Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2014 Ran by SYSTEM on MININT-MKNRV3N on 30-11-2014 19:37:03 Running from F:\ Platform: Windows 7 Professional (X86) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10029672 2014-05-16] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\Aneta\...\Run: [GoogleChromeAutoLaunch_EECE30B6BAC294C67422613FC6A1A55E] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S1 MpKsl6dd87e8a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{113D6A29-A518-4A55-BF4B-559E65076401}\MpKsl6dd87e8a.sys [39464 2014-11-22] () S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-07-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-30 19:22 - 2014-11-30 19:37 - 00000000 ____D () C:\FRST 2014-11-22 22:18 - 2014-11-22 22:19 - 05915406 _____ () C:\Users\Aneta\Downloads\facebook-anetaniesler.zip 2014-11-22 20:53 - 2014-11-22 20:54 - 00000000 ____D () C:\Program Files\Recuva 2014-11-22 20:52 - 2014-11-22 20:52 - 00000000 ____D () C:\Users\Aneta\Downloads\OneDrive-2014-11-22 2014-11-22 20:51 - 2014-11-22 20:51 - 00297399 _____ () C:\Users\Aneta\Downloads\OneDrive-2014-11-22.zip 2014-11-22 20:51 - 2014-11-22 20:51 - 00297399 _____ () C:\Users\Aneta\Downloads\OneDrive-2014-11-22 (1).zip 2014-11-22 20:33 - 2014-11-22 20:36 - 04210920 _____ (Piriform Ltd) C:\Users\Aneta\Downloads\rcsetup151.exe 2014-11-19 15:51 - 2014-11-19 22:35 - 00025289 _____ () C:\Users\Aneta\Desktop\cv_aneta-niesler SWIEZE2.odt 2014-11-19 10:45 - 2014-05-10 17:35 - 00000000 ____D () C:\Users\Aneta\Desktop\Mrozu - Rollercoaster (2014) [mp3@320kbps] 2014-11-18 19:34 - 2014-11-11 04:21 - 00551424 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-11-18 19:34 - 2014-11-11 04:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2014-11-18 19:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll 2014-11-13 15:16 - 2014-11-13 15:16 - 00013975 _____ () C:\Users\Aneta\Desktop\przepisy.odt 2014-11-12 11:05 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2014-11-12 11:05 - 2014-10-09 07:32 - 02387968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-11-12 11:05 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2014-11-12 11:05 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2014-11-12 11:05 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2014-11-12 11:05 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2014-11-12 11:05 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2014-11-12 11:05 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-11-12 11:05 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-11-12 11:05 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2014-11-12 11:04 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-11-12 11:04 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-11-12 11:04 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-11-12 11:04 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-11-12 11:04 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-11-12 11:04 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-11-12 11:04 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-11-12 11:04 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-11-12 11:04 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-11-12 11:04 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-12 11:04 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-11-12 11:04 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-11-12 11:04 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-11-12 11:04 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-11-12 11:04 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-11-12 11:04 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-11-12 11:04 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-11-12 11:04 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-11-12 11:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-11-12 11:04 - 2014-10-14 02:53 - 00136632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-11-12 11:04 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2014-11-12 11:04 - 2014-10-14 02:50 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-11-12 11:04 - 2014-10-14 02:49 - 01062400 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-11-12 11:04 - 2014-10-14 02:49 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2014-11-12 11:04 - 2014-10-14 02:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2014-11-12 11:03 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-11-12 11:03 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-11-12 11:03 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-11-12 11:03 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-11-12 11:03 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-11-12 11:03 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-11-12 11:03 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-11-12 11:03 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-11-12 11:03 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-11-12 11:03 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-11-12 11:03 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-11-12 11:03 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-11-08 17:28 - 2014-11-08 17:28 - 00000000 ____D () C:\Users\Aneta\Downloads\Linzo Blogger Theme By Blogtipsntricks.com 2014-11-08 17:07 - 2014-11-08 17:08 - 00150099 _____ () C:\Users\Aneta\Downloads\Linzo Blogger Theme By Blogtipsntricks.com.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 13:59 - 2010-11-20 22:48 - 00008474 _____ () C:\Windows\PFRO.log 2014-11-25 07:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles 2014-11-24 14:10 - 2014-05-16 20:24 - 01709693 _____ () C:\Windows\WindowsUpdate.log 2014-11-23 00:10 - 2014-06-05 20:57 - 00000000 ____D () C:\Users\Aneta\AppData\Roaming\vlc 2014-11-22 23:17 - 2014-06-01 20:55 - 00000000 ____D () C:\Users\Aneta\AppData\Roaming\uTorrent 2014-11-22 21:15 - 2014-08-09 08:38 - 00012226 _____ () C:\Windows\setupact.log 2014-11-22 10:53 - 2009-07-14 05:34 - 00034736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-22 10:53 - 2009-07-14 05:34 - 00034736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-21 09:52 - 2014-05-21 17:33 - 00000000 ____D () C:\Users\Aneta\AppData\Roaming\foobar2000 2014-11-19 14:07 - 2011-04-12 06:08 - 00737980 _____ () C:\Windows\System32\perfh015.dat 2014-11-19 14:07 - 2011-04-12 06:08 - 00154636 _____ () C:\Windows\System32\perfc015.dat 2014-11-19 14:07 - 2010-11-20 22:01 - 01662556 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-11-19 03:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\pl-PL 2014-11-13 03:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 03:44 - 2009-07-14 05:33 - 00294040 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-11-13 03:16 - 2014-05-16 23:39 - 00000000 ____D () C:\Windows\System32\MRT 2014-11-13 03:05 - 2014-05-16 23:39 - 100445232 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Some content of TEMP: ==================== C:\Users\Aneta\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Aneta\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [2014-10-17 14:39] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870 C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe [2013-07-11 15:25] - [2013-07-11 15:25] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2013-07-11 15:25] - [2013-07-11 15:25] - 0376832 ____A (Microsoft Corporation) 46A8388AB8ED91F1974C556AA4C27CEC ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2013-07-11 15:25] - [2013-07-11 15:25] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109 ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 1013.3 MB Available physical RAM: 631.8 MB Total Pagefile: 1013.3 MB Available Pagefile: 637.89 MB Total Virtual: 2047.88 MB Available Virtual: 1964.1 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:19.43 GB) (Free:1.23 GB) NTFS Drive f: () (Removable) (Total:7.19 GB) (Free:3.5 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00052650) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=129.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-11-15 22:16 ==================== End Of Log ============================