Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013 Ran by Antek at 2013-10-25 07:43:24 Run:1 Running from C:\Users\Antek\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mntrId=B0D274E543455C54 URLSearchHook: (No Name) - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=B0D274E543455C54 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=B0D274E543455C54 Toolbar: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Task: {253392B6-EE38-49EA-9306-F172AD9D2A3C} - System32\Tasks\Norton Product InstallerIdle => C:\Users\Antek\AppData\Local\Temp\Adobe\Shockwave 12\SymInstallStub.exe Task: {3145BA82-CA4E-4879-95AB-DC781FB93044} - System32\Tasks\DSite => C:\Users\Antek\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-08] () Task: {41001091-834D-4BBA-8143-9495DDCAF924} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\Antek\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird U3 BcmSqlStartupSvc; U4 bdselfpr; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; C:\Program Files (x86)\ESET C:\Program Files (x86)\McAfee C:\Program Files\Common Files\mcafee C:\Windows\SysWOW64\sho3CD1.tmp C:\Users\Antek\AppData\Roaming\Babylon C:\Users\Antek\AppData\Roaming\DSite C:\Users\Antek\AppData\Roaming\SimilarWeb Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{5D06ED6E-DA78-4486-A246-B131A2C39807}" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{5D06ED6E-DA78-4486-A246-B131A2C39807}" /f CMD: netsh advfirewall reset CMD: for /d %f in (C:\Users\Antek\AppData\Local\{*}) do rd /s /q "%f" ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} => Value deleted successfully. HKCR\CLSID\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{253392B6-EE38-49EA-9306-F172AD9D2A3C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{253392B6-EE38-49EA-9306-F172AD9D2A3C} => Key deleted successfully. C:\Windows\System32\Tasks\Norton Product InstallerIdle => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Product InstallerIdle => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3145BA82-CA4E-4879-95AB-DC781FB93044} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3145BA82-CA4E-4879-95AB-DC781FB93044} => Key deleted successfully. C:\Windows\System32\Tasks\DSite => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41001091-834D-4BBA-8143-9495DDCAF924} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41001091-834D-4BBA-8143-9495DDCAF924} => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser => Key deleted successfully. C:\Windows\Tasks\DSite.job => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => Value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. BcmSqlStartupSvc => Service deleted successfully. bdselfpr => Service deleted successfully. CLKMSVC10_3A60B698 => Service deleted successfully. CLKMSVC10_C3B3B687 => Service deleted successfully. DriverService => Service deleted successfully. iATAgentService => Service deleted successfully. idealife Update Service => Service deleted successfully. IGRS => Service deleted successfully. IviRegMgr => Service deleted successfully. Oasis2Service => Service deleted successfully. PCCarerService => Service deleted successfully. ReadyComm.DirectRouter => Service deleted successfully. RichVideo => Service deleted successfully. RtLedService => Service deleted successfully. SeaPort => Service deleted successfully. SoftwareService => Service deleted successfully. SQLWriter => Service deleted successfully. C:\Program Files (x86)\ESET => Moved successfully. C:\Program Files (x86)\McAfee => Moved successfully. C:\Program Files\Common Files\mcafee => Moved successfully. C:\Windows\SysWOW64\sho3CD1.tmp => Moved successfully. C:\Users\Antek\AppData\Roaming\Babylon => Moved successfully. "C:\Users\Antek\AppData\Roaming\DSite" directory move: C:\Users\Antek\AppData\Roaming\DSite\UpdateProc\config.dat => Moved successfully. C:\Users\Antek\AppData\Roaming\DSite\UpdateProc\TTL.DAT => Moved successfully. C:\Users\Antek\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe => Moved successfully. Could not move "C:\Users\Antek\AppData\Roaming\DSite" directory. => Scheduled to move on reboot. C:\Users\Antek\AppData\Roaming\SimilarWeb => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{5D06ED6E-DA78-4486-A246-B131A2C39807}" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{5D06ED6E-DA78-4486-A246-B131A2C39807}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= for /d %f in (C:\Users\Antek\AppData\Local\{*}) do rd /s /q "%f" ========= ========= End of CMD: ========= =========== Result of Scheduled Files to move =========== "C:\Users\Antek\AppData\Roaming\DSite" => Directory could not move. ==== End of Fixlog ====