Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-08-2013 03 Ran by Darek at 2013-08-31 17:27:20 Run:1 Running from C:\Users\Darek\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client C:\Users\Darek\AppData\Local\Google\Desktop C:\Program Files\Google\Desktop Task: {C9F2C9C4-5436-4EE7-A01F-798F27234715} - System32\Tasks\mxsletbzupd => C:\Windows\system32\cscript.exe [2009-04-10] (Microsoft Corporation) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - ${searchCLSID} URL = http://search.yahoo.com/search?fr=megaup&p={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = Toolbar: HKCU -No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Policies\Explorer: [NoDriveAutoRun] 0 HKCU\...\Policies\Explorer: [NoDrives] 0 Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sptd Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found () S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] S2 Harmonogram automatycznej usługi LiveUpdate; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] S3 catchme; \??\C:\Users\Darek\AppData\Local\Temp\catchme.sys [x] S3 PCANDIS4_RETWIFI; \??\C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS4_RETWIFI.SYS [x] S4 sptd; System32\Drivers\sptd.sys [x] S3 TpChoice; system32\DRIVERS\TpChoice.sys [x] Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\pl-pl" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. C:\Users\Darek\AppData\Local\Google\Desktop => Moved successfully. C:\Program Files\Google\Desktop => Deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9F2C9C4-5436-4EE7-A01F-798F27234715} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F2C9C4-5436-4EE7-A01F-798F27234715} => Key deleted successfully. C:\Windows\System32\Tasks\mxsletbzupd => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mxsletbzupd => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID} => Key deleted successfully. HKCR\Wow6432Node\CLSID\${searchCLSID} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} => Value deleted successfully. HKCR\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} => Key not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveAutoRun => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => Value deleted successfully. "HKLM\SYSTEM\CurrentControlSet\Services\sptd" => Key unlocked successfully. HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005 => Key deleted successfully. Bonjour Service => Service deleted successfully. CLTNetCnService => Service deleted successfully. Harmonogram automatycznej usługi LiveUpdate => Service deleted successfully. rpcapd => Service deleted successfully. catchme => Service deleted successfully. PCANDIS4_RETWIFI => Service deleted successfully. sptd => Service deleted successfully. TpChoice => Service deleted successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= BŁĄD: System nie znalazł w rejestrze określonego klucza albo wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= The system needs a manual reboot. ==== End of Fixlog ====