => Process closed successfully. [3536] C:\Program Files\SmarterPower\bin\SmarterPower.BrowserAdapter.exe => Process closed successfully. [1984] C:\Program Files\SmarterPower\updateSmarterPower.exe => Process closed successfully. IePluginServices => Service stopped successfully. IePluginServices => Service deleted successfully. Update SmarterPower => Service deleted successfully. Util SmarterPower => Service deleted successfully. {5eeb83d0-96ea-4249-942c-beead6847053}Gw => Service stopped successfully. {5eeb83d0-96ea-4249-942c-beead6847053}Gw => Service deleted successfully. {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw => Service stopped successfully. {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw => Service deleted successfully. dump_wmimmc => Service deleted successfully. EagleXNt => Service deleted successfully. vtany => Service deleted successfully. xhunter1 => Service deleted successfully. HKU\S-1-5-21-3397978267-1128441615-3336433578-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MarbleStation => value deleted successfully. HKU\S-1-5-21-3397978267-1128441615-3336433578-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search bar => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C33946FC-C759-4842-BAC0-1A899E00F368}" => Key deleted successfully. "HKCR\CLSID\{C33946FC-C759-4842-BAC0-1A899E00F368}" => Key not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully. C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\Grzesiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk => Shortcut argument was removed successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd7c9b62-a7d9-4405-be51-7fd633f08791}" => Key deleted successfully. "HKCR\CLSID\{bd7c9b62-a7d9-4405-be51-7fd633f08791}" => Key deleted successfully. "HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox" => Key deleted successfully. "HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully. "HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully. "HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully. "HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully. "HKU\S-1-5-21-3397978267-1128441615-3336433578-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0621EA11-9665-423A-80C0-D95C41B813B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0621EA11-9665-423A-80C0-D95C41B813B3}" => Key deleted successfully. C:\Windows\System32\Tasks\{A9D937AE-6F22-4F9F-A5E5-87DE11242E05} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A9D937AE-6F22-4F9F-A5E5-87DE11242E05}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13EBF5B7-10F2-4084-B6A7-74479B8EFACC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EBF5B7-10F2-4084-B6A7-74479B8EFACC}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2640E843-E05A-4EAC-95E2-5F518359F9AC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2640E843-E05A-4EAC-95E2-5F518359F9AC}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{527FFEBF-BB2B-45A7-9434-4ACAA1ED29E8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{527FFEBF-BB2B-45A7-9434-4ACAA1ED29E8}" => Key deleted successfully. C:\Windows\System32\Tasks\{86D8205B-23CE-4BF6-A315-426454F36707} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86D8205B-23CE-4BF6-A315-426454F36707}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EA62580-125B-4361-9571-A931CC3FA4AC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EA62580-125B-4361-9571-A931CC3FA4AC}" => Key deleted successfully. C:\Windows\System32\Tasks\Express Files Updater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B5CF4E8-6E0C-4BA4-A47C-F00168BF2460}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B5CF4E8-6E0C-4BA4-A47C-F00168BF2460}" => Key deleted successfully. C:\Windows\System32\Tasks\{CD014EE2-7A27-4E7B-AF40-FEFC21C0415B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD014EE2-7A27-4E7B-AF40-FEFC21C0415B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5CC002E-9A57-4EB4-86B6-C5A37B97FA2E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5CC002E-9A57-4EB4-86B6-C5A37B97FA2E}" => Key deleted successfully. C:\Windows\System32\Tasks\{97D03FDC-6234-4D7D-BA25-F24C6AFF6901} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97D03FDC-6234-4D7D-BA25-F24C6AFF6901}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF00FF46-F939-49D1-86C5-493B278C259D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF00FF46-F939-49D1-86C5-493B278C259D}" => Key deleted successfully. C:\Windows\System32\Tasks\{95DFA4C8-A8A4-444A-AFE6-FFDCF419CC36} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95DFA4C8-A8A4-444A-AFE6-FFDCF419CC36}" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\Program Files\SupTab => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\whoislive => Moved successfully. C:\Users\Grzesiek\AppData\Local\Temp*.html => Moved successfully. C:\Users\Grzesiek\AppData\Roaming\Mozilla => Moved successfully. C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw.sys => Moved successfully. C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys => Moved successfully. Could not remove "C:\Autorun.inf\lpt1.UsbFix" => Scheduled to remove on reboot. "C:\Autorun.inf" => Removed successfully. Could not remove "D:\Autorun.inf\lpt1.UsbFix" => Scheduled to remove on reboot. "D:\Autorun.inf" => Removed successfully. Could not remove "E:\Autorun.inf\lpt1.UsbFix" => Scheduled to remove on reboot. "E:\Autorun.inf" => Removed successfully. Could not remove "F:\Autorun.inf\lpt1.UsbFix" => Scheduled to remove on reboot. "F:\Autorun.inf" => Removed successfully. Could not remove "G:\Autorun.inf\lpt1.UsbFix" => Scheduled to remove on reboot. "G:\Autorun.inf" => Removed successfully. Could not remove "H:\Autorun.inf\lpt1.UsbFix" => Scheduled to remove on reboot. "H:\Autorun.inf" => Removed successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-05 19:32:32)<= C:\Autorun.inf\lpt1.UsbFix => Is removed successfully. D:\Autorun.inf\lpt1.UsbFix => Is removed successfully. E:\Autorun.inf\lpt1.UsbFix => Is removed successfully. F:\Autorun.inf\lpt1.UsbFix => Is removed successfully. G:\Autorun.inf\lpt1.UsbFix => Is removed successfully. H:\Autorun.inf\lpt1.UsbFix => Is removed successfully. ==== End of Fixlog ====