Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01 Ran by Kowalczyk (administrator) on KOWALCZYK-PC on 25-11-2014 20:27:28 Running from C:\Users\Kowalczyk\Desktop\Skany Loaded Profile: Kowalczyk (Available profiles: Kowalczyk) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (OldTimer Tools) C:\Users\Kowalczyk\Desktop\Skany\OTL.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1823575653-634684722-819475751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1823575653-634684722-819475751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> DefaultScope value is missing. BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\coIEPlg.dll No File BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\IPS\IPSBHO.DLL No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\coIEPlg.dll No File Toolbar: HKU\S-1-5-21-1823575653-634684722-819475751-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Kowalczyk\AppData\Roaming\Mozilla\Firefox\Profiles\o8xps00f.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Kowalczyk\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-17] FF Extension: Adblock Plus - C:\Users\Kowalczyk\AppData\Roaming\Mozilla\Firefox\Profiles\o8xps00f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn FF Extension: No Name - C:\Users\Kowalczyk\AppData\Roaming\Mozilla\Firefox\Profiles\o8xps00f.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [Not Found] FF Extension: No Name - {f9d03c26-0575-497e-821d-f7956d23e0ca} [Not Found] Chrome: ======= CHR Profile: C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17] CHR Extension: (Dysk Google) - C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17] CHR Extension: (YouTube) - C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17] CHR Extension: (Szukaj w Google) - C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17] CHR Extension: (Google Wallet) - C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Kowalczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\Exts\Chrome.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation) R2 MSSQL$MYMOVIES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation) S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-22] (DT Soft Ltd) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-14] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [139864 2013-08-14] (Symantec Corporation) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation) R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20130814.001\BHDrvx64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1500000.064\ccSetx64.sys [X] S3 IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20130805.011\IDSVia64.sys [X] S3 MFE_RR; \??\C:\Users\KOWALC~1\AppData\Local\Temp\mfe_rr.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20130814.018\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20130814.018\EX64.SYS [X] S3 SRTSP; \SystemRoot\system32\drivers\NISx64\1500000.064\SRTSP64.SYS [X] S3 SRTSPX; \SystemRoot\system32\drivers\NISx64\1500000.064\SRTSPX64.SYS [X] S3 SymDS; \SystemRoot\system32\drivers\NISx64\1500000.064\SYMDS64.SYS [X] S3 SymEFA; \SystemRoot\system32\drivers\NISx64\1500000.064\SYMEFA64.SYS [X] S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X] S3 SymIRON; \SystemRoot\system32\drivers\NISx64\1500000.064\Ironx64.SYS [X] S3 SymNetS; \SystemRoot\system32\drivers\NISx64\1500000.064\SYMNETS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 20:27 - 2014-11-25 20:27 - 00000000 ____D () C:\FRST 2014-11-25 19:54 - 2014-11-25 20:27 - 00000000 ____D () C:\Users\Kowalczyk\Desktop\Skany 2014-11-25 19:17 - 2014-11-25 19:18 - 00000310 _____ () C:\Users\Kowalczyk\Desktop\RootkitRemover_20141125_191728.log 2014-11-25 19:17 - 2014-11-25 19:16 - 00783120 _____ (McAfee, Inc.) C:\Users\Kowalczyk\Desktop\rootkitremover.exe 2014-11-25 19:09 - 2014-11-25 19:09 - 00010355 _____ () C:\ComboFix.txt 2014-11-25 18:55 - 2014-11-25 18:54 - 01707532 _____ (Thisisu) C:\Users\Kowalczyk\Desktop\JRT.exe 2014-11-25 18:55 - 2014-11-25 18:53 - 02148864 _____ () C:\Users\Kowalczyk\Desktop\AdwCleaner.exe 2014-11-25 18:55 - 2014-11-25 18:51 - 05599228 ____R (Swearware) C:\Users\Kowalczyk\Desktop\ComboFix.exe 2014-11-25 17:01 - 2014-11-25 17:02 - 00000008 _____ () C:\Users\Kowalczyk\Desktop\Nowy dokument tekstowy.txt 2014-11-14 20:01 - 2014-11-14 20:01 - 00001196 _____ () C:\Users\Kowalczyk\Desktop\Continue installation .lnk 2014-11-14 19:46 - 2014-11-14 20:00 - 00496872 _____ () C:\Users\Kowalczyk\Downloads\installflashplayer__8497_i1405364342_il395.exe 2014-11-11 19:44 - 2014-11-11 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-11 18:08 - 2014-11-11 21:31 - 00017069 ____H () C:\Users\Kowalczyk\Desktop\~WRL2546.tmp 2014-11-09 19:30 - 2014-11-09 19:30 - 00143992 _____ () C:\Users\Kowalczyk\Downloads\MIKRO I MAKROELEMENTY.pptx 2014-11-08 08:38 - 2014-11-08 08:38 - 00000000 ____D () C:\found.002 2014-11-01 18:59 - 2014-11-01 18:59 - 03576832 _____ () C:\Users\Kowalczyk\Downloads\177_Zapotrzebowanie_organizmu_na_skladniki_odzywcze_mineralne_witaminy_i_wode.ppt 2014-10-30 16:56 - 2014-10-30 16:57 - 00000000 ____D () C:\Users\Kowalczyk\Desktop\rabata ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 20:26 - 2013-06-20 16:08 - 01917190 _____ () C:\Windows\WindowsUpdate.log 2014-11-25 19:50 - 2009-07-14 05:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-25 19:50 - 2009-07-14 05:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-25 19:37 - 2013-06-20 18:03 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-25 19:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-25 19:37 - 2009-07-14 05:51 - 00130460 _____ () C:\Windows\setupact.log 2014-11-25 19:29 - 2013-06-20 18:03 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-25 19:12 - 2014-06-26 15:31 - 00000000 ____D () C:\AdwCleaner 2014-11-25 19:12 - 2010-11-21 04:47 - 00337180 _____ () C:\Windows\PFRO.log 2014-11-25 19:09 - 2014-06-26 15:16 - 00000000 ____D () C:\Qoobox 2014-11-25 19:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-25 19:04 - 2014-06-26 15:16 - 00000000 ____D () C:\Windows\erdnt 2014-11-25 18:51 - 2013-06-20 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-25 16:36 - 2014-09-03 17:04 - 00000000 ____D () C:\Users\Kowalczyk\Desktop\2 TAK 2014-11-21 17:30 - 2011-02-04 18:38 - 00736636 _____ () C:\Windows\system32\perfh015.dat 2014-11-21 17:30 - 2011-02-04 18:38 - 00149904 _____ () C:\Windows\system32\perfc015.dat 2014-11-21 17:30 - 2009-07-14 06:13 - 01661114 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-12 15:38 - 2013-06-20 17:52 - 00000000 ____D () C:\Users\Kowalczyk\AppData\Roaming\Skype 2014-11-11 13:49 - 2014-09-03 17:02 - 00000000 ____D () C:\Users\Kowalczyk\Desktop\rys 2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Kowalczyk\AppData\Local\Temp\Quarantine.exe C:\Users\Kowalczyk\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 20:25 ==================== End Of Log ============================