Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013 Ran by Jarek i Ela (administrator) on JAREKIELA-PC on 03-12-2013 17:02:17 Running from C:\Users\Jarek i Ela.JarekiEla-PC\Desktop Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [SBRegRebootCleaner] - "C:\Program Files\STOPzilla!\sbrc.exe" HKCU\...\Run: [Mobile Partner] - C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [114688 2010-01-12] () HKCU\...\Run: [Gadu-Gadu] - C:\Program Files\Gadu-Gadu\gg.exe [2396160 2006-02-17] (Gadu-Gadu Sp. z oo) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) HKU\Jarek i Ela\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Jarek i Ela\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{91DC16E0-4E4E-43AB-9DE8-B2270F131CC6}: [NameServer]89.108.202.20 89.108.195.20 ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] () R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-03-11] (MCCI) S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-03-11] (MCCI) S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-03-11] (MCCI) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [17712 2007-01-26] (Chicony Electronics Co., Ltd.) R0 z9fahttb; C:\Windows\System32\Drivers\z9fahttb.sys [70024 2013-11-25] (VirusBlokAda Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R0 DwProt; system32\drivers\dwprot.sys [x] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-03 17:02 - 2013-12-03 17:02 - 00007052 _____ C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\FRST.txt 2013-12-03 12:26 - 2013-12-01 10:19 - 01092187 _____ (Farbar) C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\FRST.exe 2013-12-03 12:21 - 2013-12-03 12:21 - 00000400 _____ C:\Windows\PFRO.log 2013-12-03 12:17 - 2013-12-03 12:19 - 00005122 _____ C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\~ESETUninstaller.log 2013-12-03 11:53 - 2013-12-03 11:53 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\tdsskiller.exe 2013-12-03 11:49 - 2013-12-03 11:49 - 00663552 _____ (ESET) C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\ESETUninstaller.exe 2013-12-03 11:48 - 2013-12-03 11:48 - 00869456 _____ C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Norton_Removal_Tool.exe 2013-12-01 13:07 - 2013-12-01 13:07 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Adobe 2013-12-01 11:44 - 2013-12-03 12:13 - 00000680 _____ C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\d3d9caps.dat 2013-11-26 22:26 - 2013-11-26 22:26 - 00000000 ____D C:\FRST 2013-11-26 22:17 - 2013-11-26 22:17 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Avg2013 2013-11-26 21:59 - 2013-12-01 10:45 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Nowy folder 2013-11-26 15:29 - 2013-11-26 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-26 15:29 - 2013-11-26 15:29 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-25 21:30 - 2013-11-25 21:30 - 00070024 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\z9fahttb.sys 2013-11-08 20:52 - 2013-11-08 20:58 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\WOJTUŚ listopad 2013r 2013-11-05 19:36 - 2013-11-05 19:36 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Nowy folder 2013-11-04 23:04 - 2013-11-04 23:04 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Downloads\Microsoft.Windows.Vista.x86.sp2.pl.melkor ==================== One Month Modified Files and Folders ======= 2013-12-03 17:02 - 2013-12-03 17:02 - 00007052 _____ C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\FRST.txt 2013-12-03 16:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing 2013-12-03 16:30 - 2011-03-25 18:48 - 00000000 ____D C:\ProgramData\MFAData 2013-12-03 15:40 - 2012-04-15 10:03 - 01017072 _____ C:\Windows\WindowsUpdate.log 2013-12-03 15:39 - 2009-05-20 16:24 - 00002816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-03 15:39 - 2009-05-20 16:24 - 00002816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-03 15:33 - 2006-12-05 06:19 - 00677982 _____ C:\Windows\system32\perfh015.dat 2013-12-03 15:33 - 2006-12-05 06:19 - 00135002 _____ C:\Windows\system32\perfc015.dat 2013-12-03 15:33 - 2006-11-02 11:33 - 01514662 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-03 12:22 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-03 12:21 - 2013-12-03 12:21 - 00000400 _____ C:\Windows\PFRO.log 2013-12-03 12:19 - 2013-12-03 12:17 - 00005122 _____ C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\~ESETUninstaller.log 2013-12-03 12:16 - 2011-03-25 20:32 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Symantec 2013-12-03 12:13 - 2013-12-01 11:44 - 00000680 _____ C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\d3d9caps.dat 2013-12-03 12:10 - 2006-11-02 13:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-03 12:09 - 2013-10-25 14:42 - 00000000 ____D C:\ProgramData\STOPzilla! 2013-12-03 11:53 - 2013-12-03 11:53 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\tdsskiller.exe 2013-12-03 11:49 - 2013-12-03 11:49 - 00663552 _____ (ESET) C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\ESETUninstaller.exe 2013-12-03 11:48 - 2013-12-03 11:48 - 00869456 _____ C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Norton_Removal_Tool.exe 2013-12-01 13:07 - 2013-12-01 13:07 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Adobe 2013-12-01 12:59 - 2009-01-30 14:51 - 00000000 ____D C:\Windows\Minidump 2013-12-01 10:45 - 2013-11-26 21:59 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Nowy folder 2013-12-01 10:19 - 2013-12-03 12:26 - 01092187 _____ (Farbar) C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\FRST.exe 2013-11-26 22:26 - 2013-11-26 22:26 - 00000000 ____D C:\FRST 2013-11-26 22:17 - 2013-11-26 22:17 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Avg2013 2013-11-26 16:11 - 2013-11-26 15:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-26 15:29 - 2013-11-26 15:29 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-26 15:27 - 2012-01-02 19:39 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-25 21:30 - 2013-11-25 21:30 - 00070024 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\z9fahttb.sys 2013-11-25 21:20 - 2013-10-26 18:15 - 00000000 ____D C:\AdwCleaner 2013-11-20 19:29 - 2013-09-11 15:42 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\PLANY WYNIKOWE 2013R 2013-11-15 03:11 - 2013-08-16 14:40 - 00000000 ____D C:\Windows\system32\MRT 2013-11-15 03:06 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-11 17:58 - 2007-08-06 19:44 - 00068608 _____ C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-10 23:44 - 2013-10-30 12:27 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\uTorrent 2013-11-08 20:58 - 2013-11-08 20:52 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\WOJTUŚ listopad 2013r 2013-11-08 20:13 - 2011-03-25 20:31 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Media Player Classic 2013-11-05 19:36 - 2013-11-05 19:36 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Nowy folder 2013-11-05 19:36 - 2007-08-06 19:39 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC 2013-11-05 17:07 - 2007-03-15 10:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-11-04 23:08 - 2011-03-25 20:27 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Google 2013-11-04 23:04 - 2013-11-04 23:04 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Downloads\Microsoft.Windows.Vista.x86.sp2.pl.melkor 2013-11-04 17:17 - 2013-11-02 21:42 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\TECZKA MIANOWANEGO Files to move or delete: ==================== C:\ProgramData\ezsid.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-03 12:28 ==================== End Of Log ============================