Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by SYSTEM on MINWINPC on 13-10-2013 13:34:20 Running from G:\ Windows Vista (TM) Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA) HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media) HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba) HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SearchSettings] - C:\Program Files\pdfforge Toolbar\SearchSettings.exe [992256 2009-01-30] (GreenTree Applications, Inc.) HKLM\...\Run: [CardDetectorHUAWEI1752_1552] - C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624 2009-10-14] (France Telecom SA) HKLM\...\Run: [BEWINTERNET-PL-IEWSessionManager] - "C:\Users\lukasz\Desktop\SessionManager\SessionManager.exe" HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2011-06-02] (SweetIM Technologies Ltd.) HKLM\...\Run: [ORAHSSSessionManager] - C:\Program Files\Livebox\SessionManager\SessionManager.exe [107248 2008-06-10] (France Telecom SA) HKLM\...\Run: [BEWINTERNET-PLSessionManager] - C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe [140016 2009-10-14] (France Telecom SA) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Winlogon: [Userinit] HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] () HKU\lukasz\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation) HKU\lukasz\...\Policies\system: [HideLegacyLogonScripts] 0 HKU\lukasz\...\Policies\system: [HideLogoffScripts] 0 HKU\lukasz\...\Policies\system: [HideStartupScripts] 0 HKU\lukasz\...\Policies\system: [RunLogonScriptSync] 1 HKU\lukasz\...\Policies\system: [RunStartupScriptSync] 0 HKU\lukasz\...\Policies\system: [LogonHoursAction] 2 HKU\lukasz\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Marta\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] () HKU\Marta\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Marta\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2007-12-13] (Nero AG) HKU\Marta\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation) HKU\Marta\...\Policies\system: [LogonHoursAction] 2 HKU\Marta\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\lukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk /p \??\G:autocheck autochk * ========================== Services (Whitelisted) ================= S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.) S2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2845664 2013-09-23] () S2 FTRTSVC; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [65536 2008-06-20] (France Telecom SA) S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) S1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () S0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-19] (Microsoft Corporation) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-08-04] (Huawei Technologies Co., Ltd.) S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [252416 2007-06-01] (Realtek Semiconductor Corporation ) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [682232 2008-04-04] (Duplex Secure Ltd.) S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-13 13:33 - 2013-10-13 13:33 - 00000000 ____D C:\FRST 2013-10-12 13:17 - 2013-10-12 13:17 - 00000000 __SHD C:\found.001 2013-10-11 20:59 - 2013-10-11 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-10-11 20:59 - 2013-10-11 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-10-08 18:46 - 2013-10-11 16:55 - 00000000 ____D C:\Users\Marta\AppData\Local\Google 2013-10-08 18:46 - 2013-10-08 18:46 - 00000000 ____D C:\Users\Marta\AppData\Roaming\Google 2013-10-06 16:30 - 2013-10-06 16:33 - 00000000 ____D C:\Users\lukasz\AppData\Roaming\Google 2013-10-06 13:25 - 2013-10-06 13:25 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-06 12:48 - 2013-10-06 12:48 - 00001834 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-10-06 12:48 - 2013-08-30 08:48 - 00770344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00369584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00177864 _____ C:\Windows\System32\Drivers\aswVmm.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00066336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00049760 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00049376 _____ C:\Windows\System32\Drivers\aswRvrt.sys 2013-10-06 12:48 - 2013-08-30 08:48 - 00029816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-10-06 12:47 - 2013-08-30 08:47 - 00229648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-10-06 12:35 - 2013-08-30 08:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-10-06 12:28 - 2013-10-06 12:28 - 00000000 ____D C:\Program Files\AVAST Software 2013-10-06 12:23 - 2013-10-06 12:28 - 00000000 ____D C:\ProgramData\AVAST Software 2013-10-06 11:59 - 2013-10-06 11:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-06 11:55 - 2013-10-06 11:55 - 131918888 _____ C:\Users\lukasz\Downloads\avast_free_antivirus_setup.exe 2013-10-06 11:47 - 2013-10-06 11:47 - 00000000 ____D C:\Program Files\searchgol 2013-10-06 11:46 - 2013-10-06 11:46 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-06 11:45 - 2013-10-06 11:46 - 00000000 ____D C:\Users\lukasz\AppData\Roaming\BabSolution 2013-10-06 11:44 - 2013-10-06 11:44 - 00000000 ____D C:\ProgramData\Babylon ==================== One Month Modified Files and Folders ======= 2013-10-13 13:33 - 2013-10-13 13:33 - 00000000 ____D C:\FRST 2013-10-13 00:17 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\pl-PL 2013-10-12 13:26 - 2009-06-01 17:57 - 00006396 _____ C:\Windows\PFRO.log 2013-10-12 13:17 - 2013-10-12 13:17 - 00000000 __SHD C:\found.001 2013-10-12 12:49 - 2007-12-18 13:40 - 01494159 _____ C:\Windows\WindowsUpdate.log 2013-10-12 12:37 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-12 12:37 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-11 20:59 - 2013-10-11 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-10-11 20:59 - 2013-10-11 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-10-11 20:47 - 2008-04-14 14:47 - 00000000 ____D C:\Users\lukasz\AppData\Local\Google 2013-10-11 19:59 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-10-11 16:55 - 2013-10-08 18:46 - 00000000 ____D C:\Users\Marta\AppData\Local\Google 2013-10-11 16:44 - 2009-05-26 21:30 - 00010340 _____ C:\Windows\setupact.log 2013-10-08 18:46 - 2013-10-08 18:46 - 00000000 ____D C:\Users\Marta\AppData\Roaming\Google 2013-10-06 16:33 - 2013-10-06 16:30 - 00000000 ____D C:\Users\lukasz\AppData\Roaming\Google 2013-10-06 15:01 - 2008-04-10 16:52 - 00000000 ____D C:\Program Files\Google 2013-10-06 14:56 - 2008-04-10 16:52 - 00000000 ____D C:\ProgramData\Google 2013-10-06 13:25 - 2013-10-06 13:25 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-06 12:48 - 2013-10-06 12:48 - 00001834 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-10-06 12:48 - 2006-11-02 11:23 - 00002577 _____ C:\Windows\System32\config.nt 2013-10-06 12:35 - 2007-12-18 13:49 - 00000000 ____D C:\users\lukasz 2013-10-06 12:28 - 2013-10-06 12:28 - 00000000 ____D C:\Program Files\AVAST Software 2013-10-06 12:28 - 2013-10-06 12:23 - 00000000 ____D C:\ProgramData\AVAST Software 2013-10-06 11:59 - 2013-10-06 11:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-06 11:55 - 2013-10-06 11:55 - 131918888 _____ C:\Users\lukasz\Downloads\avast_free_antivirus_setup.exe 2013-10-06 11:47 - 2013-10-06 11:47 - 00000000 ____D C:\Program Files\searchgol 2013-10-06 11:46 - 2013-10-06 11:46 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-06 11:46 - 2013-10-06 11:45 - 00000000 ____D C:\Users\lukasz\AppData\Roaming\BabSolution 2013-10-06 11:44 - 2013-10-06 11:44 - 00000000 ____D C:\ProgramData\Babylon 2013-10-06 08:31 - 2007-12-29 18:53 - 00000000 ____D C:\Users\lukasz\AppData\Local\Adobe 2013-10-04 16:51 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc 2013-10-04 16:51 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration 2013-10-04 16:51 - 2006-11-02 11:22 - 49283072 _____ C:\Windows\System32\config\software_previous 2013-10-04 16:51 - 2006-11-02 11:22 - 25952256 _____ C:\Windows\System32\config\system_previous 2013-10-04 16:48 - 2006-11-02 11:22 - 35389440 _____ C:\Windows\System32\config\components_previous 2013-10-04 16:48 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\sam_previous 2013-10-04 15:53 - 2010-10-10 10:45 - 00000000 ____D C:\users\Marta 2013-10-03 11:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool 2013-10-03 10:59 - 2006-11-02 11:22 - 01572864 _____ C:\Windows\System32\config\default_previous 2013-10-03 10:59 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\security_previous Files to move or delete: ==================== C:\Users\lukasz\fdminst.exe Some content of TEMP: ==================== C:\Users\Marta\AppData\Local\Temp\DataCard_Setup.exe C:\Users\Marta\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Marta\AppData\Local\Temp\ResetDevice.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 1 Restore point made on: 2013-10-11 19:58:32 ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 1014.63 MB Available physical RAM: 619.03 MB Total Pagefile: 819.53 MB Available Pagefile: 690.98 MB Total Virtual: 2047.88 MB Available Virtual: 1970.72 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:55.89 GB) (Free:3.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:54.43 GB) (Free:2.92 GB) NTFS Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS Drive g: (PENDRIVE) (Removable) (Total:7.42 GB) (Free:7.42 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: C0655D6C) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=56 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=54 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2013-10-11 19:47 ==================== End Of Log ============================