Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03 Ran by Messi10fcb at 2013-09-17 21:10:18 Run:1 Running from C:\Users\Messi10fcb\Downloads Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** HKCU\...\Run: [Rxa1gKilRsOh] - C:\Users\Messi10fcb\AppData\Local\MoLBCRy.exe [130048 2013-09-12] () HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Messi10fcb\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\Explorer: [HideSCAHealth] 1 HKLM-x32\...\Run: [] - [x] Task: {7E1F966D-0685-4EA7-9ED7-FD4C0CAB9912} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-05-26] () Task: {B6994525-7FDA-4E39-B925-4CAAF206AB7F} - System32\Tasks\Funmoods => C:\Users\MESSI1~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=8296F07BCB279899&affID=119357&tt=150913_enh&tsp=5008 URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtByBzyzzzyzyzytB0EtBtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2075026274 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtByBzyzzzyzyzytB0EtBtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2075026274 SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtByBzyzzzyzyzytB0EtBtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2075026274 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtByBzyzzzyzyzytB0EtBtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2075026274 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8296F07BCB279899&affID=119357&tt=150913_enh&tsp=5008 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=L6&apn_dtid=YYYYYYYYGB&apn_uid=D25BF169-9A8D-4F7D-8C56-2DA45763D26F&apn_sauid=BF380C38-E2F3-4E0B-A8F0-91C1E3AB7741 SearchScopes: HKCU - {79A68B4C-78CD-4B26-8862-B78C8FB28C57} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7D85759C-AB7B-4652-8A9F-2E226A60C73E}&mid=41112fbda0bd47d1a04bd16e554000c4-f0e791b6ac310a435de6cbadb8e867b0aa23ed39&lang=pl&ds=AVG&pr=fr&d=2011-12-13 20:01:10&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtByBzyzzzyzyzytB0EtBtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2075026274 BHO-x32: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - No File Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - No File FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] C:\Users\Messi10fcb\AppData\Local\MoLBCRy.exe C:\Users\Messi10fcb\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f C:\Users\Messi10fcb\AppData\Local\vil230ta1hyo6 C:\Users\Messi10fcb\AppData\Local\funmoods-speeddial_sf.crx C:\Users\Messi10fcb\AppData\Local\funmoods.crx C:\Users\Messi10fcb\AppData\Local\Temp*.html C:\Users\Messi10fcb\AppData\Local\tmpBACK.* C:\Users\Messi10fcb\AppData\Roaming\_MDLogs C:\Users\Messi10fcb\AppData\Roaming\AVG10 C:\Users\Messi10fcb\AppData\Roaming\BabSolution C:\Users\Messi10fcb\AppData\Roaming\Babylon C:\Users\Messi10fcb\AppData\Roaming\Funmoods C:\Users\Messi10fcb\Desktop\Search.lnk C:\Users\Messi10fcb\Downloads\OTL_3.2.70.2 (25180).exe C:\ProgramData\DSearchLink C:\ProgramData\vil230ta1hyo6 C:\ProgramData\fodofojm.dat C:\ProgramData\mjofodof.pad Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}" /f Reg: reg delete HKCU\Software\Classes\.exe /f Reg: reg delete HKCU\Software\Classes\exefile /f ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Rxa1gKilRsOh => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E1F966D-0685-4EA7-9ED7-FD4C0CAB9912} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E1F966D-0685-4EA7-9ED7-FD4C0CAB9912} => Key deleted successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6994525-7FDA-4E39-B925-4CAAF206AB7F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6994525-7FDA-4E39-B925-4CAAF206AB7F} => Key deleted successfully. C:\Windows\System32\Tasks\Funmoods => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value deleted successfully. HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Key not found. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully. HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key deleted successfully. HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully. HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully. HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79A68B4C-78CD-4B26-8862-B78C8FB28C57} => Key deleted successfully. HKCR\CLSID\{79A68B4C-78CD-4B26-8862-B78C8FB28C57} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key deleted successfully. HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully. HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully. HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. HKCR\PROTOCOLS\Handler\vsharechrome => Key deleted successfully. HKCR\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru => Value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru => Value deleted successfully. AVG Security Toolbar Service => Service deleted successfully. ezSharedSvc => Service deleted successfully. C:\Users\Messi10fcb\AppData\Local\MoLBCRy.exe => Moved successfully. C:\Users\Messi10fcb\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f => Moved successfully. C:\Users\Messi10fcb\AppData\Local\vil230ta1hyo6 => Moved successfully. C:\Users\Messi10fcb\AppData\Local\funmoods-speeddial_sf.crx => Moved successfully. C:\Users\Messi10fcb\AppData\Local\funmoods.crx => Moved successfully. C:\Users\Messi10fcb\AppData\Local\Temp*.html => Moved successfully. C:\Users\Messi10fcb\AppData\Local\tmpBACK.* => Moved successfully. C:\Users\Messi10fcb\AppData\Roaming\_MDLogs => Moved successfully. C:\Users\Messi10fcb\AppData\Roaming\AVG10 => Moved successfully. C:\Users\Messi10fcb\AppData\Roaming\BabSolution => Moved successfully. C:\Users\Messi10fcb\AppData\Roaming\Babylon => Moved successfully. "C:\Users\Messi10fcb\AppData\Roaming\Funmoods" directory move: C:\Users\Messi10fcb\AppData\Roaming\Funmoods\UpdateProc\gup_dt.dat => Moved successfully. Could not move "C:\Users\Messi10fcb\AppData\Roaming\Funmoods" directory. => Scheduled to move on reboot. C:\Users\Messi10fcb\Desktop\Search.lnk => Moved successfully. C:\Users\Messi10fcb\Downloads\OTL_3.2.70.2 (25180).exe => Moved successfully. C:\ProgramData\DSearchLink => Moved successfully. C:\ProgramData\vil230ta1hyo6 => Moved successfully. C:\ProgramData\fodofojm.dat => Moved successfully. C:\ProgramData\mjofodof.pad => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKCU\Software\Classes\.exe /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKCU\Software\Classes\exefile /f ========= The operation completed successfully. ========= End of Reg: ========= =========== Result of Scheduled Files to move =========== "C:\Users\Messi10fcb\AppData\Roaming\Funmoods" => Directory could not move. ==== End of Fixlog ====