Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03 Ran by laptop (administrator) on LAPTOP-KOMPUTER on 18-09-2013 19:09:19 Running from C:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Opera Software) C:\Program Files (x86)\Opera\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [şgčŮwšĄ’çÂ)FxôěâWPN©Ź_ě5îE…4gG+ĂďťLĐTšb)…"«°˘Ä0Č˝P⍰6Çţď~%ŮÖqźÂ`,=bń±L«şŇÄ­ş±đŤíŃYLŹş ®küa†—ăŃKÍyjoľe†c_YCč z˛Ą—R‡ žm¶+«p<ŕ c“x] - [x] HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation) HKCU\...\Run: [Lwzazl] - C:\Users\laptop\AppData\Roaming\Lwzazl.exe HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.5.0.1_0\plugins/ChromeApproveTBPlugin.dll No File CHR Plugin: (Conduit Chrome Plugin) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.5.0.1_0\Search/plugins/npConduitNewTabPlugin.dll No File CHR Plugin: (20-20 3D Viewer for IKEA) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\NP_2020Player_IKEA.dll (20-20 Technologies) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0 CHR Extension: (Gmail) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\laptop\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-18 19:05 - 2013-09-18 19:05 - 00448512 _____ (OldTimer Tools) C:\TFC.exe 2013-09-18 18:57 - 2013-09-18 18:58 - 00000000 ____D C:\AdwCleaner 2013-09-18 18:57 - 2013-09-18 18:57 - 01039554 _____ C:\AdwCleaner.exe 2013-09-18 14:45 - 2013-09-18 14:45 - 384964809 _____ C:\Windows\MEMORY.DMP 2013-09-18 14:45 - 2013-09-18 14:45 - 00276928 _____ C:\Windows\Minidump\091813-16270-01.dmp 2013-09-18 14:45 - 2013-09-18 14:45 - 00000000 ____D C:\Windows\Minidump 2013-09-18 14:41 - 2013-09-18 14:41 - 00029848 _____ C:\Extras.Txt 2013-09-18 14:41 - 2013-09-18 14:41 - 00019895 _____ C:\UsbFix [Listing 1 ] LAPTOP-KOMPUTER.txt 2013-09-18 14:41 - 2013-09-18 14:41 - 00000000 ____D C:\UsbFix 2013-09-18 14:38 - 2013-09-18 14:38 - 00091458 _____ C:\OTL.Txt 2013-09-18 14:30 - 2013-09-18 14:30 - 00602112 _____ (OldTimer Tools) C:\OTL.exe 2013-09-18 14:25 - 2013-09-18 14:42 - 00000000 ____D C:\Users\laptop\Desktop\logi 2013-09-18 14:23 - 2013-09-18 14:23 - 00015447 _____ C:\Addition.txt 2013-09-18 14:22 - 2013-09-18 18:36 - 00000000 ____D C:\FRST 2013-09-18 14:22 - 2013-09-18 14:22 - 01210177 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\UsbFix.exe 2013-09-18 14:21 - 2013-09-18 14:21 - 00377856 _____ C:\d2clxpy6.exe 2013-09-18 14:20 - 2013-09-18 14:20 - 01950524 _____ (Farbar) C:\FRST64.exe 2013-09-13 23:28 - 2013-09-13 23:32 - 00000000 ____D C:\Users\laptop\Desktop\do eli 2013-09-13 23:21 - 2013-09-13 23:26 - 00000000 ____D C:\Users\laptop\Desktop\eli 2013-09-12 10:11 - 2013-09-12 11:04 - 00000000 ____D C:\Users\laptop\Desktop\turcja objazd 2013-09-12 10:08 - 2013-09-13 23:15 - 00000000 ____D C:\Users\laptop\Desktop\turcja hotel 2013-09-11 23:16 - 2013-09-11 23:24 - 00000000 ____D C:\Users\laptop\Desktop\turcja 2013-09-10 17:15 - 2013-09-10 17:16 - 00028672 ____H C:\Users\laptop\Desktop\photothumb.db 2013-09-10 17:14 - 2013-09-10 17:16 - 00000000 ____D C:\Users\laptop\Desktop\Nowy folder 2013-08-27 19:51 - 2013-08-27 19:53 - 00000000 ____D C:\Users\laptop\Desktop\niemcy+hiszpania 2013-08-27 19:36 - 2013-09-14 12:23 - 00000000 ____D C:\Users\laptop\Desktop\skalne miasto 2013-08-27 18:43 - 2013-08-27 18:44 - 00000727 _____ C:\Users\Public\Desktop\Diablo III.lnk 2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-23 21:25 - 2013-08-23 21:26 - 13078152 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\Silverlight_x64.exe ==================== One Month Modified Files and Folders ======= 2013-09-18 19:05 - 2013-09-18 19:05 - 00448512 _____ (OldTimer Tools) C:\TFC.exe 2013-09-18 19:00 - 2012-10-29 21:58 - 00311676 _____ C:\Windows\AutoKMS.log 2013-09-18 18:59 - 2012-10-30 16:53 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-18 18:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-18 18:59 - 2009-07-14 06:51 - 00104848 _____ C:\Windows\setupact.log 2013-09-18 18:59 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-18 18:59 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-18 18:58 - 2013-09-18 18:57 - 00000000 ____D C:\AdwCleaner 2013-09-18 18:58 - 2012-10-29 02:08 - 00000000 ____D C:\Users\laptop 2013-09-18 18:57 - 2013-09-18 18:57 - 01039554 _____ C:\AdwCleaner.exe 2013-09-18 18:36 - 2013-09-18 14:22 - 00000000 ____D C:\FRST 2013-09-18 18:36 - 2010-11-21 05:47 - 00015368 _____ C:\Windows\PFRO.log 2013-09-18 18:28 - 2011-02-04 19:55 - 00740828 _____ C:\Windows\system32\perfh015.dat 2013-09-18 18:28 - 2011-02-04 19:55 - 00155392 _____ C:\Windows\system32\perfc015.dat 2013-09-18 18:28 - 2009-07-14 07:13 - 01669916 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-18 14:45 - 2013-09-18 14:45 - 384964809 _____ C:\Windows\MEMORY.DMP 2013-09-18 14:45 - 2013-09-18 14:45 - 00276928 _____ C:\Windows\Minidump\091813-16270-01.dmp 2013-09-18 14:45 - 2013-09-18 14:45 - 00000000 ____D C:\Windows\Minidump 2013-09-18 14:42 - 2013-09-18 14:25 - 00000000 ____D C:\Users\laptop\Desktop\logi 2013-09-18 14:41 - 2013-09-18 14:41 - 00029848 _____ C:\Extras.Txt 2013-09-18 14:41 - 2013-09-18 14:41 - 00019895 _____ C:\UsbFix [Listing 1 ] LAPTOP-KOMPUTER.txt 2013-09-18 14:41 - 2013-09-18 14:41 - 00000000 ____D C:\UsbFix 2013-09-18 14:38 - 2013-09-18 14:38 - 00091458 _____ C:\OTL.Txt 2013-09-18 14:30 - 2013-09-18 14:30 - 00602112 _____ (OldTimer Tools) C:\OTL.exe 2013-09-18 14:26 - 2012-10-30 16:53 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-18 14:23 - 2013-09-18 14:23 - 00015447 _____ C:\Addition.txt 2013-09-18 14:22 - 2013-09-18 14:22 - 01210177 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\UsbFix.exe 2013-09-18 14:21 - 2013-09-18 14:21 - 00377856 _____ C:\d2clxpy6.exe 2013-09-18 14:20 - 2013-09-18 14:20 - 01950524 _____ (Farbar) C:\FRST64.exe 2013-09-17 17:53 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-14 12:23 - 2013-08-27 19:36 - 00000000 ____D C:\Users\laptop\Desktop\skalne miasto 2013-09-13 23:32 - 2013-09-13 23:28 - 00000000 ____D C:\Users\laptop\Desktop\do eli 2013-09-13 23:26 - 2013-09-13 23:21 - 00000000 ____D C:\Users\laptop\Desktop\eli 2013-09-13 23:15 - 2013-09-12 10:08 - 00000000 ____D C:\Users\laptop\Desktop\turcja hotel 2013-09-12 11:04 - 2013-09-12 10:11 - 00000000 ____D C:\Users\laptop\Desktop\turcja objazd 2013-09-12 09:50 - 2012-10-29 02:04 - 00235544 _____ C:\Windows\WindowsUpdate.log 2013-09-11 23:24 - 2013-09-11 23:16 - 00000000 ____D C:\Users\laptop\Desktop\turcja 2013-09-10 18:00 - 2012-10-30 16:56 - 00000000 ____D C:\Users\laptop\AppData\Roaming\PhotoScape 2013-09-10 17:16 - 2013-09-10 17:15 - 00028672 ____H C:\Users\laptop\Desktop\photothumb.db 2013-09-10 17:16 - 2013-09-10 17:14 - 00000000 ____D C:\Users\laptop\Desktop\Nowy folder 2013-09-07 23:32 - 2012-10-30 16:54 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-27 19:53 - 2013-08-27 19:51 - 00000000 ____D C:\Users\laptop\Desktop\niemcy+hiszpania 2013-08-27 18:44 - 2013-08-27 18:43 - 00000727 _____ C:\Users\Public\Desktop\Diablo III.lnk 2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-23 21:26 - 2013-08-23 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-23 21:26 - 2013-08-23 21:25 - 13078152 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\Silverlight_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2010-11-21 05:24] - [2010-11-21 05:24] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2013-03-13 19:46] - [2013-03-13 19:46] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-13 20:53 ==================== End Of Log ============================