Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-04-2014 Ran by Administrator at 2014-04-24 12:37:39 Run:2 Running from C:\Documents and Settings\Administrator\Pulpit\OTL Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 winmgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S1 aqfyvszx; \??\C:\WINDOWS\system32\drivers\aqfyvszx.sys [X] S1 atpofphs; \??\C:\WINDOWS\system32\drivers\atpofphs.sys [X] S1 elwanrlf; \??\C:\WINDOWS\system32\drivers\elwanrlf.sys [X] S1 jzfimovn; \??\C:\WINDOWS\system32\drivers\jzfimovn.sys [X] S1 kalrgrad; \??\C:\WINDOWS\system32\drivers\kalrgrad.sys [X] S1 kdaskjfk; \??\C:\WINDOWS\system32\drivers\kdaskjfk.sys [X] S1 kdicitfx; \??\C:\WINDOWS\system32\drivers\kdicitfx.sys [X] S1 minmloiz; \??\C:\WINDOWS\system32\drivers\minmloiz.sys [X] S1 mvrujavj; \??\C:\WINDOWS\system32\drivers\mvrujavj.sys [X] S1 nbssngoj; \??\C:\WINDOWS\system32\drivers\nbssngoj.sys [X] S1 nkwjghrc; \??\C:\WINDOWS\system32\drivers\nkwjghrc.sys [X] S1 nmsgbirz; \??\C:\WINDOWS\system32\drivers\nmsgbirz.sys [X] S1 orsiynoz; \??\C:\WINDOWS\system32\drivers\orsiynoz.sys [X] S1 rvdiabjt; \??\C:\WINDOWS\system32\drivers\rvdiabjt.sys [X] S1 vfrgxfvc; \??\C:\WINDOWS\system32\drivers\vfrgxfvc.sys [X] S1 wweoiusj; \??\C:\WINDOWS\system32\drivers\wweoiusj.sys [X] S1 xcmplsfp; \??\C:\WINDOWS\system32\drivers\xcmplsfp.sys [X] S1 xwhzvdxt; \??\C:\WINDOWS\system32\drivers\xwhzvdxt.sys [X] Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\ADMINI~1\DANEAP~1\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = SearchScopes: HKCU - {221F6852-E080-49F1-B197-742D9433BAD4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=9BA0E5AD-23D3-4972-8369-A5289D880B1F&apn_sauid=2E7E7D22-87BB-425A-95DD-ADF9CB911CA5 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo Toolbar: HKLM - No Name - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ C:\Documents and Settings\All Users\Dane aplikacji\jw1rbnwl1.ctrl C:\Documents and Settings\All Users\Dane aplikacji\f8bq.pad C:\Documents and Settings\All Users\Dane aplikacji\o7iw8.pad C:\Documents and Settings\All Users\Dane aplikacji\91f63af8d8706ade C:\Documents and Settings\All Users\Dane aplikacji\Adtrustmedia C:\Documents and Settings\All Users\Dane aplikacji\Ask C:\Documents and Settings\All Users\Dane aplikacji\Babylon C:\Documents and Settings\All Users\Dane aplikacji\Comodo C:\Documents and Settings\All Users\Dane aplikacji\InstallMate C:\Documents and Settings\All Users\Dane aplikacji\Norton C:\Documents and Settings\All Users\Dane aplikacji\websaave C:\Documents and Settings\All Users\Dane aplikacji\WinZip C:\Documents and Settings\Administrator\Dane aplikacji\Babylon C:\Documents and Settings\Administrator\Menu Start\Programy\BitGuard C:\Program Files\Common Files\Symantec Shared C:\Program Files\Comodo C:\Program Files\websaave C:\Program Files\YoutubeAdblocker C:\Program Files\mozilla firefox\plugins C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\tasks\ImCleanDisabled C:\WINDOWS\Tasks\TaskDisabled C:\WINDOWS\System32\sh4native.exe Reg: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_EXPAND_SZ /d "autocheck autochk *" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO Internet Security" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrivDogService" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Companion" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyHunter Security Suite" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reboot: ***************** winmgmt => Service restored successfully. aqfyvszx => Service not found. atpofphs => Service not found. elwanrlf => Service not found. jzfimovn => Service not found. kalrgrad => Service not found. kdaskjfk => Service not found. kdicitfx => Service not found. minmloiz => Service not found. mvrujavj => Service not found. nbssngoj => Service not found. nkwjghrc => Service not found. nmsgbirz => Service not found. orsiynoz => Service not found. rvdiabjt => Service not found. vfrgxfvc => Service not found. wweoiusj => Service not found. xcmplsfp => Service not found. xwhzvdxt => Service not found. C:\WINDOWS\Tasks\EPUpdater.job not found. C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{221F6852-E080-49F1-B197-742D9433BAD4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{221F6852-E080-49F1-B197-742D9433BAD4} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} => Value deleted successfully. HKCR\CLSID\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} => Value deleted successfully. HKCR\CLSID\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\jw1rbnwl1.ctrl => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\f8bq.pad => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\o7iw8.pad => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\91f63af8d8706ade => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Adtrustmedia => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Ask => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Comodo => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\InstallMate => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Norton => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\websaave => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\WinZip => Moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\Administrator\Menu Start\Programy\BitGuard => Moved successfully. C:\Program Files\Common Files\Symantec Shared => Moved successfully. C:\Program Files\Comodo => Moved successfully. C:\Program Files\websaave => Moved successfully. C:\Program Files\YoutubeAdblocker => Moved successfully. C:\Program Files\Mozilla Firefox\plugins => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\WINDOWS\tasks\ImCleanDisabled => Moved successfully. C:\WINDOWS\Tasks\TaskDisabled => Moved successfully. C:\WINDOWS\System32\sh4native.exe => Moved successfully. ========= reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_EXPAND_SZ /d "autocheck autochk *" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO Internet Security" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrivDogService" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Companion" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyHunter Security Suite" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====