Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 03 Ran by Kuba at 2013-09-04 15:16:58 Run:1 Running from C:\Users\Kuba\Downloads\raporty Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\ProgramData\rawt.js C:\ProgramData\rawt.bat C:\ProgramData\rawt.reg C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk C:\Users\Kuba\AppData\Roaming\HoolappForAndroid C:\Users\Kuba\Downloads\cbsidlm-cbsi134-XWidget-ORG-75609200 (1).exe C:\Users\Kuba\Downloads\cbsidlm-cbsi134-XWidget-ORG-75609200.exe C:\Users\Kuba\Downloads\Rainmeter(18721).exe HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\rawt.bat [x ] () <=== ATTENTION HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [xwidget] - C:\Program Files (x86)\XWidget\xwidget.exe [x] HKCU\...\Policies\Explorer: [NoDrives] 0 HKU\Gość\...\Run: [4E3E0230AEBB4E96] - C:\Recycle.Bin\Recycle.Bin.exe [x] SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {7AC57FAC-79A7-4C43-89D7-7706CFC5B104} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^PL&apn_uid=cc25c67e-7744-480b-b716-9c2b5fcfaf25&apn_sauid=142E98D6-F12B-4A1F-863F-B73F39DEE941 Toolbar: HKLM-x32 - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Task: {0CCA90CF-329D-4C03-B28A-0F961059F72E} - System32\Tasks\{F58937B5-C617-4811-B3ED-9FAB96CAEC39} => C:\Users\Kuba\Desktop\sterowniki\upd-PCL5-X32-5_2_6_9321.exe No File Task: {609CB853-3CEB-4785-B59D-91A289105ED4} - System32\Tasks\{F9D84375-0E90-498C-8153-D2D2B26D870F} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-09-02] (Mozilla Corporation) Task: {74967351-828A-49BB-A1AB-880CBD88ABDB} - System32\Tasks\{1ED48B0C-A7DA-4C9C-B0AE-7E0E65D4B5DE} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-09-02] (Mozilla Corporation) Task: {AC7EA079-9B16-4708-AB38-74347616BD7F} - \DealPlyUpdate No Task File Task: {C01EB8B0-9076-47DF-BD78-A44810A76D60} - System32\Tasks\{7AF1D1CF-E620-422A-84BC-C49D866FCDC6} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-09-02] (Mozilla Corporation) U3 BcmSqlStartupSvc; S3 btwaudio; system32\drivers\btwaudio.sys [x] S3 btwavdt; system32\DRIVERS\btwavdt.sys [x] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x] S3 btwrchid; system32\DRIVERS\btwrchid.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] U2 IviRegMgr; U2 RichVideo; S3 wdmirror; system32\DRIVERS\WDMirror.sys [x] Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** C:\ProgramData\rawt.js => Moved successfully. C:\ProgramData\rawt.bat => Moved successfully. C:\ProgramData\rawt.reg => Moved successfully. C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully. C:\Users\Kuba\AppData\Roaming\HoolappForAndroid => Moved successfully. C:\Users\Kuba\Downloads\cbsidlm-cbsi134-XWidget-ORG-75609200 (1).exe => Moved successfully. C:\Users\Kuba\Downloads\cbsidlm-cbsi134-XWidget-ORG-75609200.exe => Moved successfully. C:\Users\Kuba\Downloads\Rainmeter(18721).exe => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\xwidget => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => Value deleted successfully. HKU\Gość\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7AC57FAC-79A7-4C43-89D7-7706CFC5B104} => Key deleted successfully. HKCR\CLSID\{7AC57FAC-79A7-4C43-89D7-7706CFC5B104} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CCA90CF-329D-4C03-B28A-0F961059F72E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CCA90CF-329D-4C03-B28A-0F961059F72E} => Key deleted successfully. C:\Windows\System32\Tasks\{F58937B5-C617-4811-B3ED-9FAB96CAEC39} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F58937B5-C617-4811-B3ED-9FAB96CAEC39} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609CB853-3CEB-4785-B59D-91A289105ED4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609CB853-3CEB-4785-B59D-91A289105ED4} => Key deleted successfully. C:\Windows\System32\Tasks\{F9D84375-0E90-498C-8153-D2D2B26D870F} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9D84375-0E90-498C-8153-D2D2B26D870F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74967351-828A-49BB-A1AB-880CBD88ABDB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74967351-828A-49BB-A1AB-880CBD88ABDB} => Key deleted successfully. C:\Windows\System32\Tasks\{1ED48B0C-A7DA-4C9C-B0AE-7E0E65D4B5DE} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1ED48B0C-A7DA-4C9C-B0AE-7E0E65D4B5DE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC7EA079-9B16-4708-AB38-74347616BD7F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC7EA079-9B16-4708-AB38-74347616BD7F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C01EB8B0-9076-47DF-BD78-A44810A76D60} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01EB8B0-9076-47DF-BD78-A44810A76D60} => Key deleted successfully. C:\Windows\System32\Tasks\{7AF1D1CF-E620-422A-84BC-C49D866FCDC6} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AF1D1CF-E620-422A-84BC-C49D866FCDC6} => Key deleted successfully. BcmSqlStartupSvc => Service deleted successfully. btwaudio => Service deleted successfully. btwavdt => Service deleted successfully. btwl2cap => Service deleted successfully. btwrchid => Service deleted successfully. catchme => Service deleted successfully. IviRegMgr => Service deleted successfully. RichVideo => Service deleted successfully. wdmirror => Service deleted successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====