Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01 Ran by Maciek at 2014-01-30 07:47:00 Run:1 Running from C:\Users\Maciek\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Support\couponsupport.exe () C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe (Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe (PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe Startup: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe () HKLM-x32\...\Run: [] - [x] AppInit_DLLs-x32: c:\progra~2\psupport\psupport.dll => C:\Program Files (x86)\PSupport\psupport.dll [857600 2013-10-06] () R2 Update Bizzybolt; C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe [66848 2013-11-20] () Task: {00BFFAD9-9170-45F5-9D8E-304B37AE4437} - System32\Tasks\EPUpdater => C:\Users\Maciek\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-09-01] () Task: {42C3C10C-5C33-43B7-9B28-56A3FEF57AF4} - System32\Tasks\{CE7B84B1-9D8D-4DB7-AABC-F6BDEF69A31F} => I:\wordpad.exe Task: {4B8B55EF-30C0-4F36-B3C2-AD63A157B040} - System32\Tasks\couponsupport-S-649636217 => c:\support\couponsupport.exe [2013-01-05] () Task: {59BA8DE9-D06E-46B5-9FF5-65D844F35798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.) Task: {61829D4B-3A45-44F8-A9F6-B94DAAEDF7D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.) Task: C:\Windows\Tasks\couponsupport-S-649636217.job => c:\support\couponsupport.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} SearchScopes: HKLM - {E2958F71-2B50-4864-811E-2F39556414E9} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-60ZAT1_WD-WXD0C790647206472&ts=1383840361&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {E2958F71-2B50-4864-811E-2F39556414E9} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.dalesearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1CDA0CEEE699CB7F&affID=124440&tsp=5008 SearchScopes: HKCU - {E2958F71-2B50-4864-811E-2F39556414E9} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl BHO: SaveClicker - {E3F3FD3E-0573-D121-9A5D-F6E1CE8A5AAF} - C:\Program Files (x86)\SaveClicker\Me.x64.dll () BHO-x32: Bizzybolt - {13070af0-bc6c-4185-8baa-40a4cf05b323} - C:\Program Files (x86)\Bizzybolt\Bizzyboltbho.dll (Bizzybolt) BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File BHO-x32: SaveClicker - {E3F3FD3E-0573-D121-9A5D-F6E1CE8A5AAF} - C:\Program Files (x86)\SaveClicker\Me.dll () Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {00000000-5736-4205-0008-F7ED0776FB27} - No File Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird U4 eabfiltr; S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] C:\Program Files (x86)\IminentToolbar C:\ProgramData\a56c2342e434e434 C:\Users\Maciek\AppData\Local\Comodo C:\Users\Maciek\AppData\Local\Google C:\Users\Maciek\AppData\Local\Packages C:\Users\Maciek\AppData\Local\Torch C:\Users\Maciek\AppData\Roaming\BabSolution C:\Users\Maciek\Downloads\SoftonicDownloader_for_cain-abel.exe C:\Users\Administrator C:\Users\HomeGroupUser$ C:\Users\Gość C:\Windows\System32\Tasks\{1ACFCBDB-325E-4994-8827-2E5C3D2BDB06} AlternateDataStreams: C:\Windows:9DAA25326793C57A Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v {BA14329E-9550-4989-B3F2-9732E92D17CC} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f CMD: netsh advfirewall reset ***************** [1028] C:\Support\couponsupport.exe => Process closed successfully. [4368] C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe => Process closed successfully. [2412] C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe => Process closed successfully. [2628] C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe => Process closed successfully. C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. "c:\\progra~2\\psupport\\psupport.dll" => Value Data removed successfully. Update Bizzybolt => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00BFFAD9-9170-45F5-9D8E-304B37AE4437} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00BFFAD9-9170-45F5-9D8E-304B37AE4437} => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42C3C10C-5C33-43B7-9B28-56A3FEF57AF4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42C3C10C-5C33-43B7-9B28-56A3FEF57AF4} => Key deleted successfully. C:\Windows\System32\Tasks\{CE7B84B1-9D8D-4DB7-AABC-F6BDEF69A31F} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE7B84B1-9D8D-4DB7-AABC-F6BDEF69A31F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B8B55EF-30C0-4F36-B3C2-AD63A157B040} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B8B55EF-30C0-4F36-B3C2-AD63A157B040} => Key deleted successfully. C:\Windows\System32\Tasks\couponsupport-S-649636217 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\couponsupport-S-649636217 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59BA8DE9-D06E-46B5-9FF5-65D844F35798} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59BA8DE9-D06E-46B5-9FF5-65D844F35798} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61829D4B-3A45-44F8-A9F6-B94DAAEDF7D5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61829D4B-3A45-44F8-A9F6-B94DAAEDF7D5} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. C:\Windows\Tasks\couponsupport-S-649636217.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2958F71-2B50-4864-811E-2F39556414E9} => Key deleted successfully. HKCR\CLSID\{E2958F71-2B50-4864-811E-2F39556414E9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E2958F71-2B50-4864-811E-2F39556414E9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{E2958F71-2B50-4864-811E-2F39556414E9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2958F71-2B50-4864-811E-2F39556414E9} => Key deleted successfully. HKCR\CLSID\{E2958F71-2B50-4864-811E-2F39556414E9} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3F3FD3E-0573-D121-9A5D-F6E1CE8A5AAF} => Key deleted successfully. HKCR\CLSID\{E3F3FD3E-0573-D121-9A5D-F6E1CE8A5AAF} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13070af0-bc6c-4185-8baa-40a4cf05b323} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{13070af0-bc6c-4185-8baa-40a4cf05b323} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3F3FD3E-0573-D121-9A5D-F6E1CE8A5AAF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{E3F3FD3E-0573-D121-9A5D-F6E1CE8A5AAF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully. HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Value deleted successfully. HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-5736-4205-0008-F7ED0776FB27} => Value deleted successfully. HKCR\CLSID\{00000000-5736-4205-0008-F7ED0776FB27} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully. HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. eabfiltr => Service deleted successfully. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. C:\Program Files (x86)\IminentToolbar => Moved successfully. C:\ProgramData\a56c2342e434e434 => Moved successfully. C:\Users\Maciek\AppData\Local\Comodo => Moved successfully. C:\Users\Maciek\AppData\Local\Google => Moved successfully. C:\Users\Maciek\AppData\Local\Packages => Moved successfully. C:\Users\Maciek\AppData\Local\Torch => Moved successfully. C:\Users\Maciek\AppData\Roaming\BabSolution => Moved successfully. C:\Users\Maciek\Downloads\SoftonicDownloader_for_cain-abel.exe => Moved successfully. C:\Users\Administrator => Moved successfully. C:\Users\HomeGroupUser$ => Moved successfully. C:\Users\Gość => Moved successfully. C:\Windows\System32\Tasks\{1ACFCBDB-325E-4994-8827-2E5C3D2BDB06} => Moved successfully. C:\Windows => ":9DAA25326793C57A" ADS removed successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v {BA14329E-9550-4989-B3F2-9732E92D17CC} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ==== End of Fixlog ====