Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by laptop (administrator) on LAPTOP-KOMPUTER on 18-09-2013 14:22:36
Running from C:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [şgčŮwšĄ’çÂ)FxôěâÂWPN©Ź_ě5îE…4gG+ĂďťLĐTšb)…"«°˘Ä0Č˝PâŤ°6Çţď~%ŮÖqźÂ`,=bń±L«şŇÄ­ş±đŤíŃYLŹş®küa†—ăŃKÍyjoľe†c_YCčz˛Ą—R‡
žm¶+«p<ŕc“x] - [x]
HKCU\...\Run: [Lwzazl] - C:\Users\laptop\AppData\Roaming\Lwzazl.exe [170806 2013-03-26] (Microsoft Corporation)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=68B5002556EE1FC5
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=68B5002556EE1FC5
SearchScopes: HKCU - {902619DE-4304-4EDA-80C8-0DC17655D327} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome: 
=======
CHR HomePage: hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=68B5002556EE1FC5
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=68B5002556EE1FC5"
CHR DefaultSearchURL: (Hola Search) - http://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=68B5002556EE1FC5
CHR DefaultSuggestURL: (Hola Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (uTorrentControl_v2) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.5.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0
CHR Extension: (Gmail) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\laptop\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\laptop\AppData\Roaming\BabSolution\CR\hola.crx

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 14:22 - 2013-09-18 14:22 - 01210177 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\UsbFix.exe
2013-09-18 14:22 - 2013-09-18 14:22 - 00000000 ____D C:\FRST
2013-09-18 14:21 - 2013-09-18 14:21 - 00377856 _____ C:\d2clxpy6.exe
2013-09-18 14:20 - 2013-09-18 14:20 - 01950524 _____ (Farbar) C:\FRST64.exe
2013-09-13 23:28 - 2013-09-13 23:32 - 00000000 ____D C:\Users\laptop\Desktop\do eli
2013-09-13 23:21 - 2013-09-13 23:26 - 00000000 ____D C:\Users\laptop\Desktop\eli
2013-09-12 10:11 - 2013-09-12 11:04 - 00000000 ____D C:\Users\laptop\Desktop\turcja objazd
2013-09-12 10:08 - 2013-09-13 23:15 - 00000000 ____D C:\Users\laptop\Desktop\turcja hotel
2013-09-11 23:16 - 2013-09-11 23:24 - 00000000 ____D C:\Users\laptop\Desktop\turcja
2013-09-10 17:15 - 2013-09-10 17:16 - 00028672 ____H C:\Users\laptop\Desktop\photothumb.db
2013-09-10 17:14 - 2013-09-10 17:16 - 00000000 ____D C:\Users\laptop\Desktop\Nowy folder
2013-08-27 19:51 - 2013-08-27 19:53 - 00000000 ____D C:\Users\laptop\Desktop\niemcy+hiszpania
2013-08-27 19:36 - 2013-09-14 12:23 - 00000000 ____D C:\Users\laptop\Desktop\skalne miasto
2013-08-27 18:43 - 2013-08-27 18:44 - 00000727 _____ C:\Users\Public\Desktop\Diablo III.lnk
2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-23 21:25 - 2013-08-23 21:26 - 13078152 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\Silverlight_x64.exe

==================== One Month Modified Files and Folders =======

2013-09-18 14:22 - 2013-09-18 14:22 - 01210177 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\UsbFix.exe
2013-09-18 14:22 - 2013-09-18 14:22 - 00000000 ____D C:\FRST
2013-09-18 14:21 - 2013-09-18 14:21 - 00377856 _____ C:\d2clxpy6.exe
2013-09-18 14:20 - 2013-09-18 14:20 - 01950524 _____ (Farbar) C:\FRST64.exe
2013-09-18 14:18 - 2011-02-04 19:55 - 00740828 _____ C:\Windows\system32\perfh015.dat
2013-09-18 14:18 - 2011-02-04 19:55 - 00155392 _____ C:\Windows\system32\perfc015.dat
2013-09-18 14:18 - 2009-07-14 07:13 - 01669916 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 14:16 - 2012-10-30 16:53 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 14:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 14:16 - 2009-07-14 06:51 - 00104624 _____ C:\Windows\setupact.log
2013-09-18 11:37 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 11:37 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 11:26 - 2012-10-30 16:53 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 10:23 - 2012-10-29 21:58 - 00310272 _____ C:\Windows\AutoKMS.log
2013-09-17 17:53 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-14 12:23 - 2013-08-27 19:36 - 00000000 ____D C:\Users\laptop\Desktop\skalne miasto
2013-09-13 23:32 - 2013-09-13 23:28 - 00000000 ____D C:\Users\laptop\Desktop\do eli
2013-09-13 23:26 - 2013-09-13 23:21 - 00000000 ____D C:\Users\laptop\Desktop\eli
2013-09-13 23:15 - 2013-09-12 10:08 - 00000000 ____D C:\Users\laptop\Desktop\turcja hotel
2013-09-12 11:04 - 2013-09-12 10:11 - 00000000 ____D C:\Users\laptop\Desktop\turcja objazd
2013-09-12 09:50 - 2012-10-29 02:04 - 00235544 _____ C:\Windows\WindowsUpdate.log
2013-09-11 23:24 - 2013-09-11 23:16 - 00000000 ____D C:\Users\laptop\Desktop\turcja
2013-09-10 18:00 - 2012-10-30 16:56 - 00000000 ____D C:\Users\laptop\AppData\Roaming\PhotoScape
2013-09-10 17:16 - 2013-09-10 17:15 - 00028672 ____H C:\Users\laptop\Desktop\photothumb.db
2013-09-10 17:16 - 2013-09-10 17:14 - 00000000 ____D C:\Users\laptop\Desktop\Nowy folder
2013-09-07 23:32 - 2012-10-30 16:54 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-27 19:53 - 2013-08-27 19:51 - 00000000 ____D C:\Users\laptop\Desktop\niemcy+hiszpania
2013-08-27 18:44 - 2013-08-27 18:43 - 00000727 _____ C:\Users\Public\Desktop\Diablo III.lnk
2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-23 21:26 - 2013-08-23 21:25 - 13078152 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\Silverlight_x64.exe

Some content of TEMP:
====================
C:\Users\laptop\AppData\Local\Temp\ap10013.exe
C:\Users\laptop\AppData\Local\Temp\AVGInstaller.exe
C:\Users\laptop\AppData\Local\Temp\bitool.dll
C:\Users\laptop\AppData\Local\Temp\bi_cleaner.exe
C:\Users\laptop\AppData\Local\Temp\DeltaTB.exe
C:\Users\laptop\AppData\Local\Temp\dp.exe
C:\Users\laptop\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\laptop\AppData\Local\Temp\LollipopInstaller_somoto_14693.exe
C:\Users\laptop\AppData\Local\Temp\mgsqlite3.dll
C:\Users\laptop\AppData\Local\Temp\oi_{63468D38-350F-4512-960E-40F6871E23CF}.exe
C:\Users\laptop\AppData\Local\Temp\OptimizerPro.exe
C:\Users\laptop\AppData\Local\Temp\Shortcut_sweetimsetup.exe
C:\Users\laptop\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\laptop\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\laptop\AppData\Local\Temp\smd_runtime.exe
C:\Users\laptop\AppData\Local\Temp\tbedrs.dll
C:\Users\laptop\AppData\Local\Temp\tbuTo0.dll
C:\Users\laptop\AppData\Local\Temp\uninst1.exe
C:\Users\laptop\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2013-03-13 19:46] - [2013-03-13 19:46] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-13 20:53

==================== End Of Log ============================