Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014 Ran by media (administrator) on MEDIA-KOMPUTER on 21-02-2014 19:30:17 Running from C:\Users\media\Desktop\Nowy folder Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe () C:\windows\SysWOW64\Rezip.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (OldTimer Tools) C:\Users\media\Desktop\Nowy folder\OTL.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-01-07] (NVIDIA Corporation) HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [tuto4pc_pl_17] - [X] HKLM-x32\...\Run: [ConvertAd] - C:\Users\media\AppData\Local\ConvertAd\ConvertAd.exe HKLM-x32\...\Run: [AnyProtect Tray] - C:\Program Files (x86)\AnyProtectEx\AnyProtectTray.exe /scanner HKLM-x32\...\Run: [AnyProtect] - C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [301568 2013-09-18] (Microsoft Corporation) HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {11c39772-285c-11e3-928f-00245482158f} - F:\AutoRun.exe HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {11c39781-285c-11e3-928f-00245482158f} - G:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 62.233.233.233 87.204.204.204 FireFox: ======== FF ProfilePath: C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\getsyp4w.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (\x4c\x79\x72\x6d\x69\x78) - C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmhllhjmmmnpbiaihafgchacpmokof [2013-09-17] CHR Extension: (No Name) - C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-09-17] ==================== Services (Whitelisted) ================= R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /svc [X] S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-05] (DT Soft Ltd) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () R4 ehdrv; system32\DRIVERS\ehdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-21 19:30 - 2014-02-21 19:30 - 00059290 _____ () C:\Users\media\Desktop\OTL.Txt 2014-02-21 19:29 - 2014-02-21 19:30 - 00000000 ____D () C:\FRST 2014-02-21 18:40 - 2014-02-21 18:40 - 00000000 ____D () C:\ProgramData\ESET 2014-02-21 18:40 - 2014-02-21 18:40 - 00000000 ____D () C:\Program Files\ESET 2014-02-21 17:47 - 2014-02-21 18:00 - 00003526 _____ () C:\fix.txt 2014-02-21 17:45 - 2014-02-21 18:00 - 00003526 _____ () C:\Users\media\Desktop\fix.txt 2014-02-21 17:35 - 2014-02-21 17:35 - 00294948 _____ () C:\Users\media\Desktop\SharedAccess.reg 2014-02-21 17:35 - 2014-02-21 17:35 - 00172952 _____ () C:\Users\media\Desktop\BFE.reg 2014-02-21 17:35 - 2014-02-21 17:35 - 00007500 _____ () C:\Users\media\Desktop\MpsSvc.reg 2014-02-21 17:35 - 2014-02-21 17:35 - 00001378 _____ () C:\Users\media\Desktop\mpsdrv.reg 2014-02-20 23:02 - 2014-02-20 07:33 - 01037734 _____ (Thisisu) C:\Users\media\Desktop\JRT_NEW.exe 2014-02-19 22:53 - 2014-02-21 19:30 - 00000000 ____D () C:\Users\media\Desktop\Nowy folder 2014-02-19 22:33 - 2012-09-10 22:23 - 00559528 _____ (Helge Klein) C:\windows\SetACL.exe 2014-02-19 22:10 - 2014-02-19 22:10 - 00000000 ____D () C:\_OTL 2014-02-19 20:52 - 2014-02-19 20:52 - 00000000 ____D () C:\windows\ERUNT 2014-02-18 09:15 - 2014-02-18 09:16 - 00066048 _____ () C:\Users\media\Desktop\2 st.- I rok.xls 2014-02-15 22:41 - 2014-02-15 22:41 - 00000000 ____D () C:\Users\media\AppData\Local\SKIDROW 2014-02-15 17:14 - 2014-02-15 18:08 - 356167179 ____R (compiled by testncrash ) C:\Users\media\Downloads\Audiosurf_Setup_v1.0u31.exe 2014-02-14 12:50 - 2014-02-14 12:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-05 23:11 - 2014-02-21 00:11 - 17858952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-01-23 23:50 - 2014-01-23 23:50 - 01761280 _____ () C:\Users\media\Documents\Projekty marketing.accdb 2014-01-23 23:49 - 2014-01-23 23:49 - 00286720 _____ () C:\Users\media\Documents\Baza danych1.accdb ==================== One Month Modified Files and Folders ======= 2014-02-21 19:30 - 2014-02-21 19:30 - 00059290 _____ () C:\Users\media\Desktop\OTL.Txt 2014-02-21 19:30 - 2014-02-21 19:29 - 00000000 ____D () C:\FRST 2014-02-21 19:30 - 2014-02-19 22:53 - 00000000 ____D () C:\Users\media\Desktop\Nowy folder 2014-02-21 19:30 - 2010-03-06 20:04 - 02055822 _____ () C:\windows\WindowsUpdate.log 2014-02-21 19:10 - 2013-09-16 21:46 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-21 18:59 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-21 18:59 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-21 18:58 - 2013-09-17 14:58 - 00000292 _____ () C:\windows\Tasks\MetaCrawler.job 2014-02-21 18:52 - 2010-06-26 20:43 - 00000000 ____D () C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-02-21 18:52 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-21 18:52 - 2009-07-14 05:51 - 00063143 _____ () C:\windows\setupact.log 2014-02-21 18:49 - 2013-09-16 20:12 - 00001912 _____ () C:\windows\epplauncher.mif 2014-02-21 18:40 - 2014-02-21 18:40 - 00000000 ____D () C:\ProgramData\ESET 2014-02-21 18:40 - 2014-02-21 18:40 - 00000000 ____D () C:\Program Files\ESET 2014-02-21 18:00 - 2014-02-21 17:47 - 00003526 _____ () C:\fix.txt 2014-02-21 18:00 - 2014-02-21 17:45 - 00003526 _____ () C:\Users\media\Desktop\fix.txt 2014-02-21 17:35 - 2014-02-21 17:35 - 00294948 _____ () C:\Users\media\Desktop\SharedAccess.reg 2014-02-21 17:35 - 2014-02-21 17:35 - 00172952 _____ () C:\Users\media\Desktop\BFE.reg 2014-02-21 17:35 - 2014-02-21 17:35 - 00007500 _____ () C:\Users\media\Desktop\MpsSvc.reg 2014-02-21 17:35 - 2014-02-21 17:35 - 00001378 _____ () C:\Users\media\Desktop\mpsdrv.reg 2014-02-21 00:11 - 2014-02-05 23:11 - 17858952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-02-21 00:11 - 2013-09-16 21:46 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 00:11 - 2013-09-16 21:46 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 00:11 - 2013-09-16 21:46 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-02-20 07:33 - 2014-02-20 23:02 - 01037734 _____ (Thisisu) C:\Users\media\Desktop\JRT_NEW.exe 2014-02-19 22:10 - 2014-02-19 22:10 - 00000000 ____D () C:\_OTL 2014-02-19 20:57 - 2013-09-16 21:08 - 00000000 ____D () C:\Users\media\Desktop\ewka 2014-02-19 20:52 - 2014-02-19 20:52 - 00000000 ____D () C:\windows\ERUNT 2014-02-19 14:05 - 2013-09-16 21:09 - 00001071 _____ () C:\Users\media\Desktop\Nowy dokument tekstowy.txt 2014-02-18 09:16 - 2014-02-18 09:15 - 00066048 _____ () C:\Users\media\Desktop\2 st.- I rok.xls 2014-02-16 16:25 - 2013-10-05 13:01 - 00000000 ____D () C:\Users\media\AppData\Roaming\uTorrent 2014-02-15 22:41 - 2014-02-15 22:41 - 00000000 ____D () C:\Users\media\AppData\Local\SKIDROW 2014-02-15 22:41 - 2010-06-26 21:01 - 00000000 ____D () C:\Users\media\AppData\Local\VirtualStore 2014-02-15 18:08 - 2014-02-15 17:14 - 356167179 ____R (compiled by testncrash ) C:\Users\media\Downloads\Audiosurf_Setup_v1.0u31.exe 2014-02-14 18:58 - 2013-09-16 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-14 12:50 - 2014-02-14 12:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 12:10 - 2010-03-06 20:46 - 00697912 _____ () C:\windows\system32\perfh015.dat 2014-02-14 12:10 - 2010-03-06 20:46 - 00134990 _____ () C:\windows\system32\perfc015.dat 2014-02-14 12:10 - 2009-07-14 06:13 - 01569238 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-13 14:11 - 2013-09-27 21:32 - 00000000 ____D () C:\Users\media\Desktop\studia 2014-02-05 22:13 - 2009-07-14 06:08 - 00032604 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-01-23 23:50 - 2014-01-23 23:50 - 01761280 _____ () C:\Users\media\Documents\Projekty marketing.accdb 2014-01-23 23:49 - 2014-01-23 23:49 - 00286720 _____ () C:\Users\media\Documents\Baza danych1.accdb Some content of TEMP: ==================== C:\Users\media\AppData\Local\Temp\InstHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-18 21:12 ==================== End Of Log ============================