Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-01-2014 Ran by Admin at 2014-01-08 18:26:26 Run:1 Running from G:\logi\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\Gość\...\Run: [Internet Security Manager] - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe MountPoints2: {0f6bdf46-aca6-11e2-8208-0017c4161d42} - F:\Install_Nokia_Ovi_Suite.exe MountPoints2: {669a5f7b-2083-11e0-bfe9-0017c4161d42} - rfg.exe MountPoints2: {699af72c-b02b-11df-bf56-0017c4161d42} - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe MountPoints2: {8afd6ded-22ce-11e3-825d-0017c4161d42} - F:\AutoRun.exe MountPoints2: {8f6334c9-ce01-11e2-8217-0017c4161d42} - F:\InstallTomTomHOME.exe MountPoints2: {94d2812f-21a0-11e2-818f-0017c4161d42} - Toshiba\Launcher\start.exe MountPoints2: {a24b532b-b013-11de-be83-0017c4161d42} - H:\hx.exe MountPoints2: {aedb806c-c363-11e1-8146-0017c4161d42} - F:\AutoRun.exe MountPoints2: {b1ac222c-b97c-11de-be9f-0017c4161d42} - I:\USBNB.exe MountPoints2: {b2a91c1a-af33-11e2-8209-0017c4161d42} - J:\Install_Nokia_Ovi_Suite.exe MountPoints2: {f7e5a69c-4063-11de-bda2-0017c4161d42} - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe HKU\Gość\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe AppInit_DLLs: cijzfd.dll [ ] () ShortcutTarget: runctf.lnk -> C:\DOCUME~1\ADMIN~1.TAD\wgsdgsdgdsgsd.dll (No File) ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File) ShortcutTarget: OpenOfficeT7 2.3.1.lnk -> C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe (No File) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=f0e20b34-1abd-11e1-80cb-0017c4161d42 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=f0e20b34-1abd-11e1-80cb-0017c4161d42 SearchScopes: HKLM - {2A5D1C44-CD3F-4514-A15B-B0BF238447B2} URL = http://www.easypowersearch.com/Results.aspx?cx=partner-pub-8885210189291163:1mftqmofsk1&UDSideSiteVacuumID=f64a0d68-d9f6-493b-8936-c8f97de55958&WSHostingSiteURL=vlnet3.com&WSLang=EN&SelectedSearchLang=PL&cof=FORID%3A10&sa=Search&SV_SRC=IE7SearchBox&oe=utf-8&ie=utf-8&q={searchTerms} SearchScopes: HKLM - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://startsear.ch/?aff=2&src=sp&cf=f0e20b34-1abd-11e1-80cb-0017c4161d42&q={searchTerms} SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=CA0D6259-85D9-47E1-9783-0A35C8D9664A&apn_sauid=846069BF-819F-4E13-A4CA-44D5EE8BF312 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=CA0D6259-85D9-47E1-9783-0A35C8D9664A&apn_sauid=846069BF-819F-4E13-A4CA-44D5EE8BF312 SearchScopes: HKCU - {2A5D1C44-CD3F-4514-A15B-B0BF238447B2} URL = http://www.easypowersearch.com/Results.aspx?cx=partner-pub-8885210189291163:1mftqmofsk1&UDSideSiteVacuumID=f64a0d68-d9f6-493b-8936-c8f97de55958&WSHostingSiteURL=vlnet3.com&WSLang=EN&SelectedSearchLang=PL&cof=FORID%3A10&sa=Search&SV_SRC=IE7SearchBox&oe=utf-8&ie=utf-8&q={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://startsear.ch/?aff=2&src=sp&cf=f0e20b34-1abd-11e1-80cb-0017c4161d42&q={searchTerms} SearchScopes: HKCU - {D547C666-CEC4-46A3-9930-877E51AF71F4} URL = http://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {F2F61099-DFD0-4ad0-AB3B-EEC574E9D21F} URL = http://search.duhiki.com/results.html?cx=002339168288027202941%3Ah6qetdju5sc&cof=FORID%3A10&q={searchTerms}&sa=Search FF user.js: detected! => C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\user.js FF SearchPlugin: C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\babylon.xml FF SearchPlugin: C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\daemon-search.xml FF SearchPlugin: C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\delta.xml FF SearchPlugin: C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\startsear.xml C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\AutoRun.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\AutoRunGUI.dll C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\gg10.upgr.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\GLB1A2B.EXE C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\ICReinstall_Setup.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\RtkBtMnt.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\Setup.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\uninst1.exe C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\_is3.exe C:\Documents and Settings\Gość\Ustawienia lokalne\temp\DataCard_Setup.exe C:\Documents and Settings\Gość\Ustawienia lokalne\temp\ResetDevice.exe C:\Documents and Settings\Gość\Ustawienia lokalne\temp\RtkBtMnt.exe S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 btaudio; system32\drivers\btaudio.sys [x] S3 BTDriver; system32\DRIVERS\btport.sys [x] S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [x] S3 btwhid; system32\DRIVERS\btwhid.sys [x] AlternateDataStreams: C:\Documents and Settings:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Documents and Settings\Admin.TADEK:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Documents and Settings\Admin.TADEK\Cookies:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Documents and Settings\Admin.TADEK\C_:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp:BZ-VIRTUAL-LINK CMD: netsh winsock reset ***************** HKU\Gość\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security Manager => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f6bdf46-aca6-11e2-8208-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{0f6bdf46-aca6-11e2-8208-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{669a5f7b-2083-11e0-bfe9-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{669a5f7b-2083-11e0-bfe9-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699af72c-b02b-11df-bf56-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{699af72c-b02b-11df-bf56-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8afd6ded-22ce-11e3-825d-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{8afd6ded-22ce-11e3-825d-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f6334c9-ce01-11e2-8217-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{8f6334c9-ce01-11e2-8217-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94d2812f-21a0-11e2-818f-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{94d2812f-21a0-11e2-818f-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a24b532b-b013-11de-be83-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{a24b532b-b013-11de-be83-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aedb806c-c363-11e1-8146-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{aedb806c-c363-11e1-8146-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1ac222c-b97c-11de-be9f-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{b1ac222c-b97c-11de-be9f-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2a91c1a-af33-11e2-8209-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{b2a91c1a-af33-11e2-8209-0017c4161d42} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7e5a69c-4063-11de-bda2-0017c4161d42} => Key deleted successfully. HKCR\CLSID\{f7e5a69c-4063-11de-bda2-0017c4161d42} => Key not found. HKU\Gość\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. C:\DOCUME~1\ADMIN~1.TAD\wgsdgsdgdsgsd.dll not found. C:\Program Files\OpenOffice.org 3\program\quickstart.exe not found. C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D547C666-CEC4-46A3-9930-877E51AF71F4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D547C666-CEC4-46A3-9930-877E51AF71F4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2F61099-DFD0-4ad0-AB3B-EEC574E9D21F} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{F2F61099-DFD0-4ad0-AB3B-EEC574E9D21F} => Key not found. C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\user.js => Moved successfully. C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\babylon.xml => Moved successfully. C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\daemon-search.xml => Moved successfully. C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\delta.xml => Moved successfully. C:\Documents and Settings\Admin.TADEK\Dane aplikacji\Mozilla\Firefox\Profiles\mykgs7si.default\searchplugins\startsear.xml => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\AutoRun.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\AutoRunGUI.dll => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\gg10.upgr.exe => Moved successfully. "C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\GLB1A2B.EXE" => File/Directory not found. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\ICReinstall_Setup.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\RtkBtMnt.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\Setup.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\uninst1.exe => Moved successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp\_is3.exe => Moved successfully. C:\Documents and Settings\Gość\Ustawienia lokalne\temp\DataCard_Setup.exe => Moved successfully. C:\Documents and Settings\Gość\Ustawienia lokalne\temp\ResetDevice.exe => Moved successfully. Could not move "C:\Documents and Settings\Gość\Ustawienia lokalne\temp\RtkBtMnt.exe" => Scheduled to move on reboot. catchme => Service deleted successfully. btaudio => Service deleted successfully. BTDriver => Service deleted successfully. BTWDNDIS => Service deleted successfully. btwhid => Service deleted successfully. C:\Documents and Settings => ":BZ-VIRTUAL-LINK" ADS removed successfully. C:\Documents and Settings\Admin.TADEK => ":BZ-VIRTUAL-LINK" ADS removed successfully. C:\Documents and Settings\Admin.TADEK\Cookies => ":BZ-VIRTUAL-LINK" ADS removed successfully. C:\Documents and Settings\Admin.TADEK\C_ => ":BZ-VIRTUAL-LINK" ADS removed successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne => ":BZ-VIRTUAL-LINK" ADS removed successfully. C:\Documents and Settings\Admin.TADEK\Ustawienia lokalne\temp => ":BZ-VIRTUAL-LINK" ADS removed successfully. ========= netsh winsock reset ========= OSTRZE¯ENIE: Nie mo¿na uzyskaæ informacji o hoœcie z komputera: [TADEK]. Niektóre polecenia mog¹ byæ niedostêpne. Okreœlona us³uga nie istnieje jako us³uga zainstalowana. Pomyœlnie zresetowano Winsock Catalog. Musisz ponownie uruchomiæ komputer, aby ukoñczyæ resetowanie. ========= End of CMD: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-08 18:31:56)<= C:\Documents and Settings\Gość\Ustawienia lokalne\temp\RtkBtMnt.exe => Moved successfully. ==== End of Fixlog ====