Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04 Ran by Mati (administrator) on MATITOSHIBA on 14-09-2013 14:43:12 Running from D:\ Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) MountPoints2: F - F:\AutoRun.exe MountPoints2: G - G:\AutoRun.exe MountPoints2: {02b835c2-0307-11e3-918b-b482fe5bdce0} - F:\AutoRun.exe MountPoints2: {02b835d4-0307-11e3-918b-b482fe5bdce0} - F:\AutoRun.exe MountPoints2: {aea5f306-6226-11e1-80ed-705ab67f061d} - F:\LaunchU3.exe -a MountPoints2: {b849250d-0598-11e3-80fc-705ab67f061d} - F:\AutoRun.exe MountPoints2: {b849251c-0598-11e3-80fc-705ab67f061d} - F:\AutoRun.exe MountPoints2: {c291e4a1-041b-11e3-80d0-705ab67f061d} - F:\AutoRun.exe HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) AppInit_DLLs: [97280 2009-07-14] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {C160CD7C-584B-4E8B-84F1-BDF5386EACAE} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {CF1F7117-4C32-4A2B-A1D6-A798235D58AC} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Mati\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\3ww2j6ds.default FF Homepage: www.google.pl FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flash and Video Download - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\3ww2j6ds.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} FF Extension: p24ext - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\3ww2j6ds.default\Extensions\p24ext@przelewy24.pl.xpi FF Extension: No Name - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\3ww2j6ds.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi FF Extension: No Name - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\3ww2j6ds.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\3ww2j6ds.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-14 14:39 - 2013-09-14 14:39 - 00000932 _____ C:\Windows\PFRO.log 2013-09-14 14:12 - 2013-09-14 14:12 - 00712264 _____ C:\Windows\isRS-000.tmp 2013-09-14 13:01 - 2013-09-14 13:01 - 00000000 ____D C:\FRST 2013-09-14 12:31 - 2013-09-14 14:39 - 00000168 _____ C:\Windows\setupact.log 2013-09-14 12:31 - 2013-09-14 12:31 - 00000000 _____ C:\Windows\setuperr.log 2013-09-14 11:18 - 2013-09-14 11:18 - 258761728 _____ C:\Users\Mati\Downloads\camtasia.msi 2013-08-15 10:54 - 2013-09-11 18:47 - 00000000 ____D C:\Windows\system32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-14 14:41 - 2012-08-01 17:06 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-14 14:40 - 2012-11-27 18:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-14 14:39 - 2013-09-14 14:39 - 00000932 _____ C:\Windows\PFRO.log 2013-09-14 14:39 - 2013-09-14 12:31 - 00000168 _____ C:\Windows\setupact.log 2013-09-14 14:39 - 2012-08-01 17:06 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-14 14:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-14 14:36 - 2012-11-19 18:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-14 14:20 - 2012-02-12 20:37 - 00000000 ____D C:\Users\Mati\AppData\Local\Google 2013-09-14 14:20 - 2012-02-12 20:24 - 00000000 ____D C:\Users\Mati 2013-09-14 14:12 - 2013-09-14 14:12 - 00712264 _____ C:\Windows\isRS-000.tmp 2013-09-14 14:12 - 2012-11-19 18:22 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-14 13:52 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-14 13:52 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 13:49 - 2009-07-14 19:55 - 00687828 _____ C:\Windows\system32\perfh015.dat 2013-09-14 13:49 - 2009-07-14 19:55 - 00131382 _____ C:\Windows\system32\perfc015.dat 2013-09-14 13:49 - 2009-07-14 07:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-14 13:01 - 2013-09-14 13:01 - 00000000 ____D C:\FRST 2013-09-14 12:35 - 2012-02-12 19:08 - 01446634 _____ C:\Windows\WindowsUpdate.log 2013-09-14 12:31 - 2013-09-14 12:31 - 00000000 _____ C:\Windows\setuperr.log 2013-09-14 11:55 - 2012-02-12 20:32 - 00000000 ____D C:\Users\Mati\AppData\Roaming\Media Player Classic 2013-09-14 11:18 - 2013-09-14 11:18 - 258761728 _____ C:\Users\Mati\Downloads\camtasia.msi 2013-09-14 11:04 - 2012-09-07 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-11 18:47 - 2013-08-15 10:54 - 00000000 ____D C:\Windows\system32\MRT 2013-09-11 18:45 - 2012-02-16 19:31 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-05 17:25 - 2012-02-12 20:43 - 00000000 ____D C:\Users\Mati\AppData\Roaming\Skype 2013-09-01 20:50 - 2012-02-27 18:13 - 00000000 ____D C:\Filmy 2013-08-20 21:19 - 2012-09-23 17:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-20 21:19 - 2012-09-23 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-19 18:47 - 2013-06-02 12:05 - 00000000 ____D C:\Users\Mati\AppData\Roaming\PhotoScape 2013-08-17 09:07 - 2013-08-12 06:25 - 00000000 ____D C:\ProgramData\DatacardService 2013-08-15 12:55 - 2013-08-12 06:26 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll 2013-08-15 12:55 - 2008-07-08 11:55 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll Some content of TEMP: ==================== C:\Users\Mati\AppData\Local\Temp\appshat-distribution.exe C:\Users\Mati\AppData\Local\Temp\bi_cleaner.exe C:\Users\Mati\AppData\Local\Temp\DeltaTB.exe C:\Users\Mati\AppData\Local\Temp\OptimizerPro.exe C:\Users\Mati\AppData\Local\Temp\Optimizer_Pro.exe C:\Users\Mati\AppData\Local\Temp\Quarantine.exe C:\Users\Mati\AppData\Local\Temp\uninst1.exe C:\Users\Mati\AppData\Local\Temp\UpdateCheckerSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-14 13:29 ==================== End Of Log ============================