Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by User (administrator) on USER-KOMPUTER on 24-07-2015 22:21:05 Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2352022922-730696403-1538347384-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2013-08-15] (SEIKO EPSON CORPORATION) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-2352022922-730696403-1538347384-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-12] (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{989ACABD-9866-4B4F-9628-4343C2B1C8AD}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{D86E2218-E9A4-4F22-9D66-50E3532BFCEB}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tglpvqc5.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: Dodatki dla Firefox FF Homepage: https://search.protectedio.com/?u=52f49536d77819ba40c5ce683ec9446d&c=p1&src=hp&inst=1437744069 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-2352022922-730696403-1538347384-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tglpvqc5.default\searchplugins\dodatki-dla-firefox.xml [2015-07-16] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\psearch.xml [2015-07-24] FF Extension: deskCut - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tglpvqc5.default\Extensions\deskCutv2@gmail.com [2015-07-16] FF Extension: BPH Sign Plugin - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tglpvqc5.default\Extensions\SignPlugin@bph.pl [2013-08-23] FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\52f49536d77819ba40c5ce683ec9446d [2015-07-16] FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tglpvqc5.default\extensions\deskCutv2@gmail.com StartMenuInternet: FIREFOX.EXE - <$PROGRAMFILES>\Mozilla Firefox\firefox.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation) S3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-24 22:21 - 2015-07-24 22:21 - 00010563 _____ C:\Users\User\Desktop\FRST.txt 2015-07-24 22:20 - 2015-07-24 22:21 - 00000000 ____D C:\FRST 2015-07-24 22:19 - 2015-07-24 22:19 - 00007507 _____ C:\Users\User\Desktop\AdwCleaner[S0].txt 2015-07-24 22:13 - 2015-07-24 22:15 - 00000000 ____D C:\AdwCleaner 2015-07-24 22:12 - 2015-07-24 22:04 - 02135552 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2015-07-24 22:12 - 2015-07-24 22:01 - 02248704 _____ C:\Users\User\Desktop\AdwCleaner.exe 2015-07-22 12:02 - 2015-07-22 12:02 - 00001272 _____ C:\Windows\wininit.ini 2015-07-22 10:21 - 2015-07-22 10:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2015-07-22 10:20 - 2015-07-22 12:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-07-22 10:20 - 2015-07-22 10:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-07-22 10:20 - 2015-07-22 10:20 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-07-22 10:20 - 2015-07-22 10:20 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-07-22 10:20 - 2015-07-22 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-07-22 10:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-07-22 10:18 - 2015-07-22 10:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\User\Downloads\spybot-2.4.exe 2015-07-22 09:47 - 2015-07-22 09:47 - 00000000 _____ C:\autoexec.bat 2015-07-22 09:12 - 2015-07-22 09:12 - 00000017 _____ C:\Users\User\AppData\Local\resmon.resmoncfg 2015-07-20 21:31 - 2015-07-20 21:31 - 00003622 _____ C:\Windows\System32\Tasks\Program Update Service 2015-07-20 21:31 - 2015-07-20 21:31 - 00000000 ____D C:\Program Files (x86)\Program Update 2015-07-16 15:19 - 2015-07-24 21:07 - 00003284 _____ C:\Windows\System32\Tasks\Techsmart Computer Service 2015-07-16 15:16 - 2015-07-16 15:16 - 00003158 _____ C:\Windows\System32\Tasks\{1B1F4945-330B-444C-A83C-5DFADA6BBD76} 2015-07-16 15:14 - 2015-07-16 15:19 - 00003276 _____ C:\Windows\System32\Tasks\System Updater 2015-07-16 15:14 - 2015-07-16 15:15 - 00000000 ____D C:\Program Files (x86)\Techsmart Computer 2015-07-16 15:14 - 2015-07-16 15:14 - 00803840 _____ C:\Users\User\AppData\Roaming\39B.tmp.exe 2015-07-16 15:14 - 2015-07-16 15:14 - 00000000 _____ C:\Users\User\AppData\Roaming\39B.tmp 2015-07-16 15:09 - 2015-07-16 15:09 - 01741136 _____ (BitTorrent Inc.) C:\Users\User\Downloads\uTorrent.exe 2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\ProgramData\Oracle 2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-07-12 14:55 - 2013-08-20 11:39 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2015-07-12 14:55 - 2013-08-20 11:39 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2015-07-12 14:53 - 2015-07-12 14:53 - 00003156 _____ C:\Windows\System32\Tasks\{7AC6477F-4BDD-40FC-A036-8772EF6D9998} 2015-07-06 09:06 - 2015-07-16 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-03 10:51 - 2015-07-05 11:06 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\flashplayer18_ga_install.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-24 22:19 - 2013-08-01 14:25 - 02011298 _____ C:\Windows\WindowsUpdate.log 2015-07-24 22:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-24 22:16 - 2009-07-14 06:51 - 00183461 _____ C:\Windows\setupact.log 2015-07-24 21:04 - 2011-04-12 15:21 - 00697674 _____ C:\Windows\system32\perfh015.dat 2015-07-24 21:04 - 2011-04-12 15:21 - 00134784 _____ C:\Windows\system32\perfc015.dat 2015-07-24 21:04 - 2009-07-14 07:13 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-24 21:04 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-24 21:04 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-24 20:58 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-07-24 15:15 - 2014-08-15 12:32 - 00001098 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-23 21:15 - 2014-12-27 18:05 - 00000000 ____D C:\Users\User\Desktop\pisma 2015-07-22 16:20 - 2010-11-21 05:47 - 00031848 _____ C:\Windows\PFRO.log 2015-07-22 09:21 - 2013-08-02 00:04 - 00000000 ____D C:\Foto 2015-07-22 09:01 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-16 15:17 - 2013-10-19 11:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-16 10:22 - 2013-08-15 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2015-07-13 10:13 - 2013-08-20 12:05 - 00000000 ____D C:\Users\User\Desktop\ogród 2015-07-13 07:50 - 2014-10-06 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-07-13 07:50 - 2014-10-06 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-07-12 15:08 - 2014-07-14 14:20 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-07-12 15:01 - 2013-08-01 21:58 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-07-12 15:01 - 2013-08-01 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-07-12 14:59 - 2013-10-19 11:17 - 00000000 ____D C:\ProgramData\Adobe 2015-07-12 14:55 - 2013-08-20 11:39 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-07-12 14:55 - 2013-08-20 11:39 - 00000000 ____D C:\Program Files (x86)\Java 2015-07-12 14:53 - 2014-10-06 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-07-07 05:37 - 2014-08-15 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-01 07:08 - 2013-08-01 21:58 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2015-07-01 07:08 - 2013-08-01 21:58 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk ==================== Files in the root of some directories ======= 2015-07-16 15:14 - 2015-07-16 15:14 - 0000000 _____ () C:\Users\User\AppData\Roaming\39B.tmp 2015-07-16 15:14 - 2015-07-16 15:14 - 0803840 _____ () C:\Users\User\AppData\Roaming\39B.tmp.exe 2015-07-22 09:12 - 2015-07-22 09:12 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll C:\Users\User\AppData\Local\Temp\_is449E.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-23 17:17 ==================== End of log ============================