Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014 Ran by biernak (administrator) on BIERNAK-PC on 06-01-2014 21:06:01 Running from C:\Users\biernak\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ABBYY (BIT Software)) C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe () C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ABBYY Software Ltd) C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Users\biernak\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (Opera Software) C:\Program Files\Opera\opera.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-14] (Realtek Semiconductor) HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [202032 2007-12-06] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM\...\Run: [ABBYY Screenshot Reader Retail] - C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe [959776 2008-12-09] (ABBYY Software Ltd) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Winlogon: [Userinit] userinit.exe,EXPLORER.EXE HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2008-02-14] (DT Soft Ltd) HKCU\...\Run: [ABBYY Screenshot Reader Retail] - C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe [959776 2008-12-09] (ABBYY Software Ltd) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-18] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-18] (Microsoft Corporation) HKCU\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\biernak\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKCU\...\Run: [LiveSupport] - "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log MountPoints2: {641d3965-6f05-11e2-b3e3-001e685292f5} - I:\AutoRun.exe MountPoints2: {641d3974-6f05-11e2-b3e3-001e101f2c0e} - I:\AutoRun.exe MountPoints2: {641d3982-6f05-11e2-b3e3-001e101f4e71} - I:\AutoRun.exe MountPoints2: {b4f3a443-d4a8-11df-8c0d-001e685292f5} - H:\Viewer.exe /dicomdir:dicomdir MountPoints2: {db767f8d-71c8-11e0-a9bb-001e685292f5} - I:\iStudio.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation) AppInit_DLLs: C:\Program Files\GS-Enabler\Assistant.dll [3041792 2014-01-06] () AlternateShell: ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dvlottery.state.gov/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1389034400&from=wpc&uid=WDCXWD2500BEVS-60UST0_WD-WXC30855510055100 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1389034400&from=wpc&uid=WDCXWD2500BEVS-60UST0_WD-WXC30855510055100 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1389034400&from=wpc&uid=WDCXWD2500BEVS-60UST0_WD-WXC30855510055100&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1389034400&from=wpc&uid=WDCXWD2500BEVS-60UST0_WD-WXC30855510055100&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1389034400&from=wpc&uid=WDCXWD2500BEVS-60UST0_WD-WXC30855510055100&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1389034400&from=wpc&uid=WDCXWD2500BEVS-60UST0_WD-WXC30855510055100&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/html - {EE31AE88-AE7A-4C52-9330-A0A3B3468C02} - C:\Windows\system32\bimfapg.dll No File Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 89.231.1.206 0.0.0.0 ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software)) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2012-01-22] (Hewlett-Packard Development Company, L.P.) R2 fe885e3d; C:\Program Files\GS-Enabler\AssistantSvc.dll [146768 2014-01-06] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () S2 Multimedia mobilNET. RunOuc; C:\Program Files\Multimedia mobilNET\UpdateDog\ouc.exe [218624 2013-02-04] () S2 UTSCSI; C:\Windows\system32\UTSCSI.EXE [0 2011-11-08] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2010-10-10] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) U3 adgxcant; C:\Windows\System32\Drivers\adgxcant.sys [0 ] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] U1 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: dfhbspz -> No Registry Path. ==================== One Month Created Files and Folders ======== 2014-01-06 21:06 - 2014-01-06 21:06 - 00009716 _____ C:\Users\biernak\Desktop\FRST.txt 2014-01-06 21:05 - 2014-01-06 21:05 - 00000000 ____D C:\FRST 2014-01-06 21:04 - 2014-01-06 21:04 - 01064805 _____ (Farbar) C:\Users\biernak\Desktop\FRST.exe 2014-01-06 19:52 - 2014-01-06 19:58 - 00000000 ____D C:\Program Files\Optimizer Pro 2014-01-06 19:52 - 2014-01-06 19:52 - 00000000 ____D C:\Program Files\GS-Enabler 2014-01-06 19:51 - 2014-01-06 19:51 - 00000000 ____D C:\ProgramData\InstallMate 2013-12-30 21:18 - 2013-12-30 21:18 - 00000000 ___RD C:\Users\biernak\Documents\Notes 2013-12-30 20:51 - 2014-01-03 10:45 - 00000005 _____ C:\Users\biernak\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-12-26 11:15 - 2013-12-26 11:15 - 00066741 _____ C:\Users\biernak\Downloads\WirelessKeyView 1.60.zip 2013-12-26 11:12 - 2014-01-06 20:16 - 00000000 ____D C:\Users\biernak\AppData\Roaming\newnext.me 2013-12-26 11:12 - 2013-12-26 11:14 - 00000000 ____D C:\Users\biernak\AppData\Local\Mobogenie 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\AppData\Local\genienext 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\AppData\Local\cache 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\.android 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 _____ C:\Users\biernak\daemonprocess.txt 2013-12-26 11:11 - 2013-12-26 11:14 - 00000000 ____D C:\Program Files\Mobogenie ==================== One Month Modified Files and Folders ======= 2014-01-06 21:06 - 2014-01-06 21:06 - 00009716 _____ C:\Users\biernak\Desktop\FRST.txt 2014-01-06 21:05 - 2014-01-06 21:05 - 00000000 ____D C:\FRST 2014-01-06 21:04 - 2014-01-06 21:04 - 01064805 _____ (Farbar) C:\Users\biernak\Desktop\FRST.exe 2014-01-06 21:00 - 2006-11-02 13:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-06 21:00 - 2006-11-02 13:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-06 20:52 - 2012-06-07 08:52 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-06 20:19 - 2013-08-20 13:14 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2665887270-207447827-1018669082-1000UA.job 2014-01-06 20:19 - 2006-11-02 13:52 - 01504956 _____ C:\Windows\WindowsUpdate.log 2014-01-06 20:16 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\AppData\Roaming\newnext.me 2014-01-06 20:15 - 2010-10-12 14:48 - 00201080 _____ C:\Windows\PFRO.log 2014-01-06 20:15 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-06 19:58 - 2014-01-06 19:52 - 00000000 ____D C:\Program Files\Optimizer Pro 2014-01-06 19:53 - 2011-04-17 06:42 - 00001824 _____ C:\Users\Public\Desktop\Opera.lnk 2014-01-06 19:52 - 2014-01-06 19:52 - 00000000 ____D C:\Program Files\GS-Enabler 2014-01-06 19:51 - 2014-01-06 19:51 - 00000000 ____D C:\ProgramData\InstallMate 2014-01-05 20:46 - 2013-07-29 09:45 - 00000121 _____ C:\Users\biernak\AppData\Roaming\WB.CFG 2014-01-05 20:46 - 2013-06-17 09:45 - 00000005 _____ C:\Users\biernak\AppData\Roaming\WBPU-TTL.DAT 2014-01-05 20:46 - 2006-11-02 14:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-04 14:03 - 2006-12-05 06:22 - 00726512 _____ C:\Windows\system32\perfh015.dat 2014-01-04 14:03 - 2006-12-05 06:22 - 00157616 _____ C:\Windows\system32\perfc015.dat 2014-01-04 14:03 - 2006-11-02 11:33 - 01649728 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-03 14:19 - 2013-08-20 13:14 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2665887270-207447827-1018669082-1000Core.job 2014-01-03 10:45 - 2013-12-30 20:51 - 00000005 _____ C:\Users\biernak\AppData\Roaming\WBPU-Q5-TTL.DAT 2014-01-02 21:55 - 2013-09-01 10:32 - 00000000 ____D C:\Users\biernak\Desktop\1 2014-01-02 21:06 - 2012-03-15 18:51 - 00000000 ____D C:\Purmo 4 2014-01-02 20:33 - 2006-11-02 11:23 - 00000179 _____ C:\Windows\win.ini 2014-01-01 20:59 - 2011-11-08 16:53 - 00000000 ____D C:\Users\biernak\AppData\Roaming\Skype 2013-12-30 21:18 - 2013-12-30 21:18 - 00000000 ___RD C:\Users\biernak\Documents\Notes 2013-12-26 21:10 - 2010-10-10 20:50 - 00214016 _____ C:\Users\biernak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-26 11:15 - 2013-12-26 11:15 - 00066741 _____ C:\Users\biernak\Downloads\WirelessKeyView 1.60.zip 2013-12-26 11:14 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\AppData\Local\Mobogenie 2013-12-26 11:14 - 2013-12-26 11:11 - 00000000 ____D C:\Program Files\Mobogenie 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\AppData\Local\genienext 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\AppData\Local\cache 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Users\biernak\.android 2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 _____ C:\Users\biernak\daemonprocess.txt 2013-12-26 11:12 - 2010-10-10 20:33 - 00000000 ____D C:\Users\biernak 2013-12-22 21:29 - 2012-10-04 21:10 - 00000000 ____D C:\Users\biernak\AppData\Roaming\BitComet 2013-12-18 09:27 - 2012-11-15 19:51 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-18 09:27 - 2012-11-15 19:51 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-11 09:52 - 2012-06-07 08:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 09:52 - 2012-06-07 08:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-07 07:33 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\LiveKernelReports Some content of TEMP: ==================== C:\Users\biernak\AppData\Local\Temp\avgnt.exe C:\Users\biernak\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\biernak\AppData\Local\Temp\TsuC1838931.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-06 20:22 ==================== End Of Log ============================