Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by 1 at 2013-10-14 20:54:59 Run:1
Running from C:\Users\1\Desktop\RAFAL\FRT
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {6F6ED734-4A64-4C83-8ADB-31B31D9A7520} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {A522DA93-202B-4F74-A15A-F791DAD296B0} - System32\Tasks\DealPly => C:\Users\1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {EC857676-B49A-44AA-B5FC-0F016C7F5507} - System32\Tasks\EPUpdater => C:\Users\1\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] ()
R2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2845664 2013-09-23] ()
AppInit_DLLs-x32: c:\PROGRA~3\BitGuard\261694~1.246\{C16C1~1\BitGuard.dll [2704352 2013-09-23] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=0C05BEB70D59D348&affID=119357&tt=240913_246&tsp=5019
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&st=home&tid=3546&ts=1361702554814&tguid=33953-3546-1361702551857-598191
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=0C05BEB70D59D348&affID=119357&tt=240913_246&tsp=5019
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&st=home&tid=3546&ts=1361702554814&tguid=33953-3546-1361702551857-598191
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0C05BEB70D59D348&affID=119357&tt=240913_246&tsp=5019
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121020214230.dll No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121020214230.dll No File
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\1\AppData\Roaming\BabSolution\CR\Delta.crx
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
S4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix-tamindir\catchme.sys [x]
C:\Windows\System32\drivers\HipShieldK.sys
C:\Windows\SysWOW64\searchplugins
C:\Windows\SysWOW64\Extensions
C:\Users\1\AppData\Local\avgchrome
C:\Users\1\AppData\Roaming\BabSolution
C:\Users\1\AppData\Roaming\Yandex
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f
CMD: netsh advfirewall reset
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F6ED734-4A64-4C83-8ADB-31B31D9A7520} => Key not found.
C:\Windows\System32\Tasks\BitGuard not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A522DA93-202B-4F74-A15A-F791DAD296B0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A522DA93-202B-4F74-A15A-F791DAD296B0} => Key deleted successfully.
C:\Windows\System32\Tasks\DealPly => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC857676-B49A-44AA-B5FC-0F016C7F5507} => Key not found.
C:\Windows\System32\Tasks\EPUpdater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key not found.
BitGuard => Service not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ => Key not found.
HKCR\CLSID\ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => Key deleted successfully.
"C:\Users\1\AppData\Roaming\BabSolution\CR\Delta.crx" => File/Directory not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => Key deleted successfully.
MSK80Service => Service deleted successfully.
HipShieldK => Service deleted successfully.
catchme => Service deleted successfully.
C:\Windows\System32\drivers\HipShieldK.sys => Moved successfully.
C:\Windows\SysWOW64\searchplugins => Moved successfully.
C:\Windows\SysWOW64\Extensions => Moved successfully.
C:\Users\1\AppData\Local\avgchrome => Moved successfully.
C:\Users\1\AppData\Roaming\BabSolution => Moved successfully.
C:\Users\1\AppData\Roaming\Yandex => Moved successfully.

========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f =========

Bť¤D: System nie znalaz w rejestrze okrelonego klucza albo wartoci.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f =========

Bť¤D: System nie znalaz w rejestrze okrelonego klucza albo wartoci.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f =========

Bť¤D: System nie znalaz w rejestrze okrelonego klucza albo wartoci.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f =========

Bť¤D: System nie znalaz w rejestrze okrelonego klucza albo wartoci.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


==== End of Fixlog ====