Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04 Ran by SYSTEM at 19-06-2012 13:01:04 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.) HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-09-05] (Sun Microsystems, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company) HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [OoWGfYqgBHHJD0s] C:\Users\kasia\AppData\Roaming\Dickemoepse.exe [237056 2012-06-06] () HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Default\...\Policies\system: [WallpaperStyle] 2 HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Default User\...\Policies\system: [WallpaperStyle] 2 HKU\kasia\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company) HKU\kasia\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [24103720 2009-03-27] (Skype Technologies S.A.) HKU\kasia\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation) HKU\kasia\...\Run: [OoWGfYqgBHHJD0s] C:\Users\kasia\AppData\Roaming\Dickemoepse.exe [237056 2012-06-06] () HKU\kasia\...\Policies\system: [WallpaperStyle] 2 HKU\kasia\...\Policies\system: [DisableTaskMgr] 1 HKU\kasia\...\Policies\system: [DisableRegistryTools] 1 HKU\kasia\...\Policies\Explorer: [NoDesktop] 1 HKU\kasia\...\Winlogon: [Userinit] C:\Users\kasia\AppData\Roaming\Dickemoepse.exe,C:\WINDOWS\System32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation) HKU\kasia\...\Winlogon: [Shell] C:\Users\kasia\AppData\Roaming\Dickemoepse.exe [237056 2012-06-06] () HKLM-x32\...\Winlogon: [Userinit] C:\Users\kasia\AppData\Roaming\Dickemoepse.exe,C:\WINDOWS\System32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Winlogon: [Shell] C:\Users\kasia\AppData\Roaming\Dickemoepse.exe [x ] () Tcpip\Parameters: [DhcpNameServer] 192.168.111.10 Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\File-Extensions.org Search.lnk ShortcutTarget: File-Extensions.org Search.lnk -> C:\Program Files (x86)\File Extensions\File-Extensions.org-Search.exe (Digidy, s.r.o.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk ShortcutTarget: Symantec Fax Starter Edition Port.lnk -> C:\Program Files (x86)\Microsoft Office\Office\1045\OLFSNT40.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ====== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) 2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-01] (DigitalPersona, Inc.) 2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] () 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.) 2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1924400 2009-07-12] (Validity Sensors, Inc.) 2 vcsFPService; C:\Windows\SysWow64\vcsFPService.exe [1656112 2009-07-12] (Validity Sensors, Inc.) ========================== Drivers (Whitelisted) ============= 3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-06-29] (ENE TECHNOLOGY INC.) 4 eabfiltr; [x] ========================== NetSvcs (Whitelisted) =========== ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 4092.2 MB Available physical RAM: 3375.04 MB Total Pagefile: 4090.35 MB Available Pagefile: 3368.46 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:452.67 GB) (Free:399.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:12.79 GB) (Free:2.14 GB) NTFS 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 5 Drive h: (THINSTATE) (Removable) (Total:7.44 GB) (Free:2.87 GB) FAT32 ==>[System with boot components (obtained from reading drive)] 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 465 GB 0 B Dysk 1 Online 7640 MB 0 B Trwa opuszczanie programu DiskPart... ========================================================== Last Boot: 2012-05-29 11:29 ======================= End Of Log ==========================