Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2013 01 Ran by user (administrator) on USER-KOMPUTER on 31-08-2013 06:50:33 Running from C:\Users\user\Downloads Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKCU\...\Run: [Badoo Desktop] - C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [x] HKCU\...\Policies\Explorer: [NoDriveAutoRun] 16 MountPoints2: F - F:\AutoRun.exe MountPoints2: G - G:\AutoRun.exe MountPoints2: {18db666f-ae95-11df-92e2-e0cb4e5fa687} - F:\AutoRun.exe MountPoints2: {1fae6520-ffd1-11e1-8cbb-dde8104c8deb} - F:\AutoRun.exe MountPoints2: {289fe719-379b-11e1-bb9e-bece1709359f} - F:\AutoRun.exe MountPoints2: {29491da1-0a03-11e0-a980-99b32f31889a} - F:\AutoRun.exe MountPoints2: {2e5f5ff1-9a5b-11df-9cec-e0cb4e5fa687} - F:\AutoRun.exe MountPoints2: {2eeb25cd-ae99-11df-bf4f-e0cb4e5fa687} - F:\AutoRun.exe MountPoints2: {4c4c0743-ed47-11e2-8a2b-e9ada247bbe4} - F:\AutoRun.exe MountPoints2: {4c4c0750-ed47-11e2-8a2b-e9ada247bbe4} - F:\AutoRun.exe MountPoints2: {4c4c076c-ed47-11e2-8a2b-e9ada247bbe4} - F:\AutoRun.exe MountPoints2: {4c7fe4b7-82db-11e1-9430-c925e768ba94} - F:\NokiaPCIA_Autorun.exe MountPoints2: {6a311ec3-6cb0-11e2-b0af-cbcf475af6e7} - F:\AutoRun.exe MountPoints2: {7ba88ec2-0bd1-11e1-ba15-ca9bb9998b83} - F:\AutoRun.exe MountPoints2: {92b1c208-0f8a-11e1-85dd-f5fcb77f7083} - F:\AutoRun.exe MountPoints2: {949ac586-3f86-11e1-8fa7-e268bd400b9f} - F:\AutoRun.exe MountPoints2: {949ac59f-3f86-11e1-8fa7-e268bd400b9f} - F:\AutoRun.exe MountPoints2: {949ac5b2-3f86-11e1-8fa7-e268bd400b9f} - F:\AutoRun.exe MountPoints2: {c5a82997-57c4-11e1-91aa-db97447d9a28} - F:\AutoRun.exe MountPoints2: {d0a198cc-4d82-11e1-92c3-cfc559ba4d97} - F:\AutoRun.exe MountPoints2: {d720367c-a7ad-11df-9181-e0cb4e5fa687} - F:\AutoRun.exe MountPoints2: {e83fb233-63a4-11e1-ae42-af5fec45a134} - F:\USBAutoRun.exe MountPoints2: {f035d9a2-ef93-11e2-b45f-d20e8f7952ff} - F:\AutoRun.exe MountPoints2: {f2b12032-0c1e-11e1-821f-b9872d71b3ec} - F:\AutoRun.exe MountPoints2: {f3d51b8e-d746-11e2-8b70-8326bb970d86} - F:\AutoRun.exe MountPoints2: {ff22724e-4d88-11e1-8e1f-9fa91ae857e5} - F:\AutoRun.exe MountPoints2: {ff227263-4d88-11e1-8e1f-9fa91ae857e5} - F:\AutoRun.exe MountPoints2: {ff22726e-4d88-11e1-8e1f-9fa91ae857e5} - G:\AutoRun.exe HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\blueconnect\DataCardMonitor.exe [253952 2013-02-01] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask) BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&crg=3.1010000&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C} URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C}&q={searchTerms}&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C}&q={searchTerms}&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid=&mid=dc1590634d1447d1b9d1549089e76a6b-3e7aa1fd44011282cfdef6ad347f03fcb76bad88&lang=en&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=110000&tt=090212_ctrl&babsrc=SP_ss&mntrId=f07bd289000000000000582c80139263 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {6D8291A7-7BF6-4C96-B809-559B1455D655} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=0465ACD9-97BF-45C6-A2E7-DF2D81A90E6B&apn_sauid=18C37563-EED5-42CB-8AD5-E9B3A1BEA671 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid=&mid=dc1590634d1447d1b9d1549089e76a6b-3e7aa1fd44011282cfdef6ad347f03fcb76bad88&lang=en&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C}&q={searchTerms}&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C} BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler: msdaipp - No CLSID Value - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{9EF3463F-29EA-4485-A05A-B6287F382AEF}: [NameServer]89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{E6FA3AF5-3AA7-4989-BEA8-734EB6826778}: [NameServer]89.108.202.20 89.108.195.20 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\user.js FF NewTab: hxxp://home.sweetim.com/?src=97&barid={554C6305-0B8D-4241-9470-32F1CFE7C93C} FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.google.pl/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Babylon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\Extensions\ffxtlbr@babylon.com FF Extension: Ask Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\Extensions\toolbar@ask.com FF Extension: MyAshampoo Community Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qv5awwpa.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ Chrome: ======= CHR HomePage: https://isearch.avg.com/?cid={E71A864E-B150-4450-837A-84667F45F527}&mid=dc1590634d1447d1b9d1549089e76a6b-3e7aa1fd44011282cfdef6ad347f03fcb76bad88&lang=pl&ds=ax011&pr=&d=2012-09-11 18:19:45&v=12.2.5.34&sap=hp CHR RestoreOnStartup: "https://isearch.avg.com/?cid={E71A864E-B150-4450-837A-84667F45F527}&mid=dc1590634d1447d1b9d1549089e76a6b-3e7aa1fd44011282cfdef6ad347f03fcb76bad88&lang=pl&ds=ax011&pr=&d=2012-09-11 18:19:45&v=12.2.5.34&sap=hp" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (AVG Internet Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\user\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-07-15] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG) S2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66904 2011-11-28] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software) S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [591192 2011-11-28] (AVAST Software) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.) R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2013-07-15] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software) S3 massfilter; system32\drivers\massfilter.sys [x] U3 tmlwf; U3 tmwfp; S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 06:47 - 2013-08-31 06:47 - 01587214 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2013-08-29 15:42 - 2013-08-29 15:42 - 00000000 ____D C:\Users\user\AppData\Roaming\CyberLink 2013-08-29 15:42 - 2013-08-29 15:42 - 00000000 ____D C:\Users\Public\CyberLink ==================== One Month Modified Files and Folders ======= 2013-08-31 06:49 - 2013-08-31 06:49 - 00000000 ____D C:\FRST 2013-08-31 06:48 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-31 06:48 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-31 06:47 - 2013-08-31 06:47 - 01587214 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2013-08-31 06:35 - 2010-08-25 11:42 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-31 06:33 - 2010-01-10 08:40 - 01420383 _____ C:\Windows\WindowsUpdate.log 2013-08-31 06:23 - 2012-02-19 17:21 - 00000000 ____D C:\Windows\system32\Drivers\AVG 2013-08-31 06:21 - 2009-08-03 21:55 - 00689160 _____ C:\Windows\system32\perfh015.dat 2013-08-31 06:21 - 2009-08-03 21:55 - 00132182 _____ C:\Windows\system32\perfc015.dat 2013-08-31 06:21 - 2009-07-14 07:13 - 01558616 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-31 06:17 - 2013-07-15 13:46 - 00041894 _____ C:\Windows\setupact.log 2013-08-31 06:17 - 2010-08-25 11:42 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-31 06:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-29 17:38 - 2013-01-02 21:07 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-772571408-711275989-3610619051-1000UA.job 2013-08-29 15:42 - 2013-08-29 15:42 - 00000000 ____D C:\Users\user\AppData\Roaming\CyberLink 2013-08-29 15:42 - 2013-08-29 15:42 - 00000000 ____D C:\Users\Public\CyberLink 2013-08-29 15:42 - 2010-01-10 09:08 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-29 13:16 - 2013-01-11 22:35 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-08-26 09:13 - 2010-08-25 11:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2013-08-16 20:38 - 2013-01-02 21:07 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-772571408-711275989-3610619051-1000Core.job 2013-08-06 13:37 - 2012-02-05 08:26 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\Users\user\AppData\Local\Temp\SkypeSetup.exe C:\Users\user\AppData\Local\Temp\tbMyA2.dll C:\Users\user\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe C:\Users\user\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe C:\Users\user\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe C:\Users\user\AppData\Local\Temp\UTPS\common\AboutPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\AddPbk.exe C:\Users\user\AppData\Local\Temp\UTPS\common\AddrBookPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\AddrBookSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\AddrBookUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\AtCodec.dll C:\Users\user\AppData\Local\Temp\UTPS\common\ATR2SMgr.dll C:\Users\user\AppData\Local\Temp\UTPS\common\CallAppPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\CallLogSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\CallLogUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\CallSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\CallUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\Common.dll C:\Users\user\AppData\Local\Temp\UTPS\common\core.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DataServicePlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DeviceAppPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DeviceMgrUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DeviceSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DiagnosisPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DialUpPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\DialupUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\LayoutPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\LiveUpdateInterface.dll C:\Users\user\AppData\Local\Temp\UTPS\common\mcciwin32.dll C:\Users\user\AppData\Local\Temp\UTPS\common\MenuMgrPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\mobilepartner.exe C:\Users\user\AppData\Local\Temp\UTPS\common\msvcp60.dll C:\Users\user\AppData\Local\Temp\UTPS\common\mt.exe C:\Users\user\AppData\Local\Temp\UTPS\common\NDISAPI.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NDISPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetConnectPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetConnectSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetInfoRecordUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetInfoSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetInfoUIExPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetSettingPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NetSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\NotifyServicePlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\OSAdapt.dll C:\Users\user\AppData\Local\Temp\UTPS\common\OSCall.dll C:\Users\user\AppData\Local\Temp\UTPS\common\OSDialup.dll C:\Users\user\AppData\Local\Temp\UTPS\common\OSNDIS.dll C:\Users\user\AppData\Local\Temp\UTPS\common\OSPowerMgr.dll C:\Users\user\AppData\Local\Temp\UTPS\common\PluginContainer.dll C:\Users\user\AppData\Local\Temp\UTPS\common\Proxy.dll C:\Users\user\AppData\Local\Temp\UTPS\common\sdk.dll C:\Users\user\AppData\Local\Temp\UTPS\common\SettingUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\SmsAppPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\SmsSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\SMSUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\StatusBarMgrPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\STKPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\STKSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\subinacl.exe C:\Users\user\AppData\Local\Temp\UTPS\common\ToolBarMgrPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\Trace.dll C:\Users\user\AppData\Local\Temp\UTPS\common\USSDSrvPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\USSDUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\Win7Support.dll C:\Users\user\AppData\Local\Temp\UTPS\common\XCodec.dll C:\Users\user\AppData\Local\Temp\UTPS\common\XFramePlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\common\XStartScreen.exe C:\Users\user\AppData\Local\Temp\UTPS\common\qtlib\libgcc_s_dw2-1.dll C:\Users\user\AppData\Local\Temp\UTPS\common\qtlib\mingwm10.dll C:\Users\user\AppData\Local\Temp\UTPS\common\qtlib\QtCore4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\qtlib\QtGui4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\qtlib\QtNetwork4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\qtlib\QtXml4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\plugins\imageformats\qgif4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\plugins\imageformats\qico4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\plugins\imageformats\qjpeg4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\plugins\imageformats\qmng4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\plugins\imageformats\qtiff4.dll C:\Users\user\AppData\Local\Temp\UTPS\common\plugins\codecs\qcncodecs4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\core.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\DialupUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\LayoutPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\LiveUpdateInterface.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\MainpagePlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\MenuMgrPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\NetSettingPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\QtNetwork4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\StatusBarMgrPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\ToolBarMgrPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\USSDUIPlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\XFramePlugin.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\HttpInterface.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\libgcc_s_dw2-1.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\LiveUpd.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\mingwm10.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\ouc.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\QtCore4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\QtGui4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\QtNetwork4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\QueryStrategy.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\RunLiveUpd.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\RunOuc.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\plugins\imageformats\qgif4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\UpdateDog\plugins\imageformats\qico4.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\devsetup32.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\devsetup64.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\DriverSetup.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\DriverUninstall.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\LocateDevice.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\Driver\X86\hwgpssensor.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\Driver\X86\WdfCoInstaller01007.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\Driver\X64\hwgpssensor.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\Driver\Driver\X64\WdfCoInstaller01007.dll C:\Users\user\AppData\Local\Temp\UTPS\C264\AutoRun\AutoRunSetup.exe C:\Users\user\AppData\Local\Temp\UTPS\C264\AutoRun\AutoRunUninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 15:24 ==================== End Of Log ============================