Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04 Ran by Robert (administrator) on ROBERT on 14-09-2013 16:37:00 Running from D:\ Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Policies\Explorer: [NoDrives] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {A9DA9739-DA17-4DB1-84FD-133CD017666E} URL = http://search.babylon.com/?q={searchTerms}&AF=100490&babsrc=SP_ss&mntrId=4cc754eb000000000000001e3382cd86 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Robert\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll No File DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 195.187.244.8 FireFox: ======== FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @ganymede/CARDS,version=1.0 - C:\Program Files\Ganymede\Plugins\CARDS\NPCARDS.dll (Ganymede Technologies) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\arccosine.xml FF Extension: IE Tab - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash FF Extension: SQLiteManager - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru Chrome: ======= CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx ========================== Services (Whitelisted) ================= S4 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation) S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) R1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [19712 2009-10-21] (Bo Brantén) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-14] (Malwarebytes Corporation) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation ) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-16] () R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] U3 mbr; \??\C:\Users\Robert\AppData\Local\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-14 16:36 - 2013-09-14 16:36 - 00000000 ____D C:\FRST 2013-09-14 16:34 - 2013-09-14 16:34 - 00141086 _____ C:\ComboFix.txt 2013-09-14 16:04 - 2013-09-14 16:34 - 00000000 ____D C:\Qoobox 2013-09-14 16:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-14 16:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-14 16:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-14 16:00 - 2013-09-14 16:01 - 00000000 ____D C:\AdwCleaner 2013-09-14 16:00 - 2013-09-14 16:00 - 01037278 _____ C:\Users\Robert\Desktop\AdwCleaner_www.INSTALKI.pl.exe 2013-09-14 15:57 - 2013-09-14 15:58 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-09-14 13:02 - 2013-09-14 13:02 - 00000000 __RSH C:\IO.SYS 2013-09-14 12:57 - 2013-09-14 16:27 - 00000000 ____D C:\Windows\erdnt 2013-09-13 19:06 - 2013-09-14 13:01 - 00000000 _____ C:\ProgramData\jwr1wmqj6.ctrl 2013-09-13 19:06 - 2013-09-14 13:01 - 00000000 _____ C:\ProgramData\jw20wldlc.ctrl 2013-09-13 19:05 - 2013-09-14 13:03 - 95025368 ____T C:\ProgramData\jw20wldlc.pff 2013-09-13 19:05 - 2013-09-14 13:02 - 95025368 ____T C:\ProgramData\jwr1wmqj6.pff 2013-09-02 19:23 - 2013-09-02 19:23 - 09741544 _____ (Piotr Kowaluk ) C:\Users\Robert\Downloads\br32v.exe 2013-09-01 16:50 - 2013-09-01 16:50 - 00000364 _____ C:\Users\Robert\Desktop\ff.txt 2013-08-18 20:26 - 2013-08-18 20:27 - 06953096 _____ (Microsoft Corporation) C:\Users\Robert\Downloads\Silverlight.exe 2013-08-18 19:27 - 2013-08-19 20:07 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-14 16:36 - 2013-09-14 16:36 - 00000000 ____D C:\FRST 2013-09-14 16:34 - 2013-09-14 16:34 - 00141086 _____ C:\ComboFix.txt 2013-09-14 16:34 - 2013-09-14 16:04 - 00000000 ____D C:\Qoobox 2013-09-14 16:34 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-09-14 16:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-14 16:27 - 2013-09-14 12:57 - 00000000 ____D C:\Windows\erdnt 2013-09-14 16:26 - 2012-07-08 20:18 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-14 16:26 - 2012-05-03 07:22 - 00397156 _____ C:\Windows\WindowsUpdate.log 2013-09-14 16:21 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-09-14 16:19 - 2008-01-21 04:47 - 00098090 _____ C:\Windows\PFRO.log 2013-09-14 16:19 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-14 16:19 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-14 16:19 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 16:18 - 2006-11-02 15:01 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-14 16:18 - 2006-11-02 12:22 - 55312384 _____ C:\Windows\system32\config\software.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 40108032 _____ C:\Windows\system32\config\COMPON~3.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 23068672 _____ C:\Windows\system32\config\system.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-09-14 16:01 - 2013-09-14 16:00 - 00000000 ____D C:\AdwCleaner 2013-09-14 16:00 - 2013-09-14 16:00 - 01037278 _____ C:\Users\Robert\Desktop\AdwCleaner_www.INSTALKI.pl.exe 2013-09-14 15:58 - 2013-09-14 15:57 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-09-14 13:03 - 2013-09-13 19:05 - 95025368 ____T C:\ProgramData\jw20wldlc.pff 2013-09-14 13:02 - 2013-09-14 13:02 - 00000000 __RSH C:\IO.SYS 2013-09-14 13:02 - 2013-09-13 19:05 - 95025368 ____T C:\ProgramData\jwr1wmqj6.pff 2013-09-14 13:01 - 2013-09-13 19:06 - 00000000 _____ C:\ProgramData\jwr1wmqj6.ctrl 2013-09-14 13:01 - 2013-09-13 19:06 - 00000000 _____ C:\ProgramData\jw20wldlc.ctrl 2013-09-14 12:57 - 2009-01-15 12:48 - 00000000 ____D C:\Users\Robert 2013-09-14 11:36 - 2006-11-02 14:47 - 00079872 _____ C:\Windows\system32\umstartup.etl 2013-09-14 11:13 - 2006-11-02 14:52 - 00138560 _____ C:\Windows\setupact.log 2013-09-13 18:32 - 2009-01-20 18:23 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent 2013-09-13 18:30 - 2008-01-21 08:24 - 01625718 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-13 18:30 - 2008-01-21 08:24 - 00718022 _____ C:\Windows\system32\perfh015.dat 2013-09-13 18:30 - 2008-01-21 08:24 - 00153974 _____ C:\Windows\system32\perfc015.dat 2013-09-10 23:26 - 2012-04-28 19:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-10 23:26 - 2011-05-19 17:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-10 05:12 - 2013-01-15 06:35 - 00000000 ____D C:\Windows\Minidump 2013-09-10 05:12 - 2009-01-15 11:29 - 00142197 _____ C:\Windows\Minidump\Mini091013-01.dmp 2013-09-02 19:28 - 2013-07-06 20:36 - 00000000 ____D C:\ARCHIWUM 2013-09-02 19:24 - 2013-07-06 20:36 - 00000000 ____D C:\BR 2013-09-02 19:23 - 2013-09-02 19:23 - 09741544 _____ (Piotr Kowaluk ) C:\Users\Robert\Downloads\br32v.exe 2013-09-01 16:50 - 2013-09-01 16:50 - 00000364 _____ C:\Users\Robert\Desktop\ff.txt 2013-08-21 07:47 - 2009-01-15 11:29 - 00142005 _____ C:\Windows\Minidump\Mini082113-01.dmp 2013-08-20 18:23 - 2012-06-15 19:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-20 18:23 - 2010-04-16 18:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-19 20:07 - 2013-08-18 19:27 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-18 20:27 - 2013-08-18 20:26 - 06953096 _____ (Microsoft Corporation) C:\Users\Robert\Downloads\Silverlight.exe Files to move or delete: ==================== C:\ProgramData\jw20wldlc.ctrl C:\ProgramData\jw20wldlc.pff C:\ProgramData\jwr1wmqj6.ctrl C:\ProgramData\jwr1wmqj6.pff ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-14 16:27 ==================== End Of Log ============================