Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03 Ran by lenovo (administrator) on MAGDAPC on 16-01-2014 13:13:13 Running from E:\Do logow Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BEWConfigSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Lenovo Group Limited) C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Lenovo(Beijing)Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BusinessEverywhere.exe () C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\SMSNotifier.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16805888 2008-07-29] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.) HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4456448 2008-07-09] (Lenovo(Beijing)Limited) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [1283984 2008-08-28] (Lenovo (Beijing) Limited) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-15] () HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-02-08] (RealNetworks, Inc.) HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-15] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-15] (Microsoft Corporation) HKLM\...\Run: [ORAHSSSessionManager] - "C:\Program Files\Livebox\SessionManager\SessionManager.exe" HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-15] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [Start_BusinessEverywhere_{ad30a369-08e3-414c-9d2c-7f47dbe748da}] - C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BusinessEverywhere.exe [3363808 2012-06-06] () HKLM\...\Run: [Start_Update_{ad30a369-08e3-414c-9d2c-7f47dbe748da}] - C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\UpdteApp.exe [966600 2012-06-06] () HKLM\...\Run: [Start_SMSNotifier_{ad30a369-08e3-414c-9d2c-7f47dbe748da}] - C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\SMSNotifier.exe [1359824 2012-06-06] () HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Policies\Explorer: [NoAutoUpdate] 1 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1 HKCU\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKCU\...\Run: [NextLive] - C:\Documents and Settings\lenovo\Dane aplikacji\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe) MountPoints2: {1b600302-b1bc-11e2-a622-002269f22e04} - E:\Setup.exe HKU\Administrator\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" HKU\Default User\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ SearchScopes: HKLM - {69AE4E7E-6BFA-4CD5-9BB4-F93A74A9EDEC} URL = http://startsear.ch/?aff=1&q={searchTerms} SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll No File BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\lenovo\Dane aplikacji\Mozilla\Firefox\Profiles\0gitqy50.default FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv ) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-27] Chrome: ======= CHR HomePage: hxxp://www.gazeta.pl/0,0.html?p=115 CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (vShare.tv plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv ) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-06-05] CHR Extension: (Google Drive) - C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-06-05] CHR Extension: (YouTube) - C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-06-05] CHR Extension: (Google Search) - C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-06-05] CHR Extension: (Google Wallet) - C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-23] CHR Extension: (Gmail) - C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-06-05] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2013-06-05] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 BEWConfigSrv; C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BEWConfigSrv.exe [173008 2012-06-06] () R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [346720 2008-06-23] (Broadcom Corporation.) R2 System_Repair_UpdateMonitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [430080 2008-07-29] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [9472 2008-01-11] (Lenovo Corporation) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-10] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-10] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-10] () R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1286144 2008-02-20] (Broadcom Corporation) R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534568 2008-05-30] (Broadcom Corporation.) R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.) R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991400 2008-06-23] (Broadcom Corporation.) R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.) R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2008-06-11] (Broadcom Corporation.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-06-06] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-06-06] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-06-06] (Huawei Technologies Co., Ltd.) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2003-09-23] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2006-03-01] (Printing Communications Assoc., Inc. (PCAUSA)) R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [157696 2008-07-23] (Realtek Semiconductor Corp.) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2007-11-29] (Windows (R) Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2007-11-29] (Windows (R) Codename Longhorn DDK provider) S3 WSVD; C:\WINDOWS\system32\drivers\WSVD.sys [81192 2008-01-10] (CyberLink) S3 massfilter; system32\drivers\massfilter.sys [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x] S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [x] S3 SymIM; system32\DRIVERS\SymIM.sys [x] S3 SymIMMP; system32\DRIVERS\SymIM.sys [x] S3 USBAAPL; System32\Drivers\usbaapl.sys [x] S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x] U1 WS2IFSL; S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-16 13:11 - 2014-01-16 13:11 - 00000000 ____D C:\FRST 2014-01-16 12:35 - 2014-01-16 12:36 - 00000100 _____ C:\Documents and Settings\lenovo\Pulpit\klucze windows.txt 2014-01-16 12:11 - 2014-01-16 12:11 - 00000000 ____D C:\Documents and Settings\lenovo\.android 2014-01-16 12:10 - 2014-01-16 12:47 - 00000000 ____D C:\Documents and Settings\lenovo\Dane aplikacji\newnext.me 2014-01-16 12:10 - 2014-01-16 12:21 - 00000000 ____D C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-01-16 12:10 - 2014-01-16 12:20 - 00000079 _____ C:\Documents and Settings\lenovo\daemonprocess.txt 2014-01-16 12:10 - 2014-01-16 12:19 - 00000000 ____D C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\cache 2014-01-16 12:10 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\genienext 2014-01-16 12:10 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Moje dokumenty\Mobogenie 2014-01-16 11:55 - 2014-01-16 12:31 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\osg 2014-01-15 13:44 - 2012-07-04 11:56 - 01335296 _____ (CANON INC.) C:\WINDOWS\system32\CNQ2414C.dll 2014-01-15 13:44 - 2012-07-04 11:56 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNQ2414I.dll 2014-01-15 13:44 - 2012-07-04 11:29 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNQ2414U.dll 2014-01-15 13:44 - 2010-12-17 14:49 - 00438272 _____ (CANON INC.) C:\WINDOWS\system32\CNQ2414L.dll 2014-01-15 13:44 - 2010-03-19 10:04 - 00393256 _____ C:\WINDOWS\system32\CNQ2414N.DAT 2014-01-15 13:44 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll 2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ___HD C:\Program Files\CanonBJ 2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\CanoScan LiDE 110 2014-01-15 13:42 - 2012-04-18 13:24 - 00094208 _____ (Canon Inc.) C:\WINDOWS\system32\CNQ2414O.dll 2014-01-15 13:42 - 2010-03-11 08:56 - 00180224 _____ (CANON INC.) C:\WINDOWS\system32\CNQ2414Y.dll 2014-01-15 12:26 - 2014-01-15 12:26 - 00000000 ____D C:\Program Files\Samsung 2014-01-15 12:23 - 2014-01-15 12:23 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate 2014-01-15 12:23 - 2014-01-15 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Samsung 2014-01-15 12:19 - 2014-01-15 12:19 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\Printer 2014-01-14 13:05 - 2014-01-16 11:56 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\naprzyslupiu 2014-01-11 09:57 - 2014-01-16 12:46 - 00002080 _____ C:\WINDOWS\system32\ICAutoUpdate.log 2014-01-11 09:56 - 2014-01-11 09:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini011114-01.dmp 2014-01-02 21:57 - 2014-01-02 21:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini010214-01.dmp 2014-01-01 14:21 - 2014-01-14 12:53 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\noworoczne bieganie 2013-12-22 14:25 - 2013-12-22 14:26 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\tat nowica 2013-12-17 21:22 - 2013-12-17 21:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini121713-01.dmp ==================== One Month Modified Files and Folders ======= 2014-01-16 13:14 - 2013-02-05 15:13 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-16 13:11 - 2014-01-16 13:11 - 00000000 ____D C:\FRST 2014-01-16 12:55 - 2013-06-05 18:21 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1ce62111d446bf4.job 2014-01-16 12:48 - 2013-09-23 16:45 - 00000000 ____D C:\Documents and Settings\lenovo\Dane aplikacji\Skype 2014-01-16 12:48 - 2008-08-28 03:33 - 01748021 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-16 12:47 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Dane aplikacji\newnext.me 2014-01-16 12:47 - 2013-04-27 20:30 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-16 12:46 - 2014-01-11 09:57 - 00002080 _____ C:\WINDOWS\system32\ICAutoUpdate.log 2014-01-16 12:46 - 2013-06-05 18:21 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce62111cd92222.job 2014-01-16 12:46 - 2013-04-27 16:55 - 00000056 ___SH C:\_PartitionInfo 2014-01-16 12:46 - 2012-02-08 20:23 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3275160999-591779150-1784013581-1005.job 2014-01-16 12:46 - 2008-08-28 05:28 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-16 12:46 - 2008-08-28 05:28 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-16 12:46 - 2008-08-28 03:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-16 12:38 - 2013-04-27 17:21 - 00000188 ___SH C:\Documents and Settings\lenovo\ntuser.ini 2014-01-16 12:38 - 2013-04-27 17:21 - 00000000 ____D C:\Documents and Settings\lenovo 2014-01-16 12:38 - 2008-08-28 03:38 - 00032366 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-16 12:36 - 2014-01-16 12:35 - 00000100 _____ C:\Documents and Settings\lenovo\Pulpit\klucze windows.txt 2014-01-16 12:35 - 2013-04-27 17:21 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit 2014-01-16 12:35 - 2008-04-15 04:00 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-16 12:31 - 2014-01-16 11:55 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\osg 2014-01-16 12:28 - 2013-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\lenovo\Menu Start\Programy 2014-01-16 12:27 - 2013-04-27 17:21 - 00000000 __RHD C:\Documents and Settings\lenovo\Dane aplikacji 2014-01-16 12:21 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-01-16 12:21 - 2009-02-06 02:21 - 00003640 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak 2014-01-16 12:20 - 2014-01-16 12:10 - 00000079 _____ C:\Documents and Settings\lenovo\daemonprocess.txt 2014-01-16 12:19 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\cache 2014-01-16 12:16 - 2013-11-17 13:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-16 12:16 - 2013-04-27 20:42 - 00176112 _____ C:\WINDOWS\setupapi.log 2014-01-16 12:11 - 2014-01-16 12:11 - 00000000 ____D C:\Documents and Settings\lenovo\.android 2014-01-16 12:10 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji\genienext 2014-01-16 12:10 - 2014-01-16 12:10 - 00000000 ____D C:\Documents and Settings\lenovo\Moje dokumenty\Mobogenie 2014-01-16 12:10 - 2013-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\lenovo\Moje dokumenty 2014-01-16 12:10 - 2013-04-27 17:21 - 00000000 ___HD C:\Documents and Settings\lenovo\Ustawienia lokalne\Dane aplikacji 2014-01-16 11:56 - 2014-01-14 13:05 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\naprzyslupiu 2014-01-16 11:39 - 2012-04-27 21:00 - 00002315 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk 2014-01-15 13:47 - 2013-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\lenovo\Moje dokumenty\Moje obrazy 2014-01-15 13:44 - 2008-08-28 05:17 - 00000000 ____D C:\WINDOWS\twain_32 2014-01-15 13:44 - 2008-08-28 05:17 - 00000000 ____D C:\WINDOWS\Media 2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ___HD C:\Program Files\CanonBJ 2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\CanoScan LiDE 110 2014-01-15 13:42 - 2008-08-28 05:24 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-15 12:26 - 2014-01-15 12:26 - 00000000 ____D C:\Program Files\Samsung 2014-01-15 12:23 - 2014-01-15 12:23 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate 2014-01-15 12:23 - 2014-01-15 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Samsung 2014-01-15 12:23 - 2008-08-28 05:24 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2014-01-15 12:19 - 2014-01-15 12:19 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\Printer 2014-01-15 12:19 - 2013-06-15 06:32 - 00212600 _____ C:\WINDOWS\system32\SBuySupplies.exe 2014-01-15 12:19 - 2013-06-15 06:32 - 00024064 _____ () C:\WINDOWS\system32\sst6clm.dll 2014-01-15 12:19 - 2013-06-15 06:32 - 00000361 _____ C:\WINDOWS\system32\sst6clm.smt 2014-01-15 12:19 - 2013-06-15 06:31 - 00151552 _____ (SS) C:\WINDOWS\system32\sst6cci.exe 2014-01-15 12:19 - 2013-06-15 06:31 - 00065536 _____ (SS) C:\WINDOWS\system32\sst6cci.dll 2014-01-14 19:29 - 2008-08-28 03:38 - 00000042 ___SH C:\Documents and Settings\LocalService\ntuser.ini 2014-01-14 13:05 - 2013-10-02 19:27 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\nowica kom 2014-01-14 12:53 - 2014-01-01 14:21 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\noworoczne bieganie 2014-01-11 09:56 - 2014-01-11 09:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini011114-01.dmp 2014-01-11 09:56 - 2010-08-27 09:02 - 00000000 ____D C:\WINDOWS\Minidump 2014-01-08 20:50 - 2013-04-27 17:21 - 00000000 ____D C:\Documents and Settings\lenovo\Moje dokumenty\Bluetooth Exchange Folder 2014-01-08 20:23 - 2012-02-08 20:23 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3275160999-591779150-1784013581-1005.job 2014-01-02 21:57 - 2014-01-02 21:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini010214-01.dmp 2013-12-22 14:26 - 2013-12-22 14:25 - 00000000 ____D C:\Documents and Settings\lenovo\Pulpit\tat nowica 2013-12-17 21:22 - 2013-12-17 21:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini121713-01.dmp Files to move or delete: ==================== C:\Documents and Settings\Administrator\set_env.bat C:\Documents and Settings\Default User\set_env.bat C:\Documents and Settings\lenovo\set_env.bat Some content of TEMP: ==================== C:\Documents and Settings\lenovo\Ustawienia lokalne\Temp\avast_free_antivirus_setup.exe C:\Documents and Settings\lenovo\Ustawienia lokalne\Temp\{6FAACA86-A123-4255-9341-CC101F92AD91}-27.0.1453.116_27.0.1453.110_chrome_updater.exe C:\Documents and Settings\lenovo\Ustawienia lokalne\Temp\{98B388C3-8392-43DB-B204-71982034117E}-28.0.1500.71_27.0.1453.116_chrome_updater.exe C:\Documents and Settings\lenovo\Ustawienia lokalne\Temp\{D19D3C3A-6A45-4A55-8B49-9219AAD37855}-27.0.1453.116_27.0.1453.110_chrome_updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 04:00] - [2008-04-15 04:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 04:00] - [2008-04-15 04:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 04:00] - [2008-04-15 04:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2008-04-15 04:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2008-04-15 04:00] - [2008-04-15 04:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 04:00] - [2008-04-15 04:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2008-04-15 04:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 04:00] - [2008-04-15 04:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================