Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013 Ran by Andrzej Piekarski (administrator) on EDGE on 02-09-2013 15:06:01 Running from F:\ Windows 7 Professional (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-07-02] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated) HKLM\...\Run: [lxdrmon.exe] - C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe [676520 2008-09-10] () HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 4900 Series\ezprint.exe [131752 2008-09-10] (Lexmark International Inc.) HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\eqocjhraoscgvqxhrsk.bat [x ] () <=== ATTENTION Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKCU\...\Run: [SJelite3Launch] - C:\Users\Andrzej Piekarski\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe [180224 2010-06-28] () HKCU\...\Run: [] - [x] HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-02-01] (Nokia) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.) MountPoints2: {568a2cc3-8e63-11e1-a841-806e6f6e6963} - Q:\LenovoQDrive.exe MountPoints2: {985fe59b-d714-11e1-99f9-60eb6945a0e6} - F:\NokiaPCIA_Autorun.exe HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129320 2010-07-20] (Lenovo Group Limited) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKU\Default\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [900944 2010-06-12] (Microsoft Corporation) HKU\Default\...\RunOnce: [] - [x] HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] () HKU\Default User\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [900944 2010-06-12] (Microsoft Corporation) HKU\Default User\...\RunOnce: [] - [x] HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] () Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Andrzej Piekarski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eqocjhraoscgvqxhrsk.lnk ShortcutTarget: eqocjhraoscgvqxhrsk.lnk -> C:\Users\ANDRZE~1\AppData\Local\Temp\ksrhxqvgcsoarhjcoqe.bfg (The GTK developer community) Startup: C:\Users\Andrzej Piekarski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series (sieć).lnk ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series (sieć).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=81bb102e-5c7c-468d-9fa0-81e85efee520&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=81bb102e-5c7c-468d-9fa0-81e85efee520&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={DF79FE23-93C2-44FD-B452-DABE752AA2D0} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {8159B641-48E1-4714-B3C9-EC441FA2FD8E} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox; SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=81bb102e-5c7c-468d-9fa0-81e85efee520&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=81bb102e-5c7c-468d-9fa0-81e85efee520&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={DF79FE23-93C2-44FD-B452-DABE752AA2D0} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=81bb102e-5c7c-468d-9fa0-81e85efee520&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=81bb102e-5c7c-468d-9fa0-81e85efee520&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKCU - {89B55515-8372-49A5-AD72-90839A874530} URL = SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={DF79FE23-93C2-44FD-B452-DABE752AA2D0} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (SweetIM for Facebook) - C:\Users\ANDRZE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 CHR Extension: (SweetPacks Chrome Extension) - C:\Users\ANDRZE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0 CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Andrzej Piekarski\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Andrzej Piekarski\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1447728 2013-05-21] () S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S2 lxdrCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdrserv.exe [33960 2008-05-16] (Lexmark International, Inc.) S2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1040552 2008-05-16] ( ) S2 MSSQL$INSERTGT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor) S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-07-20] () S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x] S2 regi; \??\C:\Windows\system32\drivers\regi.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 22:14 - 2013-08-31 22:14 - 00000165 _____ C:\ProgramData\eqocjhraoscgvqxhrsk.reg 2013-08-31 22:14 - 2013-08-31 22:14 - 00000070 _____ C:\ProgramData\eqocjhraoscgvqxhrsk.bat ==================== One Month Modified Files and Folders ======= 2013-09-02 15:05 - 2013-09-02 15:05 - 00000000 ____D C:\FRST 2013-09-01 19:00 - 2010-09-18 20:11 - 00747952 _____ C:\Windows\system32\perfh015.dat 2013-09-01 19:00 - 2010-09-18 20:11 - 00153784 _____ C:\Windows\system32\perfc015.dat 2013-09-01 19:00 - 2009-07-14 07:13 - 01689790 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-01 18:51 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-01 18:51 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-01 18:50 - 2012-06-03 22:47 - 00000000 ____D C:\Users\Andrzej Piekarski\AppData\Roaming\Skype 2013-09-01 18:50 - 2009-07-14 06:51 - 00072350 _____ C:\Windows\setupact.log 2013-09-01 18:49 - 2012-07-04 12:11 - 00004152 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-01 18:49 - 2012-04-27 10:01 - 00040282 _____ C:\Windows\AutoKMS.log 2013-09-01 18:49 - 2012-04-27 09:54 - 00000224 _____ C:\Windows\Tasks\AutoKMS.job 2013-09-01 18:48 - 2012-06-24 19:02 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-01 18:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-01 18:46 - 2012-06-24 19:02 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-01 18:46 - 2010-09-18 10:26 - 01867519 _____ C:\Windows\WindowsUpdate.log 2013-09-01 18:45 - 2012-04-27 09:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-01 18:44 - 2012-05-18 08:34 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-01 18:44 - 2012-05-06 21:04 - 00000280 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2013-09-01 18:44 - 2010-09-18 11:16 - 00000332 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2013-08-31 22:14 - 2013-08-31 22:14 - 00000165 _____ C:\ProgramData\eqocjhraoscgvqxhrsk.reg 2013-08-31 22:14 - 2013-08-31 22:14 - 00000070 _____ C:\ProgramData\eqocjhraoscgvqxhrsk.bat 2013-08-31 22:14 - 2012-04-25 01:23 - 00000000 ___RD C:\Users\Andrzej Piekarski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-26 21:18 - 2013-03-06 17:58 - 00000000 ____D C:\Program Files\Google 2013-08-26 21:18 - 2012-06-24 19:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-26 21:18 - 2010-09-18 10:41 - 00093622 _____ C:\Windows\PFRO.log 2013-08-22 10:05 - 2012-06-24 19:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-21 10:18 - 2012-05-18 08:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 10:18 - 2012-05-18 08:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 10:18 - 2012-05-18 08:34 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 11:13 - 2012-06-20 11:33 - 00002270 _____ C:\Users\Andrzej 2013-08-20 11:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-19 21:02 - 2012-06-03 22:38 - 00000000 ____D C:\ProgramData\SweetIM 2013-08-19 21:02 - 2012-06-03 22:38 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-08-19 21:01 - 2012-04-25 10:18 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-19 21:00 - 2012-06-24 19:01 - 00000000 ____D C:\Users\ANDRZE~1\AppData\Local\Google 2013-08-19 09:53 - 2013-07-29 21:40 - 00000000 ____D C:\Windows\system32\MRT 2013-08-19 09:53 - 2012-04-25 10:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-04 10:21 - 2010-09-18 11:17 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job Files to move or delete: ==================== C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe C:\ProgramData\eqocjhraoscgvqxhrsk.bat C:\ProgramData\eqocjhraoscgvqxhrsk.reg C:\Users\ANDRZE~1\AppData\Local\Temp\ksrhxqvgcsoarhjcoqe.bfg C:\Users\ANDRZE~1\AppData\Local\Temp\NEventMessages.dll C:\Users\ANDRZE~1\AppData\Local\Temp\NOSEventMessages.dll C:\Users\ANDRZE~1\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-27 09:57 ==================== End Of Log ============================