Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01 Ran by Admin at 2014-09-07 20:35:21 Run:1 Running from C:\Users\Admin\Desktop\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Users\Admin\AppData\Local\Temp\MSDCSC\msdcsc.exe,C:\Windows\system32\Client Server Runtime Process,C:\Users\Admin\Documents\MSDCSC\msdcsc.exe,C:\Windows\system32\WindowsDefender32\UPDATED32.exe,\MSDCSC\msdcsc.exe,C:\Windows\system32\config\systemprofile\AppData\Local\Temp\MSDCSC\msdcsc.exe,C:\Users\Admin\Documents\MSDCSC\msdcsc.exe HKU\.DEFAULT\...\Run: [MicroUpdate] => \MSDCSC\msdcsc.exe [257536 2014-08-27] (Microsoft Corp.) HKU\.DEFAULT\...\Policies\system: [DisableTaskMgr] 1 HKU\.DEFAULT\...\Policies\system: [DisableRegistryTools] 1 HKU\.DEFAULT\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Run: [MicroUpdate] => C:\Users\Admin\Documents\MSDCSC\msdcsc.exe [257536 2014-08-27] (Microsoft Corp.) HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Run: [Default Key] => C:\Users\Admin\AppData\Roaming\Default Folder\Default File.exe [284192 2014-08-17] (Microsoft) HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Winlogon: [Shell] C:\Users\Admin\AppData\Roaming\wserver.exe [291328 2014-08-24] () <==== ATTENTION AppInit_DLLs: C:\PROGRA~3\WinSpeed\WINSPE~1.DLL => C:\ProgramData\WinSpeed\WinSpeed_x64.dll [4304896 2014-08-23] () AppInit_DLLs-x32: c:\progra~3\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-23] () R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-23] () [File not signed] S4 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [702344 2014-07-27] (Cherished Technololgy LIMITED) S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-27] (Fuyu LIMITED) R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-01] (StdLib) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 FairplayKD2; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X] IFEO\AvastSvc.exe: [Debugger] nqij.exe IFEO\AvastUI.exe: [Debugger] nqij.exe IFEO\avcenter.exe: [Debugger] nqij.exe IFEO\avconfig.exe: [Debugger] nqij.exe IFEO\avgcsrvx.exe: [Debugger] nqij.exe IFEO\avgidsagent.exe: [Debugger] nqij.exe IFEO\avgnt.exe: [Debugger] nqij.exe IFEO\avgrsx.exe: [Debugger] nqij.exe IFEO\avguard.exe: [Debugger] nqij.exe IFEO\avgui.exe: [Debugger] nqij.exe IFEO\avgwdsvc.exe: [Debugger] nqij.exe IFEO\avp.exe: [Debugger] nqij.exe IFEO\avscan.exe: [Debugger] nqij.exe IFEO\bdagent.exe: [Debugger] nqij.exe IFEO\blindman.exe: [Debugger] nqij.exe IFEO\ccuac.exe: [Debugger] nqij.exe IFEO\ComboFix.exe: [Debugger] nqij.exe IFEO\egui.exe: [Debugger] nqij.exe IFEO\hijackthis.exe: [Debugger] nqij.exe IFEO\instup.exe: [Debugger] nqij.exe IFEO\keyscrambler.exe: [Debugger] nqij.exe IFEO\mbam.exe: [Debugger] nqij.exe IFEO\mbamgui.exe: [Debugger] nqij.exe IFEO\mbampt.exe: [Debugger] nqij.exe IFEO\mbamscheduler.exe: [Debugger] nqij.exe IFEO\mbamservice.exe: [Debugger] nqij.exe IFEO\MpCmdRun.exe: [Debugger] nqij.exe IFEO\MSASCui.exe: [Debugger] nqij.exe IFEO\MsMpEng.exe: [Debugger] nqij.exe IFEO\msseces.exe: [Debugger] nqij.exe IFEO\rstrui.exe: [Debugger] nqij.exe IFEO\SDFiles.exe: [Debugger] nqij.exe IFEO\SDMain.exe: [Debugger] nqij.exe IFEO\SDWinSec.exe: [Debugger] nqij.exe IFEO\spybotsd.exe: [Debugger] nqij.exe IFEO\wireshark.exe: [Debugger] nqij.exe IFEO\zlclient.exe: [Debugger] nqij.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MA804117C-9E04-40D4-B5DF-625593C253C1&SearchSource=55&CUI=&UM=6&UP=SP4FC40864-787D-4805-8240-5CAFB50A99C4&SSPV= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MA804117C-9E04-40D4-B5DF-625593C253C1&SearchSource=58&CUI=&UM=6&UP=SPCD622F3E-54B8-4741-93E5-CA505417B4C6&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MA804117C-9E04-40D4-B5DF-625593C253C1&SearchSource=58&CUI=&UM=6&UP=SPCD622F3E-54B8-4741-93E5-CA505417B4C6&q={searchTerms}&SSPV= SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} BHO: weubsaveere -> {3319CBFF-0B7E-F6DF-061A-2A17A2FBF004} -> C:\ProgramData\weubsaveere\gZ.x64.dll () BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File BHO-x32: weubsaveere -> {3319CBFF-0B7E-F6DF-061A-2A17A2FBF004} -> C:\ProgramData\weubsaveere\gZ.dll () BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Task: {1B4B0EBE-5284-4A3C-9DCC-D2B6D0399A42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {2F45BA02-353A-4A35-9D3B-2EB42FF1C40A} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis82A6.exe Task: {31FAA86C-5554-4094-A2BB-CBA83BCE663B} - System32\Tasks\{223D2C2B-F815-451F-9F15-BCD3E50E8277} => C:\Users\Admin\Desktop\craftenterminal.exe Task: {628C464B-9449-45F5-BDC2-9F95261ECBF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {7C90A235-66F6-407F-8A4E-9DFC07F4D6DA} - System32\Tasks\{363A0176-B51D-47C2-AB5D-788050F4823E} => C:\Users\Admin\Downloads\PAYDAY-2\setup.exe Task: {E2C033C7-12B2-491F-A4C2-ED4C15F505A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {E358385F-C7CA-4BBC-8F8A-F296F00CA551} - \AmiUpdXp No Task File <==== ATTENTION Task: {F02BBDE6-B318-42A7-BCC9-CBCFC402C754} - System32\Tasks\{E4A8B222-6DE4-4935-A96C-5F4A16B1813F} => C:\Users\Admin\Desktop\lol\setup.exe Task: {F08E851F-3568-403B-8FB9-7D5CBAE9144B} - System32\Tasks\{FD5B2FD4-13AA-479C-B271-8B0C5E9553FD} => C:\Users\Admin\Downloads\PAYDAY-2\setup.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43940229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43940229.sys => ""="Driver" C:\MSDCSC C:\Program Files (x86)\wweBesaover C:\ProgramData\374311380 C:\ProgramData\TEMP C:\ProgramData\wweBesaover C:\Users\Admin\*.dll C:\Users\Admin\*.exe C:\Users\Admin\AppData\Local\Google C:\Users\Admin\AppData\Roaming\*.exe C:\Users\Admin\AppData\Roaming\msconfig.ini C:\Users\Admin\AppData\Roaming\dclogs C:\Users\Admin\AppData\Roaming\Default Folder C:\Users\Admin\AppData\Roaming\Imminent C:\Users\Admin\AppData\Roaming\java C:\Users\Admin\Documents\MSDCSC C:\Users\Admin\Downloads\avast_premier_antivirus* C:\Users\Admin\Downloads\rkill_*.exe C:\Users\Default\AppData\Local\SearchProtect C:\Windows\28122008.txt C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup C:\Windows\System32\config\systemprofile\AppData\Local\Temp C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys C:\Windows\SysWOW64\Client Server Runtime Process C:\Windows\SysWOW64\SearchProtect C:\Windows\SysWOW64\Windows Server C:\Windows\SysWOW64\WindowsDefender32 RemoveDirectory: C:\ProgramData\AVAST Software RemoveDirectory: C:\ProgramData\Kaspersky Lab Setup Files Folder: C:\Temp Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CLPSLauncher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\GeekBuddyRSP" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdate" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdatem" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\IePluginServices" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update Deal Keeper" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Util Deal Keeper" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Tab Search by Ask" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Tab Search by Askx64" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f EmptyTemp: ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\EnableLUA => value deleted successfully. HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => value deleted successfully. HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Default Key => value deleted successfully. HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\EnableLUA => value deleted successfully. HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. "C:\PROGRA~3\WinSpeed\WINSPE~1.DLL" => Value Data removed successfully. "c:\progra~3\winspeed\winspeed.dll" => Value Data removed successfully. f1f78e38 => Service deleted successfully. IePluginServices => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 => Unable to stop service {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 => Service deleted successfully. FairplayKD => Service deleted successfully. FairplayKD2 => Service deleted successfully. nethfdrv => Service deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3319CBFF-0B7E-F6DF-061A-2A17A2FBF004}" => Key deleted successfully. "HKCR\CLSID\{3319CBFF-0B7E-F6DF-061A-2A17A2FBF004}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED663}" => Key deleted successfully. "HKCR\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED663}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3319CBFF-0B7E-F6DF-061A-2A17A2FBF004}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3319CBFF-0B7E-F6DF-061A-2A17A2FBF004}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED663}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED663}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully. "HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B4B0EBE-5284-4A3C-9DCC-D2B6D0399A42}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B4B0EBE-5284-4A3C-9DCC-D2B6D0399A42}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F45BA02-353A-4A35-9D3B-2EB42FF1C40A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F45BA02-353A-4A35-9D3B-2EB42FF1C40A}" => Key deleted successfully. C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31FAA86C-5554-4094-A2BB-CBA83BCE663B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31FAA86C-5554-4094-A2BB-CBA83BCE663B}" => Key deleted successfully. C:\Windows\System32\Tasks\{223D2C2B-F815-451F-9F15-BCD3E50E8277} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{223D2C2B-F815-451F-9F15-BCD3E50E8277}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{628C464B-9449-45F5-BDC2-9F95261ECBF7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{628C464B-9449-45F5-BDC2-9F95261ECBF7}" => Key deleted successfully. C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C90A235-66F6-407F-8A4E-9DFC07F4D6DA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C90A235-66F6-407F-8A4E-9DFC07F4D6DA}" => Key deleted successfully. C:\Windows\System32\Tasks\{363A0176-B51D-47C2-AB5D-788050F4823E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{363A0176-B51D-47C2-AB5D-788050F4823E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2C033C7-12B2-491F-A4C2-ED4C15F505A4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C033C7-12B2-491F-A4C2-ED4C15F505A4}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E358385F-C7CA-4BBC-8F8A-F296F00CA551}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E358385F-C7CA-4BBC-8F8A-F296F00CA551}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F02BBDE6-B318-42A7-BCC9-CBCFC402C754}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F02BBDE6-B318-42A7-BCC9-CBCFC402C754}" => Key deleted successfully. C:\Windows\System32\Tasks\{E4A8B222-6DE4-4935-A96C-5F4A16B1813F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4A8B222-6DE4-4935-A96C-5F4A16B1813F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F08E851F-3568-403B-8FB9-7D5CBAE9144B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F08E851F-3568-403B-8FB9-7D5CBAE9144B}" => Key deleted successfully. C:\Windows\System32\Tasks\{FD5B2FD4-13AA-479C-B271-8B0C5E9553FD} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD5B2FD4-13AA-479C-B271-8B0C5E9553FD}" => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\43940229.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\43940229.sys" => Key deleted successfully. C:\MSDCSC => Moved successfully. C:\Program Files (x86)\wweBesaover => Moved successfully. C:\ProgramData\374311380 => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\wweBesaover => Moved successfully. C:\Users\Admin\*.dll => Moved successfully. C:\Users\Admin\*.exe => Moved successfully. C:\Users\Admin\AppData\Local\Google => Moved successfully. C:\Users\Admin\AppData\Roaming\*.exe => Moved successfully. C:\Users\Admin\AppData\Roaming\msconfig.ini => Moved successfully. C:\Users\Admin\AppData\Roaming\dclogs => Moved successfully. C:\Users\Admin\AppData\Roaming\Default Folder => Moved successfully. C:\Users\Admin\AppData\Roaming\Imminent => Moved successfully. C:\Users\Admin\AppData\Roaming\java => Moved successfully. C:\Users\Admin\Documents\MSDCSC => Moved successfully. C:\Users\Admin\Downloads\avast_premier_antivirus* => Moved successfully. C:\Users\Admin\Downloads\rkill_*.exe => Moved successfully. C:\Users\Default\AppData\Local\SearchProtect => Moved successfully. C:\Windows\28122008.txt => Moved successfully. C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup => Moved successfully. "C:\Windows\System32\config\systemprofile\AppData\Local\Temp" => File/Directory not found. C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys => Moved successfully. C:\Windows\SysWOW64\Client Server Runtime Process => Moved successfully. C:\Windows\SysWOW64\SearchProtect => Moved successfully. C:\Windows\SysWOW64\Windows Server => Moved successfully. C:\Windows\SysWOW64\WindowsDefender32 => Moved successfully. "C:\ProgramData\AVAST Software" => Removed successfully. "C:\ProgramData\Kaspersky Lab Setup Files" => Removed successfully. ========================= Folder: C:\Temp ======================== 2014-08-28 12:03 - 2007-08-30 17:17 - 0000046 _____ () C:\Temp\readme.txt ====== End of Folder: ====== ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CLPSLauncher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\GeekBuddyRSP" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdate" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdatem" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\IePluginServices" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update Deal Keeper" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Util Deal Keeper" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Tab Search by Ask" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Tab Search by Askx64" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.2 GB temporary data. The system needed a reboot. ==== End of Fixlog ====