Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2013 01 Ran by gayerba (ATTENTION: The logged in user is not administrator) on LPLJELZ4814 on 11-12-2013 00:12:22 Running from D:\users\gayerba\Desktop Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe (Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-08-31] (Synaptics Incorporated) HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-12-16] (Hewlett-Packard) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-27] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.) HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe [74552 2010-01-29] (Hewlett-Packard) HKLM\...\Run: [IPCheckTool] - C:\Program Files (x86)\IPCheckTool\IPCheck.exe [77312 2011-09-12] (Microsoft) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [CUCore Agent] - D:\users\gayerba\AppData\Local\Radvision\Conference Client\7.16.000.26\ConfAgent.exe [100464 2012-11-08] (RADVISION Ltd.) HKCU\...\Policies\Explorer: [HideSCAHealth] 1 MountPoints2: {65463897-f92f-11df-b971-00a0c6000000} - "F:\WD SmartWare.exe" autoplay=true MountPoints2: {a268585a-f93e-11df-802e-00a0c6000000} - "G:\WD SmartWare.exe" autoplay=true HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Connection Manager.exe] - [x] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Check Point Endpoint Security] - C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [779784 2011-03-06] (Check Point Software Technologies) AppInit_DLLs: C:\Windows\System32\AMInit64.dll [74728 2013-01-08] (Altiris Inc) AppInit_DLLs-x32: AMINIT32.DLL [72680 2013-01-08] (Altiris Inc) ==================== Internet (Whitelisted) ==================== ProxyServer: proxy.plwar.danet:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{887D5B73-A82D-4C75-813E-5ACB08B51056}: [NameServer]217.116.104.104 217.116.100.100 ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) S3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [318264 2013-01-17] (Symantec Corporation) S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2111800 2013-01-17] (Symantec Corporation) S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408888 2013-01-17] (Symantec Corporation) S2 awhost32; C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe [797576 2012-04-02] (Symantec Corporation) S3 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [261632 2013-01-16] () S3 DWMRCS; C:\Windows\SYSTEM32\DWRCS.EXE [249856 2003-11-28] (DameWare Development) S2 IBM Notes Diagnostics; c:\Program Files (x86)\Lotus\Notes\nsd.exe [5162088 2013-03-09] (IBM) S2 IBM Notes Single Logon; c:\Program Files (x86)\Lotus\Notes\nslsvice.exe [57448 2013-03-09] (IBM Corp) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 LNSUSvc; c:\Program Files (x86)\Lotus\Notes\SUService.exe [1654376 2013-03-09] (IBM Corp) S2 Multi-user Cleanup Service; c:\Program Files (x86)\Lotus\Notes\ntmulti.exe [37480 2013-03-09] (IBM Corp) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] () R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2010-01-19] (QUALCOMM, Inc.) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-04-19] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation) S2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-12] (Smith Micro Software, Inc.) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.) S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4298256 2011-03-06] (Check Point Software Technologies) ==================== Drivers (Whitelisted) ==================== S1 awecho; C:\Windows\SysWow64\drivers\awechomd.sys [16432 2012-04-02] (Symantec Corporation) S1 AW_HOST; C:\Windows\SysWow64\drivers\aw_host5.sys [23864 2012-04-02] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20131203.011\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-29] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-29] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20131207.001\IDSvia64.sys [521816 2013-11-13] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20131210.004\ENG64.SYS [126040 2013-09-23] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20131210.004\EX64.SYS [2099288 2013-09-23] (Symantec Corporation) S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2010-01-19] (QUALCOMM Incorporated) S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [240640 2010-01-19] (QUALCOMM Incorporated) S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2010-01-19] (QUALCOMM Incorporated) R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805104 2009-09-17] () S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-04-19] (Symantec Corporation) S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-04-19] (Symantec Corporation) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation) S3 StarOpen; No ImagePath S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-04-19] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-04-19] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-14] (Symantec Corporation) S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2012-04-19] (Symantec Corporation) S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-04-19] (Symantec Corporation) S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2012-08-15] (Symantec Corporation) R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2012-04-19] (Symantec Corporation) R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2009-12-30] (Check Point Software Technologies) U3 SPBBCDrv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-11 00:12 - 2013-12-11 00:12 - 00011835 _____ d:\users\gayerba\Desktop\FRST.txt 2013-12-11 00:12 - 2013-12-11 00:12 - 00000000 ____D C:\FRST 2013-12-11 00:11 - 2013-12-11 00:11 - 01928212 _____ (Farbar) d:\users\gayerba\Desktop\FRST64.exe 2013-12-11 00:11 - 2013-12-11 00:11 - 00602112 _____ (OldTimer Tools) d:\users\gayerba\Desktop\OTL.exe 2013-12-10 23:46 - 2013-12-10 23:51 - 95025368 ____T C:\ProgramData\ha2ge3.fee 2013-12-10 23:46 - 2013-12-10 23:51 - 00000273 _____ C:\ProgramData\ha2ge3.reg 2013-12-10 23:46 - 2013-12-10 23:51 - 00000000 _____ C:\ProgramData\ha2ge3.odd 2013-12-10 23:46 - 2013-12-10 23:46 - 00212992 _____ (Корпорация Майкрософт) C:\ProgramData\3eg2ah.jss 2013-12-10 23:46 - 2013-12-10 23:46 - 00060016 ____T (Microsoft Corporation) C:\ProgramData\ha2ge3.zvv 2013-11-21 13:50 - 2013-11-21 13:50 - 00001022 _____ d:\users\Public\Desktop\SAP Logon.lnk 2013-11-21 13:49 - 2012-11-22 09:37 - 04331520 _____ (SAP AG) C:\Windows\SysWOW64\librfc32.dll 2013-11-21 13:49 - 2011-11-23 03:23 - 01064960 _____ C:\Windows\SysWOW64\h5krnl32.dll 2013-11-21 13:49 - 2011-11-23 03:23 - 00188928 _____ C:\Windows\SysWOW64\h5icon32.dll 2013-11-21 13:49 - 2011-11-23 03:23 - 00175616 _____ C:\Windows\SysWOW64\h5menu32.dll 2013-11-21 13:49 - 2011-11-23 03:23 - 00114688 _____ (heilerSoftware) C:\Windows\SysWOW64\h5dlg32.dll 2013-11-21 13:49 - 2011-11-23 03:23 - 00095744 _____ C:\Windows\SysWOW64\h5rtf32.dll 2013-11-21 13:49 - 2011-11-23 03:23 - 00051200 _____ C:\Windows\SysWOW64\h5tool32.dll 2013-11-21 13:49 - 1995-05-19 08:15 - 00133904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcans32.dll 2013-11-21 13:48 - 2012-06-20 10:30 - 01708168 _____ (SAP, Walldorf) C:\Windows\SysWOW64\SAPbtmp.dll ==================== One Month Modified Files and Folders ======= 2013-12-11 00:12 - 2013-12-11 00:12 - 00011835 _____ d:\users\gayerba\Desktop\FRST.txt 2013-12-11 00:12 - 2013-12-11 00:12 - 00000000 ____D C:\FRST 2013-12-11 00:11 - 2013-12-11 00:11 - 01928212 _____ (Farbar) d:\users\gayerba\Desktop\FRST64.exe 2013-12-11 00:11 - 2013-12-11 00:11 - 00602112 _____ (OldTimer Tools) d:\users\gayerba\Desktop\OTL.exe 2013-12-10 23:59 - 2009-07-14 06:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-10 23:53 - 2010-11-23 13:36 - 01181255 _____ C:\Windows\WindowsUpdate.log 2013-12-10 23:51 - 2013-12-10 23:46 - 95025368 ____T C:\ProgramData\ha2ge3.fee 2013-12-10 23:51 - 2013-12-10 23:46 - 00000273 _____ C:\ProgramData\ha2ge3.reg 2013-12-10 23:51 - 2013-12-10 23:46 - 00000000 _____ C:\ProgramData\ha2ge3.odd 2013-12-10 23:50 - 2013-10-28 11:12 - 00008922 _____ C:\SUService.log 2013-12-10 23:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-10 23:50 - 2009-07-14 05:51 - 02014107 _____ C:\Windows\setupact.log 2013-12-10 23:46 - 2013-12-10 23:46 - 00212992 _____ (Корпорация Майкрософт) C:\ProgramData\3eg2ah.jss 2013-12-10 23:46 - 2013-12-10 23:46 - 00060016 ____T (Microsoft Corporation) C:\ProgramData\ha2ge3.zvv 2013-12-10 23:42 - 2012-08-23 08:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-10 10:26 - 2009-07-14 05:45 - 00012288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-10 10:26 - 2009-07-14 05:45 - 00012288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-29 12:37 - 2010-09-06 13:08 - 00521834 _____ C:\Windows\PFRO.log 2013-11-29 12:37 - 2009-07-14 05:45 - 00346224 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-29 12:33 - 2010-11-25 12:24 - 00000000 ____D C:\Program Files (x86)\Nokia 2013-11-29 12:33 - 2010-09-07 14:27 - 01016072 _____ C:\Windows\DPINST.LOG 2013-11-29 12:32 - 2010-11-23 15:56 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-29 12:28 - 2011-02-18 20:53 - 00000000 ____D C:\Program Files (x86)\PITy 2013-11-29 12:27 - 2010-11-23 15:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-11-29 12:27 - 2009-07-14 08:12 - 00000000 ____D C:\Windows\ShellNew 2013-11-22 11:15 - 2010-11-26 08:59 - 00000000 ____D d:\users\gayerba\SapWorkDir 2013-11-21 13:50 - 2013-11-21 13:50 - 00001022 _____ d:\users\Public\Desktop\SAP Logon.lnk 2013-11-21 13:50 - 2009-07-14 03:34 - 00011275 _____ C:\Windows\system32\Drivers\etc\services 2013-11-21 13:46 - 2010-11-23 16:17 - 00000000 ____D C:\Program Files (x86)\SAP 2013-11-19 15:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool Files to move or delete: ==================== C:\ProgramData\ha2ge3.reg ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================