Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014 Ran by Agnieszka at 2014-01-20 08:27:28 Run:1 Running from C:\Users\Agnieszka\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {BEEAC394-3FC8-4D9C-8DC1-FA5F20A59159} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe Task: {C2AC6C63-D2F8-45B8-8A22-CE014D6D0263} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKLM - {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKLM-x32 - DefaultScope {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = SearchScopes: HKLM-x32 - {C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid=&mid=08c79f40078847d0bd5fd16fd8829635-4dd5765d4bf373576ef70e16a19c1a1b99475d67&lang=pl&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKCU - {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = http://startsear.ch/?aff=1&src=sp&cf=33093fd6-dcc2-11e1-b459-00269e667fc6&q={searchTerms} SearchScopes: HKCU - {DE740420-8E41-48A7-9B02-9E8631445285} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=08BDCC06-EAC5-4013-9241-80D4DF257939&apn_sauid=45B60941-3D12-49DD-973D-9C8D37CAF0B5 Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{33242894-d0f4-f874-3f14-469ea0b34fde} [2013-12-21] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird S1 bdevrxvd; \??\C:\Windows\system32\drivers\bdevrxvd.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 eamonm; system32\DRIVERS\eamonm.sys [x] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] C:\Users\Agnieszka\Downloads\Audacity(11826).exe C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377).exe C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377)(1).exe ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEEAC394-3FC8-4D9C-8DC1-FA5F20A59159} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEEAC394-3FC8-4D9C-8DC1-FA5F20A59159} => Key deleted successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2AC6C63-D2F8-45B8-8A22-CE014D6D0263} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2AC6C63-D2F8-45B8-8A22-CE014D6D0263} => Key deleted successfully. C:\Windows\System32\Tasks\BitGuard => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE478A33-2406-4F47-9F8C-73DD77C7A8CC} => Key deleted successfully. HKCR\CLSID\{CE478A33-2406-4F47-9F8C-73DD77C7A8CC} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} => Key deleted successfully. HKCR\CLSID\{C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE478A33-2406-4F47-9F8C-73DD77C7A8CC} => Key deleted successfully. HKCR\CLSID\{CE478A33-2406-4F47-9F8C-73DD77C7A8CC} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE740420-8E41-48A7-9B02-9E8631445285} => Key deleted successfully. HKCR\CLSID\{DE740420-8E41-48A7-9B02-9E8631445285} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Value not found. HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{33242894-d0f4-f874-3f14-469ea0b34fde} => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => Value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. bdevrxvd => Service deleted successfully. catchme => Service deleted successfully. eamonm => Service deleted successfully. RtsUIR => Service deleted successfully. USBCCID => Service deleted successfully. C:\Users\Agnieszka\Downloads\Audacity(11826).exe => Moved successfully. C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377).exe => Moved successfully. C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377)(1).exe => Moved successfully. ==== End of Fixlog ====