Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Tomek (administrator) on TOMEK-KOMPUTER on 21-02-2014 08:27:25
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2301501065-477278020-276464790-1000\...\Run: [VoipCheapCom] - "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
HKU\S-1-5-21-2301501065-477278020-276464790-1001\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-03-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-03-06] (NVIDIA Corporation)
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23ebn7twl.lnk
ShortcutTarget: 23ebn7twl.lnk -> C:\ProgramData\lwt7nbe32.cpp ()
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamqfojw.lnk
ShortcutTarget: hamqfojw.lnk -> C:\ProgramData\wjofqmah.cpp ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.pl/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Dysk Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-05]
CHR Extension: (YouTube) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-05]
CHR Extension: (Szukaj w Google) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-05]
CHR Extension: (avast! WebRep) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-01-07]
CHR Extension: (Google Wallet) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-05]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-01-05]

==================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 Winmgmt; C:\ProgramData\b08zrj2r.zvv [334076 2014-02-11] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 08:27 - 2014-02-21 08:27 - 00000000 ____D () C:\FRST
2014-02-18 22:26 - 2014-02-21 08:26 - 95027928 ____T () C:\ProgramData\23ebn7twl.fee
2014-02-18 22:26 - 2014-02-18 22:26 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\23ebn7twl.zvv
2014-02-18 22:26 - 2014-02-18 22:26 - 00118784 _____ () C:\ProgramData\lwt7nbe32.cpp
2014-02-17 05:41 - 2014-02-17 05:41 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\hamqfojw.zvv
2014-02-17 05:40 - 2014-02-21 08:27 - 95027928 ____T () C:\ProgramData\hamqfojw.fee
2014-02-17 05:40 - 2014-02-17 05:40 - 00118784 _____ () C:\ProgramData\wjofqmah.cpp
2014-02-14 13:53 - 2014-02-14 13:53 - 00602112 _____ (OldTimer Tools) C:\Users\Tomek\Desktop\OTL.exe
2014-02-14 13:44 - 2014-02-14 13:44 - 00308876 _____ () C:\Windows\PFRO.log
2014-02-14 12:05 - 2014-02-14 15:54 - 00001236 _____ () C:\Windows\setupact.log
2014-02-14 12:05 - 2014-02-14 12:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 09:29 - 2014-02-14 09:29 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Malwarebytes
2014-02-14 09:29 - 2014-02-14 09:29 - 00000000 ____D () C:\ProgramData\Real
2014-02-14 09:29 - 2014-02-14 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 09:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-14 09:27 - 2014-02-14 09:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tomek\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 09:27 - 2014-02-14 09:27 - 00000000 ____D () C:\Program Files (x86)\SimilarSites
2014-02-14 09:18 - 2014-02-14 09:18 - 00000000 ____D () C:\Windows\ERDNT
2014-02-14 09:16 - 2014-02-14 09:18 - 00000000 ____D () C:\Qoobox
2014-02-14 09:11 - 2014-02-14 09:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-11 08:19 - 2014-02-11 08:20 - 95027928 ____T () C:\ProgramData\b08zrj2r.fee
2014-02-11 08:19 - 2014-02-11 08:19 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\b08zrj2r.zvv
2014-02-03 22:40 - 2014-02-03 22:40 - 00025909 _____ () C:\Users\Tomek\Downloads\photos.htm
2014-01-30 22:05 - 2014-01-30 22:05 - 00055953 _____ () C:\Users\Tomek\Documents\kredyty_hipoteczne.htm

==================== One Month Modified Files and Folders =======

2014-02-21 08:27 - 2014-02-21 08:27 - 00000000 ____D () C:\FRST
2014-02-21 08:27 - 2014-02-17 05:40 - 95027928 ____T () C:\ProgramData\hamqfojw.fee
2014-02-21 08:26 - 2014-02-18 22:26 - 95027928 ____T () C:\ProgramData\23ebn7twl.fee
2014-02-21 08:13 - 2013-01-05 20:44 - 01894609 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 22:26 - 2014-02-18 22:26 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\23ebn7twl.zvv
2014-02-18 22:26 - 2014-02-18 22:26 - 00118784 _____ () C:\ProgramData\lwt7nbe32.cpp
2014-02-18 22:26 - 2013-01-05 20:49 - 00000000 ___RD () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 05:41 - 2014-02-17 05:41 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\hamqfojw.zvv
2014-02-17 05:40 - 2014-02-17 05:40 - 00118784 _____ () C:\ProgramData\wjofqmah.cpp
2014-02-16 19:31 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 19:31 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 15:54 - 2014-02-14 12:05 - 00001236 _____ () C:\Windows\setupact.log
2014-02-14 15:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 13:53 - 2014-02-14 13:53 - 00602112 _____ (OldTimer Tools) C:\Users\Tomek\Desktop\OTL.exe
2014-02-14 13:44 - 2014-02-14 13:44 - 00308876 _____ () C:\Windows\PFRO.log
2014-02-14 13:44 - 2013-01-07 15:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-14 12:09 - 2013-01-05 22:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-14 12:08 - 2013-01-05 22:38 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Google
2014-02-14 12:05 - 2014-02-14 12:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 12:01 - 2013-01-16 16:18 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Player Classic
2014-02-14 12:01 - 2013-01-05 12:41 - 00000000 ____D () C:\Windows\Panther
2014-02-14 09:29 - 2014-02-14 09:29 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Malwarebytes
2014-02-14 09:29 - 2014-02-14 09:29 - 00000000 ____D () C:\ProgramData\Real
2014-02-14 09:29 - 2014-02-14 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 09:27 - 2014-02-14 09:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tomek\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 09:27 - 2014-02-14 09:27 - 00000000 ____D () C:\Program Files (x86)\SimilarSites
2014-02-14 09:18 - 2014-02-14 09:18 - 00000000 ____D () C:\Windows\ERDNT
2014-02-14 09:18 - 2014-02-14 09:16 - 00000000 ____D () C:\Qoobox
2014-02-14 09:11 - 2014-02-14 09:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-11 08:21 - 2013-01-05 20:48 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore
2014-02-11 08:20 - 2014-02-11 08:19 - 95027928 ____T () C:\ProgramData\b08zrj2r.fee
2014-02-11 08:19 - 2014-02-11 08:19 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\b08zrj2r.zvv
2014-02-05 20:26 - 2011-03-21 20:49 - 00737980 _____ () C:\Windows\system32\perfh015.dat
2014-02-05 20:26 - 2011-03-21 20:49 - 00154636 _____ () C:\Windows\system32\perfc015.dat
2014-02-05 20:26 - 2009-07-14 06:13 - 01662556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 22:40 - 2014-02-03 22:40 - 00025909 _____ () C:\Users\Tomek\Downloads\photos.htm
2014-01-30 22:05 - 2014-01-30 22:05 - 00055953 _____ () C:\Users\Tomek\Documents\kredyty_hipoteczne.htm

Files to move or delete:
====================
C:\ProgramData\23ebn7twl.fee
C:\ProgramData\23ebn7twl.zvv
C:\ProgramData\b08zrj2r.fee
C:\ProgramData\b08zrj2r.zvv
C:\ProgramData\hamqfojw.fee
C:\ProgramData\hamqfojw.zvv


Some content of TEMP:
====================
C:\Users\Tomek\AppData\Local\Temp\ComboFix.exe
C:\Users\Tomek\AppData\Local\Temp\lowproc.exe
C:\Users\Tomek\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit