Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2013 01 Ran by Madzia at 2013-12-17 19:55:50 Run:1 Running from C:\Users\Madzia\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=FADC0022FBCA3EC7&affID=119357&tsp=4952 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FADC0022FBCA3EC7&affID=119357&tsp=4952 SearchScopes: HKCU - {31DFB111-64D2-4197-9FB0-1F6669B40606} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=8DFA5D28-753A-4DA5-A8C0-188BF647D6D7&apn_sauid=63CCAC93-A279-43B2-B486-06B80044AF90 BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {92782AC0-32F9-4FCC-825B-ED26E20A4479} - System32\Tasks\{14BD31BE-17DC-4302-8A5E-00A743F150C3} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain Task: {D79B0CFE-03CD-4220-BF21-D738F0BF33BB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1191065404-194317344-3443399857-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sptd S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x] S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [x] C:\Program Files (x86)\Mobogenie C:\Users\Madzia\daemonprocess.txt C:\Users\Madzia\AppData\Local\Temp\dateinj01.dll C:\Users\Madzia\AppData\Local\Mobogenie C:\Users\Madzia\AppData\Roaming\Babylon C:\Users\Madzia\AppData\Roaming\ContentGuard C:\Users\Madzia\AppData\Roaming\OpenCandy C:\Users\Madzia\Documents\Mobogenie C:\Users\Madzia\Documents\SoftonicDownloader_dla_nero-burning-rom.exe C:\Users\wangzhisong CMD: md C:\Users\Madzia\Desktop\Upload CMD: copy C:\Users\Madzia\AppData\Roaming\Mozilla\Firefox\Profiles\1de6um8o.default\Extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi C:\Users\Madzia\Desktop\Upload ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31DFB111-64D2-4197-9FB0-1F6669B40606} => Key deleted successfully. HKCR\CLSID\{31DFB111-64D2-4197-9FB0-1F6669B40606} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} => Key deleted successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92782AC0-32F9-4FCC-825B-ED26E20A4479} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92782AC0-32F9-4FCC-825B-ED26E20A4479} => Key deleted successfully. C:\Windows\System32\Tasks\{14BD31BE-17DC-4302-8A5E-00A743F150C3} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14BD31BE-17DC-4302-8A5E-00A743F150C3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D79B0CFE-03CD-4220-BF21-D738F0BF33BB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D79B0CFE-03CD-4220-BF21-D738F0BF33BB} => Key deleted successfully. C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1191065404-194317344-3443399857-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-1191065404-194317344-3443399857-1000 => Key deleted successfully. "HKLM\SYSTEM\CurrentControlSet\Services\sptd" => Key unlocked successfully. ACDaemon => Service deleted successfully. aspnet_state => Service deleted successfully. pccsmcfd => Service deleted successfully. Prot6Flt => Service deleted successfully. sptd => Service deleted successfully. C:\Program Files (x86)\Mobogenie => Moved successfully. C:\Users\Madzia\daemonprocess.txt => Moved successfully. C:\Users\Madzia\AppData\Local\Temp\dateinj01.dll => Moved successfully. C:\Users\Madzia\AppData\Local\Mobogenie => Moved successfully. C:\Users\Madzia\AppData\Roaming\Babylon => Moved successfully. C:\Users\Madzia\AppData\Roaming\ContentGuard => Moved successfully. C:\Users\Madzia\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\Madzia\Documents\Mobogenie => Moved successfully. C:\Users\Madzia\Documents\SoftonicDownloader_dla_nero-burning-rom.exe => Moved successfully. C:\Users\wangzhisong => Moved successfully. ========= md C:\Users\Madzia\Desktop\Upload ========= ========= End of CMD: ========= ========= copy C:\Users\Madzia\AppData\Roaming\Mozilla\Firefox\Profiles\1de6um8o.default\Extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi C:\Users\Madzia\Desktop\Upload ========= Liczba skopiowanych plik¢w: 1. ========= End of CMD: ========= ==== End of Fixlog ====