Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03 Ran by Marek (administrator) on MAREK-KOMPUTER on 16-01-2014 17:05:11 Running from C:\Users\Marek\Downloads Windows 7 Professional (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFDE.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Users\Marek\AppData\Local\Temp\flashapp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.) HKCU\...\Run: [EPSON SX210 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE [223232 2008-11-05] (SEIKO EPSON CORPORATION) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18679400 2013-05-09] (Skype Technologies S.A.) HKCU\...\Run: [Adobe Flash Player v10] - C:\Users\Marek\AppData\Local\Temp\flashapp.exe [317440 2014-01-13] () <===== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://pl.v9.com/?utm_source=b&utm_medium=prs BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File CHR Extension: (Przelewy24) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj\6.8_0 [2014-01-02] CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-05-16] CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-05-16] CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0 [2013-05-16] CHR Extension: (Google Wallet) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-16] CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-01-09] ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-16 17:05 - 2014-01-16 17:05 - 00007844 _____ C:\Users\Marek\Downloads\FRST.txt 2014-01-16 17:04 - 2014-01-16 17:04 - 00000000 ____D C:\FRST 2014-01-16 16:53 - 2014-01-16 16:53 - 02076160 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe 2014-01-16 16:47 - 2014-01-16 17:04 - 00000000 ____D C:\Users\Marek\Desktop\Skanowanie logi 2014-01-16 16:43 - 2014-01-16 16:43 - 00602112 _____ (OldTimer Tools) C:\Users\Marek\Downloads\OTL.exe 2014-01-15 16:10 - 2014-01-15 16:11 - 00000000 ____D C:\AdwCleaner 2014-01-15 16:05 - 2014-01-15 16:05 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Malwarebytes 2014-01-15 16:04 - 2014-01-15 16:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-15 16:03 - 2014-01-15 16:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marek\Downloads\mbam-setup-1.75.0.1300.exe ==================== One Month Modified Files and Folders ======= 2014-01-16 17:05 - 2014-01-16 17:05 - 00007844 _____ C:\Users\Marek\Downloads\FRST.txt 2014-01-16 17:04 - 2014-01-16 17:04 - 00000000 ____D C:\FRST 2014-01-16 17:04 - 2014-01-16 16:47 - 00000000 ____D C:\Users\Marek\Desktop\Skanowanie logi 2014-01-16 17:04 - 2012-10-27 19:24 - 01876971 _____ C:\Windows\WindowsUpdate.log 2014-01-16 17:01 - 2013-03-22 18:14 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2014-01-16 16:54 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-16 16:54 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-16 16:53 - 2014-01-16 16:53 - 02076160 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe 2014-01-16 16:47 - 2012-10-28 00:27 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-16 16:43 - 2014-01-16 16:43 - 00602112 _____ (OldTimer Tools) C:\Users\Marek\Downloads\OTL.exe 2014-01-16 16:40 - 2012-10-28 11:37 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Skype 2014-01-16 16:39 - 2012-10-28 00:28 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-16 14:43 - 2012-10-28 00:28 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-16 12:32 - 2009-07-14 18:55 - 00687828 _____ C:\Windows\system32\perfh015.dat 2014-01-16 12:32 - 2009-07-14 18:55 - 00131382 _____ C:\Windows\system32\perfc015.dat 2014-01-16 12:32 - 2009-07-14 06:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-15 21:09 - 2012-10-28 01:27 - 00063436 _____ C:\Windows\setupact.log 2014-01-15 21:09 - 2012-10-28 00:41 - 00000000 ____D C:\Program Files (x86)\v9Soft 2014-01-15 21:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-15 17:00 - 2012-10-27 19:24 - 00001455 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-15 17:00 - 2012-10-27 19:24 - 00001421 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-01-15 16:56 - 2012-10-28 00:02 - 00000000 ____D C:\Program Files (x86)\Opera 2014-01-15 16:46 - 2012-10-27 19:24 - 00000000 ___RD C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-15 16:11 - 2014-01-15 16:10 - 00000000 ____D C:\AdwCleaner 2014-01-15 16:05 - 2014-01-15 16:05 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Malwarebytes 2014-01-15 16:04 - 2014-01-15 16:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-15 16:03 - 2014-01-15 16:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marek\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-15 16:01 - 2012-12-05 11:32 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2014-01-15 08:37 - 2012-10-27 16:56 - 00000000 ____D C:\Users\Marek\Desktop\cv 2013-12-26 17:51 - 2013-03-28 13:02 - 00000000 ____D C:\Users\Marek\Desktop\moje dokumenty Files to move or delete: ==================== C:\Users\Marek\AppData\Local\Temp\flashapp.exe Some content of TEMP: ==================== C:\Users\Marek\AppData\Local\Temp\flashapp.exe C:\Users\Marek\AppData\Local\Temp\google046378.exe C:\Users\Marek\AppData\Local\Temp\google159692.exe C:\Users\Marek\AppData\Local\Temp\google276051.exe C:\Users\Marek\AppData\Local\Temp\google276222.exe C:\Users\Marek\AppData\Local\Temp\google276612.exe C:\Users\Marek\AppData\Local\Temp\google386760.exe C:\Users\Marek\AppData\Local\Temp\google483291.exe C:\Users\Marek\AppData\Local\Temp\google567855.exe C:\Users\Marek\AppData\Local\Temp\google573477.exe C:\Users\Marek\AppData\Local\Temp\google657564.exe C:\Users\Marek\AppData\Local\Temp\google782647.exe C:\Users\Marek\AppData\Local\Temp\google827572.exe C:\Users\Marek\AppData\Local\Temp\google960866.exe C:\Users\Marek\AppData\Local\Temp\MSN5C0C.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-03 11:17 ==================== End Of Log ============================