Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013 Ran by SYSTEM on 29-05-2013 13:04:30 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-08-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG) HKU\jacek\...\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe" [13374048 2011-07-04] (GG Network S.A.) HKU\jacek\...\Winlogon: [Shell] explorer.exe,C:\Users\jacek\AppData\Roaming\skype.dat [58880 2011-11-16] () <==== ATTENTION ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-19] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-19] (Avira Operations GmbH & Co. KG) S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) ==================== Drivers (Whitelisted) ==================== S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.) S2 avgntflt; system32\DRIVERS\avgntflt.sys [x] S1 avipbb; system32\DRIVERS\avipbb.sys [x] S1 avkmgr; system32\DRIVERS\avkmgr.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-29 13:04 - 2013-05-29 13:04 - 00000000 ____D C:\FRST 2013-05-29 04:55 - 2013-05-29 04:54 - 01915774 ____A (Farbar) C:\FRST64.exe 2013-05-28 13:02 - 2013-05-28 13:02 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat 2013-05-22 13:05 - 2013-05-28 16:13 - 00000004 ____A C:\Users\jacek\AppData\Roaming\skype.ini 2013-05-21 10:49 - 2013-05-21 10:49 - 00000000 ____D C:\Users\jacek\AppData\Local\{521C5E4C-E780-4012-899D-7AA1378A4C08} 2013-05-20 04:04 - 2013-05-20 04:04 - 00000000 ____D C:\Users\jacek\AppData\Local\{1820E3FE-E12B-4CD5-9A03-C7353F06E515} 2013-05-20 04:02 - 2013-05-20 04:02 - 00000000 ____D C:\Users\jacek\AppData\Local\{7C27C565-4E04-4D5B-B72F-A12A9FB56573} 2013-05-15 06:14 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 06:14 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 06:14 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 06:14 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 06:14 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 06:14 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 06:14 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 06:14 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 06:14 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 06:14 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 06:14 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 06:14 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 06:14 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-15 06:14 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-02 06:54 - 2013-05-02 06:54 - 00000000 ____D C:\Users\jacek\AppData\Local\{D2475916-49B6-4220-9421-5D2947B35CFE} 2013-05-02 00:51 - 2013-05-02 00:51 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys ==================== One Month Modified Files and Folders ======= 2013-05-29 13:04 - 2013-05-29 13:04 - 00000000 ____D C:\FRST 2013-05-29 04:54 - 2013-05-29 04:55 - 01915774 ____A (Farbar) C:\FRST64.exe 2013-05-28 16:13 - 2013-05-22 13:05 - 00000004 ____A C:\Users\jacek\AppData\Roaming\skype.ini 2013-05-28 16:13 - 2011-08-13 15:44 - 01247020 ____A C:\Windows\WindowsUpdate.log 2013-05-28 16:13 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-28 16:13 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-28 16:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-28 16:07 - 2009-07-13 20:51 - 00229629 ____A C:\Windows\setupact.log 2013-05-28 15:41 - 2011-05-28 01:13 - 00698590 ____A C:\Windows\System32\perfh015.dat 2013-05-28 15:41 - 2011-05-28 01:13 - 00135410 ____A C:\Windows\System32\perfc015.dat 2013-05-28 15:41 - 2009-07-13 21:13 - 01551444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-28 15:10 - 2011-10-05 04:27 - 00000000 ____D C:\users\jacek 2013-05-28 15:10 - 2007-01-01 17:32 - 00000000 ____D C:\users\Administrator 2013-05-28 13:02 - 2013-05-28 13:02 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat 2013-05-24 06:00 - 2012-09-12 10:37 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273909550-2487503245-638697518-1000UA.job 2013-05-24 06:00 - 2012-04-17 06:18 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-24 01:16 - 2013-03-16 01:06 - 00174653 ____A C:\Windows\IE9_main.log 2013-05-22 10:42 - 2012-09-12 10:37 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273909550-2487503245-638697518-1000Core.job 2013-05-21 10:49 - 2013-05-21 10:49 - 00000000 ____D C:\Users\jacek\AppData\Local\{521C5E4C-E780-4012-899D-7AA1378A4C08} 2013-05-21 06:29 - 2012-05-19 13:56 - 00168448 __ASH C:\Users\jacek\Documents\Thumbs.db 2013-05-21 06:29 - 2011-12-12 06:01 - 00000000 ____D C:\Users\jacek\AppData\Roaming\OpenOffice.org2 2013-05-20 13:07 - 2010-11-20 19:47 - 00391690 ____A C:\Windows\PFRO.log 2013-05-20 04:04 - 2013-05-20 04:04 - 00000000 ____D C:\Users\jacek\AppData\Local\{1820E3FE-E12B-4CD5-9A03-C7353F06E515} 2013-05-20 04:02 - 2013-05-20 04:02 - 00000000 ____D C:\Users\jacek\AppData\Local\{7C27C565-4E04-4D5B-B72F-A12A9FB56573} 2013-05-17 08:20 - 2012-07-24 22:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 09:15 - 2012-04-17 06:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 09:15 - 2012-04-17 06:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-15 07:33 - 2009-07-13 20:45 - 00304096 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-14 07:11 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-12 14:57 - 2012-05-13 09:58 - 00000000 ____D C:\Users\jacek\Desktop\Nowy folder 2013-05-03 01:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-05-02 06:54 - 2013-05-02 06:54 - 00000000 ____D C:\Users\jacek\AppData\Local\{D2475916-49B6-4220-9421-5D2947B35CFE} 2013-05-02 00:51 - 2013-05-02 00:51 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys 2013-05-01 16:06 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe Other Malware: =========== C:\Users\jacek\AppData\Roaming\skype.dat C:\Users\jacek\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-10 11:19:48 Restore point made on: 2013-05-11 02:46:27 Restore point made on: 2013-05-11 05:22:01 Restore point made on: 2013-05-12 01:21:31 Restore point made on: 2013-05-13 03:34:56 Restore point made on: 2013-05-13 03:59:53 Restore point made on: 2013-05-13 13:28:47 Restore point made on: 2013-05-14 09:05:26 Restore point made on: 2013-05-15 06:26:26 Restore point made on: 2013-05-17 08:20:42 Restore point made on: 2013-05-17 08:25:10 Restore point made on: 2013-05-18 13:51:32 Restore point made on: 2013-05-19 00:41:41 Restore point made on: 2013-05-20 03:02:32 Restore point made on: 2013-05-20 06:46:22 Restore point made on: 2013-05-20 08:52:53 Restore point made on: 2013-05-20 12:31:23 Restore point made on: 2013-05-21 04:57:08 Restore point made on: 2013-05-21 06:18:23 Restore point made on: 2013-05-21 06:20:52 Restore point made on: 2013-05-21 06:26:43 Restore point made on: 2013-05-21 09:06:17 Restore point made on: 2013-05-21 10:02:05 Restore point made on: 2013-05-21 22:59:06 Restore point made on: 2013-05-23 00:24:06 Restore point made on: 2013-05-24 01:16:10 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 4043.86 MB Available physical RAM: 3290.91 MB Total Pagefile: 4042.01 MB Available Pagefile: 3274.82 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.94 GB) (Free:287.47 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:14.52 GB) (Free:1.59 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive g: (HBCD 14.1) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS Drive h: () (Removable) (Total:0.96 GB) (Free:0.14 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C0D1C4A4) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 982 MB) (Disk ID: 221E5780) Partition 1: (Active) - (Size=982 MB) - (Type=0B) Last Boot: 2013-05-16 09:44 ==================== End Of Log ============================