Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01 Ran by SYSTEM at 07-08-2012 22:56:17 Running from D:\7tr2fdvsyuiv Windows Vista (TM) Business (X86) OS Language: English(US) The current controlset is ControlSet003 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2009-11-30] (Dell Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [273528 2011-11-16] (RealNetworks, Inc.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [] [x] HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto [222208 2006-11-02] (Microsoft Corporation) HKU\x\...\Run: [] [x] HKU\x\...\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 ================================ Services (Whitelisted) ================== 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation) 4 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [4038656 2009-11-30] (Dell Inc.) 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] ========================== Drivers (Whitelisted) ============= 3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-11-30] (Broadcom Corporation) 3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.) 1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-11-08] (Duplex Secure Ltd.) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-07 22:56 - 2012-08-07 22:56 - 00000000 ____D C:\FRST 2012-08-07 22:33 - 2012-08-07 22:49 - 00045930 ____A C:\OTL.Txt 2012-08-07 15:13 - 2012-08-07 15:13 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yvbpvutk.sys 2012-08-06 19:48 - 2012-08-06 18:18 - 09769576 ____A (McAfee Inc.) C:\stinger.exe 2012-08-06 18:02 - 2012-08-07 15:10 - 00001178 ____A C:\Windows\PFRO.log 2012-08-06 17:59 - 2012-08-06 17:59 - 00000000 ____D C:\Program Files\stinger 2012-08-06 17:14 - 2012-08-06 17:14 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hvtsfjhf.sys 2012-08-06 17:10 - 2012-08-06 17:10 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vxrznweg.sys 2012-08-06 16:36 - 2012-08-06 16:36 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xhezukbn.sys 2012-08-06 15:32 - 2012-08-07 15:12 - 00002243 ____A C:\Windows\epplauncher.mif 2012-08-06 15:30 - 2012-08-06 15:31 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-08-06 15:28 - 2012-08-06 15:29 - 10299264 ____A (Microsoft Corporation) C:\Users\x\Downloads\mseinstall.exe 2012-08-02 15:16 - 2012-08-02 15:26 - 70532102 ____A C:\Users\x\Downloads\Angry Birds Space v1.2.0 Ultimate Edition 2012 Full.rar 2012-08-02 14:53 - 2012-08-02 15:03 - 00000000 ____D C:\Windows\System32\appmgmt 2012-08-02 13:29 - 2012-08-02 14:43 - 733906944 ____A C:\Users\x\Downloads\Podroz.Na.Tajemnicza.Wyspe.2012.avi 2012-07-29 16:38 - 2012-07-29 16:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-29 16:35 - 2012-08-06 16:06 - 00000000 ____D C:\Users\x\AppData\Roaming\xsecva 2012-07-29 16:27 - 2012-07-29 16:27 - 00000000 ____D C:\Program Files\StartSearch plugin 2012-07-29 16:26 - 2012-07-29 16:26 - 00684664 ____A C:\Users\x\Downloads\livevdo-plugin.exe 2012-07-22 17:15 - 2012-07-20 17:25 - 00020074 ____A C:\Users\x\Downloads\Breaking.Bad.S05E01.HDTV.x264-FQM.txt 2012-07-22 17:15 - 2012-07-20 17:19 - 322773223 ____A C:\Users\x\Downloads\Breaking.Bad.S05E01.HDTV.x264-FQM.mp4 2012-07-15 10:29 - 2012-07-15 10:30 - 00035146 ____A C:\Users\x\Desktop\edukacja.htm 2012-07-15 10:29 - 2012-07-15 10:29 - 00000000 ____D C:\Users\x\Desktop\edukacja_pliki 2012-07-13 17:26 - 2012-07-13 17:26 - 00000000 ____D C:\Users\x\Downloads\Slowniki 2012-07-13 17:03 - 2009-01-11 12:06 - 00000000 ____D C:\Users\x\Desktop\Xlator 2012-07-13 15:44 - 2009-04-24 05:54 - 00427203 ____A C:\Users\x\Desktop\Slownik polsko-niemiecki.jar 2012-07-09 18:23 - 2012-07-09 18:23 - 00049152 ____A C:\Users\x\jaayoag.exe ============ 3 Months Modified Files ======================== 2012-08-07 22:49 - 2012-08-07 22:33 - 00045930 ____A C:\OTL.Txt 2012-08-07 15:13 - 2012-08-07 15:13 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yvbpvutk.sys 2012-08-07 15:12 - 2012-08-06 15:32 - 00002243 ____A C:\Windows\epplauncher.mif 2012-08-07 15:10 - 2012-08-06 18:02 - 00001178 ____A C:\Windows\PFRO.log 2012-08-07 15:10 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-07 15:09 - 2006-11-02 08:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-07 15:09 - 2006-11-02 08:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-07 15:00 - 2006-11-02 04:35 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-08-06 18:58 - 2006-11-02 09:01 - 00032508 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-06 18:18 - 2012-08-06 19:48 - 09769576 ____A (McAfee Inc.) C:\stinger.exe 2012-08-06 17:14 - 2012-08-06 17:14 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hvtsfjhf.sys 2012-08-06 17:10 - 2012-08-06 17:10 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vxrznweg.sys 2012-08-06 16:36 - 2012-08-06 16:36 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xhezukbn.sys 2012-08-06 16:21 - 2011-11-07 09:58 - 00001356 ____A C:\Users\x\AppData\Local\d3d9caps.dat 2012-08-06 15:29 - 2012-08-06 15:28 - 10299264 ____A (Microsoft Corporation) C:\Users\x\Downloads\mseinstall.exe 2012-08-05 17:11 - 2006-12-05 01:23 - 00535568 ____A C:\Windows\System32\perfh015.dat 2012-08-05 17:11 - 2006-12-05 01:23 - 00086416 ____A C:\Windows\System32\perfc015.dat 2012-08-05 17:11 - 2006-11-02 06:33 - 01326066 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-02 17:31 - 2011-11-07 12:20 - 00121344 ____A C:\Users\x\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-08-02 15:26 - 2012-08-02 15:16 - 70532102 ____A C:\Users\x\Downloads\Angry Birds Space v1.2.0 Ultimate Edition 2012 Full.rar 2012-08-02 14:43 - 2012-08-02 13:29 - 733906944 ____A C:\Users\x\Downloads\Podroz.Na.Tajemnicza.Wyspe.2012.avi 2012-07-29 16:38 - 2012-07-29 16:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-29 16:38 - 2011-11-07 12:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-29 16:26 - 2012-07-29 16:26 - 00684664 ____A C:\Users\x\Downloads\livevdo-plugin.exe 2012-07-20 17:25 - 2012-07-22 17:15 - 00020074 ____A C:\Users\x\Downloads\Breaking.Bad.S05E01.HDTV.x264-FQM.txt 2012-07-20 17:19 - 2012-07-22 17:15 - 322773223 ____A C:\Users\x\Downloads\Breaking.Bad.S05E01.HDTV.x264-FQM.mp4 2012-07-15 10:30 - 2012-07-15 10:29 - 00035146 ____A C:\Users\x\Desktop\edukacja.htm 2012-07-09 18:23 - 2012-07-09 18:23 - 00049152 ____A C:\Users\x\jaayoag.exe 2012-07-05 16:50 - 2012-07-05 16:50 - 03568230 ____A (Easy Tools,Inc ) C:\Users\x\Downloads\BatchWatermarkCreatorEn.exe 2012-07-05 16:37 - 2012-07-05 16:37 - 01773568 ____A (Microsoft Corporation) C:\Windows\System32\msgdiplus.dll 2012-07-03 06:33 - 2012-07-03 06:33 - 00000514 ____A C:\Users\x\Documents\tekst zakonczenie roku.txt 2012-07-01 17:24 - 2012-07-01 17:10 - 750437786 ____A C:\Users\x\Downloads\7tr2fdvsyuiv.rar 2012-06-22 05:55 - 2012-06-22 05:46 - 729682170 ____A C:\Users\x\Downloads\KOBIETAWCZERNI.rar 2012-06-16 07:49 - 2006-11-02 08:47 - 00382120 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-15 17:31 - 2012-06-15 17:31 - 00042871 ____A C:\Users\x\Downloads\sparks-chronicle-xvid.txt 2012-06-15 03:11 - 2011-11-07 09:59 - 00105408 ____A C:\Users\x\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-13 08:35 - 2012-06-13 08:35 - 00027841 ____A C:\Users\x\Downloads\94.jpeg 2012-06-12 12:17 - 2012-06-12 12:17 - 00073728 ____A C:\Users\x\Documents\wizytówka czerwa.pub 2012-05-17 16:38 - 2012-05-17 16:38 - 04263424 ____A C:\Users\x\Downloads\Ciekawostki_3.pps 2012-05-17 06:14 - 2012-05-17 06:13 - 00598528 ____A C:\Users\x\Downloads\na_zly_humor[www.HSS.pl].pps 2012-05-16 12:43 - 2012-05-16 12:43 - 00712192 ____A C:\Users\x\Downloads\Dawniej_i_dzis.pps 2012-05-14 18:12 - 2011-12-06 08:01 - 00174734 ____A C:\Windows\hpoins45.dat 2012-05-14 18:00 - 2006-11-02 06:23 - 00001569 ____A C:\Windows\win.ini 2012-05-12 16:20 - 2012-05-12 16:09 - 733937664 ____A C:\Users\x\Downloads\Man.On.A.Ledge.2012.PL.SUBBED.DVDRip.XViD-MORS.avi 2012-05-11 01:32 - 2012-05-11 01:32 - 69844992 ____A C:\Users\x\Downloads\Firma.-.Warsztat.samochodowy.TVN24.(2007-02-24).TVrip.[Piorkowski].avi 2012-05-11 01:32 - 2012-05-11 01:29 - 77522944 ____A C:\Users\x\Downloads\Firma.-.Dom.weselny.TVN24.(2007-03-10).TVrip.[Piorkowski].avi ZeroAccess: C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383} C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383}\@ C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383}\L C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383}\n C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383}\U C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383}\L\00000004.@ C:\Windows\Installer\{86b14e07-114f-4953-6edb-918c8028f383}\L\201d3dde ZeroAccess: C:\Users\x\AppData\Local\{86b14e07-114f-4953-6edb-918c8028f383} C:\Users\x\AppData\Local\{86b14e07-114f-4953-6edb-918c8028f383}\@ C:\Users\x\AppData\Local\{86b14e07-114f-4953-6edb-918c8028f383}\L C:\Users\x\AppData\Local\{86b14e07-114f-4953-6edb-918c8028f383}\U ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe [2006-11-02 04:47] - [2006-11-02 05:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe A246A7052A70C2E1BE4F7E54DF31E4DF ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll [2006-11-02 04:38] - [2006-11-02 05:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2006-11-02 04:52] - [2006-11-02 05:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== ========================= Memory info ====================== Percentage of memory in use: 25% Total physical RAM: 894.26 MB Available physical RAM: 661.8 MB Total Pagefile: 805.86 MB Available Pagefile: 701.81 MB Total Virtual: 2047.88 MB Available Virtual: 2002.02 MB ======================= Partitions ========================= 1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 2 Drive c: () (Fixed) (Total:105.93 GB) (Free:37.71 GB) NTFS 3 Drive d: (SAMSUNG) (Fixed) (Total:298 GB) (Free:40.36 GB) FAT32 4 Drive e: () (Fixed) (Total:126.95 GB) (Free:41.6 GB) NTFS 5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 233 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 298 GB 32 KB ================================================================================== Disk: 0 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D SAMSUNG FAT32 Partition 298 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 106 GB 1024 KB Partition 2 Primary 127 GB 106 GB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 106 GB Healthy ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 127 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-08-06 18:09 ======================= End Of Log ==========================