Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01 Ran by Marta (administrator) on MARTA-KOMPUTER on 09-05-2014 10:10:51 Running from C:\Users\Marta\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Redefine Sp z o.o.) C:\Program Files (x86)\ipla\ipla.exe (Spotify Ltd) C:\Users\Marta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (http://www.tinydm.com/) C:\Users\Marta\AppData\Local\DM\TinyDM.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (ASUS) C:\Windows\AsScrPro.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (NirSoft) C:\Program Files (x86)\NirSoft\ShellExView\shexview.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (NirSoft) C:\Users\Marta\AppData\Local\Temp\Rar$EXa0.160\InstalledCodec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6326448 2012-12-21] (ESET) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] () HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3337480804-2282078556-1568037250-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3337480804-2282078556-1568037250-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd) HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [IPLA!] => C:\Program Files (x86)\ipla\ipla.exe [21172832 2013-05-28] (Redefine Sp z o.o.) HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [Bksasb] => C:\Users\Marta\AppData\Roaming\Bksasb.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [Spotify] => C:\Users\Marta\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-18] (Spotify Ltd) HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [Spotify Web Helper] => C:\Users\Marta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-18] (Spotify Ltd) HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [Tiny download manager] => C:\Users\Marta\AppData\Local\DM\TinyDM.exe [288728 2014-01-27] (http://www.tinydm.com/) HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {1cb15da9-a018-11e0-b819-806e6f6e6963} - E:\Setup.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {49ee7948-bf1e-11e3-9abd-742f6835c422} - F:\LGAutoRun.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {70757d50-b98e-11e1-ab51-001e101fb681} - F:\AutoRun.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {b8dccd92-b2f4-11e1-a67b-742f6835c422} - F:\KODAK_Camera_Setup_App.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {e7d041c8-b215-11e1-a275-742f6835c422} - F:\AutoRun.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {e7d041d6-b215-11e1-a275-742f6835c422} - F:\AutoRun.exe HKU\S-1-5-21-3337480804-2282078556-1568037250-1001\...\MountPoints2: {e7d041e0-b215-11e1-a275-742f6835c422} - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 2510 series.lnk ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {A7DC2CAA-4BF4-4627-8C83-A1DAE657E83D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=50BBFD04-0F0F-457D-BC0B-4B99C1F22920&apn_sauid=E323A09D-7540-4B6F-84B6-C53AC8FEF47D SearchScopes: HKCU - {B6841037-75E3-4902-8C1C-D765DAE0344C} URL = http://startsear.ch/?aff=1&src=sp&cf=06e5088a-c927-11e1-8c3c-742f6835c422&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - No Name - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\psc5mc7f.default FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=128 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-05-29] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION ==================== Services (Whitelisted) ================= R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [290424 2013-07-15] (WinZip Computing, S.L. (WinZip Computing)) S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-31] (DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-09 10:10 - 2014-05-09 10:11 - 00020486 _____ () C:\Users\Marta\Desktop\FRST.txt 2014-05-09 10:08 - 2014-05-09 10:10 - 00000000 ____D () C:\FRST 2014-05-09 09:59 - 2014-05-09 09:59 - 03054418 _____ () C:\Users\Marta\Desktop\AutoRuns.arn 2014-05-09 09:54 - 2014-05-09 09:54 - 00085452 _____ () C:\Users\Marta\Desktop\Extras1.Txt 2014-05-09 09:53 - 2014-05-09 09:53 - 00074966 _____ () C:\Users\Marta\Desktop\OTL1.Txt 2014-05-09 09:51 - 2014-05-09 10:01 - 00092498 _____ () C:\Users\Marta\Desktop\Extras.Txt 2014-05-09 09:48 - 2014-05-09 10:01 - 00149000 _____ () C:\Users\Marta\Desktop\OTL.Txt 2014-05-09 09:43 - 2014-05-09 09:44 - 02064384 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe 2014-05-09 09:37 - 2014-05-09 09:37 - 00061117 _____ () C:\Users\Marta\Desktop\installedcodec-x64.zip 2014-05-09 09:36 - 2014-05-09 09:36 - 00550371 _____ () C:\Users\Marta\Desktop\Autoruns.zip 2014-05-09 09:30 - 2014-05-09 09:30 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView 2014-05-09 09:30 - 2014-05-09 09:30 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2014-05-09 09:29 - 2014-05-09 09:29 - 00140832 _____ () C:\Users\Marta\Desktop\shexview_setup.exe 2014-05-09 09:27 - 2014-05-09 09:27 - 00000000 ____D () C:\Users\Marta\Desktop\shexview_polish 2014-05-09 09:24 - 2014-05-09 09:24 - 00002759 _____ () C:\Users\Marta\Desktop\shexview_polish.zip 2014-05-09 09:21 - 2014-05-09 09:21 - 00602112 _____ (OldTimer Tools) C:\Users\Marta\Desktop\OTL.exe 2014-05-09 08:28 - 2014-05-09 08:28 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-05-02 18:23 - 2014-05-02 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-27 19:27 - 2014-04-27 19:27 - 00000000 ____D () C:\Users\Marta\Desktop\Iwonka 2014-04-15 19:51 - 2014-04-15 19:53 - 00000000 ____D () C:\Users\Marta\Desktop\Zdjęcia z pacy 2014-04-14 21:58 - 2014-04-14 21:58 - 00000000 ____D () C:\Users\Marta\Desktop\helikopter i kłady 2014-04-14 21:49 - 2014-04-14 21:50 - 00000000 ____D () C:\Users\Marta\Desktop\sp sandra 2014-04-14 21:18 - 2014-04-14 21:20 - 00000000 ____D () C:\Users\Marta\Desktop\foty 2014-04-13 15:06 - 2014-04-08 01:45 - 218505216 _____ () C:\Users\Marta\Desktop\00063.MTS 2014-04-10 22:07 - 2014-04-10 22:36 - 00000000 ____D () C:\Users\Marta\Desktop\fac 2014-04-10 20:11 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Marta\Desktop\WODOPAD ==================== One Month Modified Files and Folders ======= 2014-05-09 10:11 - 2014-05-09 10:10 - 00020486 _____ () C:\Users\Marta\Desktop\FRST.txt 2014-05-09 10:10 - 2014-05-09 10:08 - 00000000 ____D () C:\FRST 2014-05-09 10:10 - 2013-12-06 12:12 - 00000000 ____D () C:\Users\Marta\Desktop\Z pulpitu 2014-05-09 10:01 - 2014-05-09 09:51 - 00092498 _____ () C:\Users\Marta\Desktop\Extras.Txt 2014-05-09 10:01 - 2014-05-09 09:48 - 00149000 _____ () C:\Users\Marta\Desktop\OTL.Txt 2014-05-09 09:59 - 2014-05-09 09:59 - 03054418 _____ () C:\Users\Marta\Desktop\AutoRuns.arn 2014-05-09 09:56 - 2011-12-17 17:30 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Skype 2014-05-09 09:54 - 2014-05-09 09:54 - 00085452 _____ () C:\Users\Marta\Desktop\Extras1.Txt 2014-05-09 09:53 - 2014-05-09 09:53 - 00074966 _____ () C:\Users\Marta\Desktop\OTL1.Txt 2014-05-09 09:44 - 2014-05-09 09:43 - 02064384 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe 2014-05-09 09:38 - 2009-07-14 04:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-09 09:38 - 2009-07-14 04:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-09 09:37 - 2014-05-09 09:37 - 00061117 _____ () C:\Users\Marta\Desktop\installedcodec-x64.zip 2014-05-09 09:36 - 2014-05-09 09:36 - 00550371 _____ () C:\Users\Marta\Desktop\Autoruns.zip 2014-05-09 09:30 - 2014-05-09 09:30 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView 2014-05-09 09:30 - 2014-05-09 09:30 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2014-05-09 09:29 - 2014-05-09 09:29 - 00140832 _____ () C:\Users\Marta\Desktop\shexview_setup.exe 2014-05-09 09:27 - 2014-05-09 09:27 - 00000000 ____D () C:\Users\Marta\Desktop\shexview_polish 2014-05-09 09:24 - 2014-05-09 09:24 - 00002759 _____ () C:\Users\Marta\Desktop\shexview_polish.zip 2014-05-09 09:21 - 2014-05-09 09:21 - 00602112 _____ (OldTimer Tools) C:\Users\Marta\Desktop\OTL.exe 2014-05-09 09:21 - 2013-10-20 17:13 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-09 09:15 - 2011-04-01 08:58 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-09 09:15 - 2011-04-01 08:58 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-09 08:58 - 2011-06-26 17:07 - 01870155 _____ () C:\Windows\WindowsUpdate.log 2014-05-09 08:53 - 2013-04-12 07:10 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Spotify 2014-05-09 08:44 - 2011-02-19 05:31 - 00699240 _____ () C:\Windows\system32\perfh015.dat 2014-05-09 08:44 - 2011-02-19 05:31 - 00135134 _____ () C:\Windows\system32\perfc015.dat 2014-05-09 08:44 - 2009-07-14 05:13 - 01554172 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-09 08:29 - 2012-06-14 18:39 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\ipla 2014-05-09 08:28 - 2014-05-09 08:28 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-05-09 08:28 - 2013-06-03 17:39 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-05-09 08:28 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-09 08:27 - 2009-07-14 04:51 - 00161159 _____ () C:\Windows\setupact.log 2014-05-08 21:51 - 2011-06-26 17:35 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-05-06 20:58 - 2014-01-26 18:32 - 00000472 _____ () C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job 2014-05-04 18:32 - 2014-01-26 18:32 - 00000510 _____ () C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job 2014-05-04 16:52 - 2013-04-29 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-02 18:23 - 2014-05-02 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-29 10:36 - 2013-10-20 17:13 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 10:36 - 2013-01-31 22:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 10:36 - 2013-01-31 21:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-27 19:27 - 2014-04-27 19:27 - 00000000 ____D () C:\Users\Marta\Desktop\Iwonka 2014-04-15 19:53 - 2014-04-15 19:51 - 00000000 ____D () C:\Users\Marta\Desktop\Zdjęcia z pacy 2014-04-14 21:58 - 2014-04-14 21:58 - 00000000 ____D () C:\Users\Marta\Desktop\helikopter i kłady 2014-04-14 21:50 - 2014-04-14 21:49 - 00000000 ____D () C:\Users\Marta\Desktop\sp sandra 2014-04-14 21:20 - 2014-04-14 21:18 - 00000000 ____D () C:\Users\Marta\Desktop\foty 2014-04-14 03:43 - 2011-12-07 18:34 - 00000000 ____D () C:\Users\Marta\Documents\Bluetooth Folder 2014-04-12 18:15 - 2014-03-07 08:40 - 09670797 _____ () C:\Users\Marta\Desktop\Dziennik odchudzania.pptx 2014-04-10 22:36 - 2014-04-10 22:07 - 00000000 ____D () C:\Users\Marta\Desktop\fac 2014-04-10 22:35 - 2014-04-10 20:11 - 00000000 ____D () C:\Users\Marta\Desktop\WODOPAD 2014-04-09 21:10 - 2012-02-18 14:53 - 00000000 ____D () C:\Users\Marta\AppData\Local\CrashDumps Some content of TEMP: ==================== C:\Users\Marta\AppData\Local\Temp\gg10.upgr.exe C:\Users\Marta\AppData\Local\Temp\ipl1209.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl207A.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl3081.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl32C2.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl474C.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl5FCB.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl8249.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl9CF9.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl9F69.tmp.exe C:\Users\Marta\AppData\Local\Temp\ipl9F6A.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA015.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA2B4.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA5EF.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA69A.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA707.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA7D2.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplA84F.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplAA33.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplAA42.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplAC74.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplAE38.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplAFFD.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplB0B8.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplB347.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplB3A5.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplB6D0.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplB9FB.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplBAF5.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplBB81.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplC061.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplC14B.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplC467.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplC753.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplC8CA.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplC8F9.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplCC62.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplCC91.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplD6ED.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplDF75.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplDF94.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplEE65.tmp.exe C:\Users\Marta\AppData\Local\Temp\iplF7E5.tmp.exe C:\Users\Marta\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Marta\AppData\Local\Temp\ose00000.exe C:\Users\Marta\AppData\Local\Temp\Quarantine.exe C:\Users\Marta\AppData\Local\Temp\SkypeSetup.exe C:\Users\Marta\AppData\Local\Temp\wmokjlpx.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-30 00:29 ==================== End Of Log ============================