Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014 Ran by Malin at 2014-10-03 00:13:22 Run:1 Running from C:\Users\Malin\Downloads Loaded Profile: Malin (Available profiles: Malin) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [61120 2014-04-24] (StdLib) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 SBIOSIO; \??\C:\Users\Malin\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] S2 Update BuzzSearch; "C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe" [X] S2 Util BuzzSearch; "C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe" [X] HKLM-x32\...\Run: [fst_pl_186] => [X] BootExecute: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=565EC485080D6F4D HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1409495696&from=tt4u&uid=ST1000LM024XHN-M101MBB_S2RQJ9DC403197 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=565EC485080D6F4D BHO-x32: No Name -> {5cf5a690-c8f4-488e-9d20-f21aef602d41} -> No File Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Malin\AppData\Roaming\BabSolution\CR\Delta.crx [2013-06-17] FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File CustomCLSID: HKU\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Malin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Malin\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File CustomCLSID: HKU\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Malin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {49F9BD90-5711-4379-98FE-55D2D3460632} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe Task: {7D6ADD17-3AA2-40C5-BCDE-1F7E3076F979} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\WSCStub.exe Task: {B6675B91-2B3B-456E-954F-A184DFFC1CDB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe C:\Program Files (x86)\mozilla firefox\plugins C:\ProgramData\BitGuard C:\Users\Malin\AppData\Roaming\BabSolution C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys C:\Windows\System32\Tasks\Norton Internet Security Reg: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "c:\windows\system32\nvinitx.dll" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "c:\windows\syswow64\nvinit.dll" /f EmptyTemp: ***************** Processes closed successfully. {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64 => Service stopped successfully. {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64 => Service deleted successfully. AppMgmt => Service deleted successfully. catchme => Service deleted successfully. SBIOSIO => Service deleted successfully. Update BuzzSearch => Service deleted successfully. Util BuzzSearch => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_pl_186 => value deleted successfully. BootExecute: => Error: No automatic fix found for this entry. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully. "HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cf5a690-c8f4-488e-9d20-f21aef602d41}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{5cf5a690-c8f4-488e-9d20-f21aef602d41}" => Key not found. "HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully. "HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" => Key deleted successfully. C:\Users\Malin\AppData\Roaming\BabSolution\CR\Delta.crx => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2" => Key deleted successfully. C:\windows\SysWOW64\npDeployJava1.dll => Moved successfully. "HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully. C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found. "HKU\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKU\S-1-5-21-3183270048-2252803029-1860483952-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49F9BD90-5711-4379-98FE-55D2D3460632}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F9BD90-5711-4379-98FE-55D2D3460632}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D6ADD17-3AA2-40C5-BCDE-1F7E3076F979}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6ADD17-3AA2-40C5-BCDE-1F7E3076F979}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6675B91-2B3B-456E-954F-A184DFFC1CDB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6675B91-2B3B-456E-954F-A184DFFC1CDB}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. "C:\ProgramData\BitGuard" directory move: Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\x64injector.exe" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" => Scheduled to move on reboot. Could not move "C:\ProgramData\BitGuard" directory. => Scheduled to move on reboot. C:\Users\Malin\AppData\Roaming\BabSolution => Moved successfully. C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys => Moved successfully. C:\Windows\System32\Tasks\Norton Internet Security => Moved successfully. ========= reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "c:\windows\system32\nvinitx.dll" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "c:\windows\syswow64\nvinit.dll" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 520.3 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-03 00:16:10)<= C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\x64injector.exe => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 => Is moved successfully. C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 => Is moved successfully. C:\ProgramData\BitGuard => Is moved successfully. ==== End of Fixlog ====