Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Pistan (administrator) on PISTAN-LAPEK on 25-03-2015 13:01:18 Running from C:\Users\Pistan\Downloads Loaded Profiles: Pistan (Available profiles: Pistan) Platform: Windows 7 Home Premium (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Agere Systems) C:\Windows\System32\agr64svc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (OptionNV) C:\Program Files\Option\Acer 3G Connection Manager\GtDetectSc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Realtek Semiconductor Corp.) C:\Users\Pistan\AppData\Local\Temp\RtkBtMnt.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Pistan\Downloads\OTL.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7074336 2009-02-14] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [281600 2009-01-30] (Alps Electric Co., Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1661736 2008-12-05] (Synaptics, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Chrome] => C:\chrome\chrome.exe [0 2012-12-10] () HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Run: [Google Update] => C:\Users\Pistan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.) HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\system: [ConsentPromptBehaviorAdmin] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\system: [PromptOnSecureDesktop] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Policies\system: [ConsentPromptBehaviorAdmin] 0 HKU\S-1-5-18\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-18\...\Policies\system: [PromptOnSecureDesktop] 0 HKU\S-1-5-18\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-21-4179606135-1514452474-3470605731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=2&src=sp&cf=415d00b1-dbdd-11e0-93b4-00262d5e94c6&q={searchTerms} SearchScopes: HKLM-x32 -> {6F6FEA89-EFE4-4144-9EDA-16BE4A0837A9} URL = http://startsear.ch/?aff=2&src=sp&cf=415d00b1-dbdd-11e0-93b4-00262d5e94c6&q={searchTerms} SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/06/01&hid=205514685&lg=EN&cc=PL&unqvl=18 SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=2&src=sp&cf=415d00b1-dbdd-11e0-93b4-00262d5e94c6&q={searchTerms} SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=2&src=sp&cf=415d00b1-dbdd-11e0-93b4-00262d5e94c6&q={searchTerms} SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=c6d8643d0000000000000aeee6e025bc SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> {6F6FEA89-EFE4-4144-9EDA-16BE4A0837A9} URL = SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> {9A65A719-FB7C-4023-A99F-5FCFEB260755} URL = SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKU\S-1-5-21-4179606135-1514452474-3470605731-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/06/01&hid=205514685&lg=EN&cc=PL&unqvl=18 BHO: VshareComplete -> {08337871-0e50-4031-9110-3bd21ca3c065} -> C:\Users\Pistan\AppData\Roaming\VshareComplete\64\VshareComplete64.dll [2011-11-09] (SimplyGen) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-01] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-01] (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab Tcpip\Parameters: [DhcpNameServer] 213.172.186.4 213.172.186.5 Tcpip\..\Interfaces\{3D054E7E-4082-49AB-9D6A-CA639A7579D5}: [NameServer] 89.108.195.21 89.108.202.21 Tcpip\..\Interfaces\{D8C79E98-BEF5-47D7-B15B-0C8A30A00CC8}: [NameServer] 89.108.195.21 89.108.202.21 FireFox: ======== FF ProfilePath: C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default FF DefaultSearchEngine,S: WebSearch FF DefaultSearchUrl: hxxp://websearch.a-searchpage.info/?pid=658&r=2013/06/01&hid=205514685&lg=EN&cc=PL&unqvl=18&l=1&q= FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: WebSearch FF SelectedSearchEngine,S: WebSearch FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-17] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-21] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-17] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-21] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll [2004-11-09] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll [2004-11-09] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2011-07-28] (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4179606135-1514452474-3470605731-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pistan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin HKU\S-1-5-21-4179606135-1514452474-3470605731-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pistan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF user.js: detected! => C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\user.js [2013-02-14] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2011-04-15] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-27] (LiveVDO ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\searchplugins\Search_Results.xml [2012-10-12] FF SearchPlugin: C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\searchplugins\startsear.xml [2012-02-28] FF SearchPlugin: C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\searchplugins\web-search.xml [2011-02-18] FF SearchPlugin: C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2011-11-30] FF Extension: cOOntiNuetaosave - C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\Extensions\mg1tvib@ojiajvwfv.net [2013-06-02] FF Extension: No Name - C:\Users\Pistan\AppData\Roaming\Mozilla\Firefox\Profiles\um1qjswo.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2011-01-14] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2015-03-25] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR Profile: C:\Users\Pistan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\Pistan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-18] CHR Extension: (Authy) - C:\Users\Pistan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2015-01-14] CHR Extension: (Google Wallet) - C:\Users\Pistan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\VshareComplete\chrome\VshareCompleteChrome.crx [2011-11-18] CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31] CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Users\Pistan\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [2011-10-27] StartMenuInternet: Google Chrome - C:\Users\Pistan\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1449984 2008-10-02] (Intel(R) Corporation) [File not signed] R2 GtDetectSc; C:\Program Files\Option\Acer 3G Connection Manager\GtDetectSc.exe [314880 2008-05-08] (OptionNV) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-09-22] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2012-06-27] () R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-10-02] (Intel(R) Corporation) [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com)) [File not signed] S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2010-04-21] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation) R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [22216 2008-08-06] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [22216 2008-08-06] (Licensed for Gebhard Software) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2013-09-22] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20150323.001\IDSvia64.sys [669400 2015-03-23] (Symantec Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20150324.019\ENG64.SYS [129752 2015-03-24] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20150324.019\EX64.SYS [2137304 2015-03-24] (Symantec Corporation) S1 ntiomin; No ImagePath R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-01-11] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-18] (The OpenVPN Project) R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-04-28] (TrueCrypt Foundation) S3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [1741480 2009-05-12] (TamoSoft) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 ccEvtMgr; No ImagePath U2 ccSetMgr; No ImagePath U3 navapsvc; No ImagePath S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] U3 SAVRT; No ImagePath U1 SAVRTPEL; No ImagePath S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U0 sr; No ImagePath U3 TlntSvr; No ImagePath S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] U2 wuaserv; No ImagePath S3 X6va003; \??\C:\Users\Pistan\AppData\Local\Temp\003444F.tmp [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-25 13:01 - 2015-03-25 13:01 - 00026751 _____ () C:\Users\Pistan\Downloads\FRST.txt 2015-03-25 12:58 - 2015-03-25 13:01 - 00000000 ____D () C:\FRST 2015-03-25 12:57 - 2015-03-25 12:57 - 02095616 _____ (Farbar) C:\Users\Pistan\Downloads\FRST64.exe 2015-03-25 12:19 - 2015-03-25 12:19 - 00094836 _____ () C:\Users\Pistan\Downloads\Extras.Txt 2015-03-25 12:17 - 2015-03-25 12:17 - 02952480 _____ () C:\Users\Pistan\Downloads\OTL.Txt 2015-03-25 12:00 - 2015-03-25 12:00 - 00602112 _____ (OldTimer Tools) C:\Users\Pistan\Downloads\OTL.exe 2015-03-25 11:40 - 2015-03-25 11:40 - 00619688 _____ (Duplex Secure Ltd) C:\Users\Pistan\Downloads\SPTDinst-v187-x64 (3).exe 2015-03-25 11:20 - 2015-03-25 11:20 - 00000000 ____D () C:\Users\Pistan\Documents\ProcAlyzer Dumps 2015-03-25 11:13 - 2015-03-25 11:13 - 05615749 _____ (Swearware) C:\Users\Pistan\Downloads\ComboFix (1).exe 2015-03-25 11:12 - 2015-03-25 11:12 - 05615749 ____R (Swearware) C:\Users\Pistan\Downloads\ComboFix.exe 2015-03-24 21:46 - 2015-03-25 11:52 - 00000224 _____ () C:\Windows\setupact.log 2015-03-18 19:15 - 2015-03-24 17:15 - 00000000 ____D () C:\Users\Pistan\Downloads\crack 2015-03-18 18:48 - 2015-03-18 18:48 - 00072221 _____ () C:\Users\Pistan\Downloads\EuroTruckSimulator2_1_16_2_patch.exe.torrent 2015-02-27 17:34 - 2015-02-27 17:35 - 00243496 _____ () C:\Users\Pistan\Downloads\Firefox Setup Stub 36.0.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-25 12:52 - 2011-03-11 21:53 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-25 12:34 - 2011-10-13 20:37 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4179606135-1514452474-3470605731-1000UA.job 2015-03-25 11:56 - 2010-02-03 11:56 - 01973409 _____ () C:\Windows\WindowsUpdate.log 2015-03-25 11:53 - 2011-03-11 21:53 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-25 11:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-25 11:44 - 2015-01-12 13:55 - 00012150 _____ () C:\Windows\PFRO.log 2015-03-25 11:26 - 2013-04-03 15:18 - 00000000 ___SD () C:\32788R22FWJFW 2015-03-25 11:19 - 2013-04-03 14:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-03-25 11:09 - 2013-04-03 14:50 - 00000000 ____D () C:\Users\Pistan\Downloads\combofix 2015-03-25 10:51 - 2011-10-13 20:37 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4179606135-1514452474-3470605731-1000Core.job 2015-03-24 23:38 - 2012-09-27 13:36 - 00000000 ____D () C:\Users\Pistan\AppData\Roaming\GG 2015-03-24 08:32 - 2013-04-03 14:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-03-24 08:16 - 2014-12-14 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-21 17:31 - 2012-05-08 11:18 - 00000000 ____D () C:\Users\Pistan\AppData\Roaming\AIMP3 2015-03-21 17:29 - 2012-01-09 15:25 - 00000000 ____D () C:\ProgramData\Norton 2015-03-21 13:37 - 2013-02-15 09:52 - 00002383 _____ () C:\Users\Pistan\Desktop\Google Chrome.lnk 2015-03-19 20:58 - 2012-11-15 15:32 - 00000000 ____D () C:\Users\Pistan\Documents\Euro Truck Simulator 2 2015-03-19 13:14 - 2009-07-20 10:03 - 16910080 _____ () C:\Windows\system32\perfh015.dat 2015-03-19 13:14 - 2009-07-20 10:03 - 05898584 _____ () C:\Windows\system32\perfc015.dat 2015-03-19 13:14 - 2009-07-14 06:13 - 00006340 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-18 23:20 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-18 23:20 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-18 19:17 - 2010-02-16 22:04 - 00000000 ____D () C:\Users\Pistan\AppData\Local\CrashDumps 2015-03-18 19:04 - 2011-07-17 11:49 - 00000000 ____D () C:\Users\Pistan\AppData\Roaming\uTorrent 2015-03-18 19:02 - 2011-05-11 16:07 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive 2015-03-18 18:53 - 2014-01-28 18:39 - 00001336 _____ () C:\Users\Pistan\Desktop\ETS 2.lnk 2015-03-18 17:24 - 2012-09-27 13:36 - 00000000 ____D () C:\Users\Pistan\AppData\Local\GG 2015-02-27 17:31 - 2012-02-10 23:18 - 00000000 ___RD () C:\Users\Pistan\Desktop\smieci z pulpitu 2015-02-23 20:33 - 2011-05-22 16:58 - 00000000 ____D () C:\Users\Pistan\AppData\Local\Last.fm ==================== Files in the root of some directories ======= 2011-08-29 11:23 - 2011-08-29 11:23 - 0225280 _____ (Propellerhead Software AB) C:\Users\Pistan\AppData\Roaming\Rewire.dll 2011-08-29 11:23 - 2011-08-29 11:23 - 0233472 _____ (Propellerhead Software AB) C:\Users\Pistan\AppData\Roaming\REX Shared Library.dll 2010-02-21 23:12 - 2011-05-14 11:12 - 0017920 _____ () C:\Users\Pistan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-12-19 17:10 - 2014-06-30 09:39 - 0007598 _____ () C:\Users\Pistan\AppData\Local\resmon.resmoncfg 2015-01-03 18:50 - 2015-01-03 18:50 - 0000000 _____ () C:\Users\Pistan\AppData\Local\{95694A39-75E7-4D0E-B43F-2FE4562295BC} 2013-04-13 12:00 - 2013-04-13 12:00 - 0000057 _____ () C:\ProgramData\Ament.ini 2010-02-10 17:15 - 2010-02-10 17:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-09-25 11:21 - 2012-05-13 10:41 - 0004274 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Pistan\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Pistan\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Pistan\AppData\Local\Temp\installstats.exe C:\Users\Pistan\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-21 08:06 ==================== End Of Log ============================