Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01 Ran by SYSTEM on MINWINPC on 03-01-2014 08:19:36 Running from F:\ Windows Vista (TM) Home Basic (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4472832 2007-05-28] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKU\acer\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-18] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\RunOnce: [AcerScrSav] - HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\RunOnce: [AcerScrSav] - BootExecute: autocheck autochk * sdnclean.exe ========================== Services (Whitelisted) ================= S2 DcomLaunch; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S3 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-01-14] () S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2010-12-11] () S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-04-02] () S2 RpcSs; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.) S2 TrkWks; C:\Windows\System32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) ==================== Drivers (Whitelisted) ==================== S3 DCamUSBIntel; C:\Windows\System32\Drivers\TP6800.sys [197556 2006-05-18] (Microsoft Corporation) S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [18992 2008-04-18] (Microsoft Corporation) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-01-14] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64384 2012-01-14] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-01-14] (Huawei Technologies Co., Ltd.) S2 int15; C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] () S3 Mac606; C:\Windows\System32\DRIVERS\Mac606.sys [26672 2008-04-18] () S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) S1 MpKslf7e4cb42; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC654262-6ED2-4958-BC27-8C422E1FE78D}\MpKslf7e4cb42.sys [40392 2014-01-02] (Microsoft Corporation) S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.) S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2012-01-14] (Huawei Technologies Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-02 13:12 - 2014-01-02 13:12 - 00000440 _____ C:\Users\acer\Desktop\FIX.REG 2014-01-02 13:11 - 2014-01-02 13:11 - 00000079 _____ C:\Windows\wininit.ini 2014-01-02 13:10 - 2014-01-02 13:10 - 00000000 ___SD C:\32788R22FWJFW 2014-01-02 13:07 - 2014-01-02 13:07 - 00000000 ____D C:\Users\acer\Desktop\Stare dane programu Firefox 2014-01-02 11:37 - 2014-01-02 11:37 - 00987410 _____ C:\Users\acer\Downloads\SecurityCheck.exe 2014-01-02 11:36 - 2014-01-02 11:36 - 00001866 _____ C:\Users\acer\Desktop\GMER.txt 2014-01-02 11:10 - 2014-01-02 11:11 - 00377856 _____ C:\Users\acer\Downloads\z9w92eco.exe 2014-01-02 11:09 - 2014-01-02 11:09 - 00029110 _____ C:\Users\acer\Desktop\FRST.txt 2014-01-02 11:08 - 2014-01-02 11:08 - 00022796 _____ C:\Users\acer\Desktop\Addition.txt 2014-01-02 10:42 - 2014-01-02 11:08 - 00022796 _____ C:\Users\acer\Downloads\Addition.txt 2014-01-02 10:39 - 2014-01-02 13:06 - 00000000 ____D C:\FRST 2014-01-02 10:32 - 2014-01-02 10:32 - 00055032 _____ C:\Users\acer\Desktop\Extras.Txt 2014-01-02 10:31 - 2014-01-02 10:39 - 00111188 _____ C:\Users\acer\Desktop\OTL.Txt 2014-01-02 10:29 - 2014-01-02 10:29 - 01064581 _____ (Farbar) C:\Users\acer\Downloads\FRST.exe 2014-01-02 10:19 - 2014-01-02 10:19 - 00688992 _____ (Swearware) C:\Users\acer\Downloads\dds.com 2014-01-02 10:15 - 2014-01-02 10:15 - 00602112 _____ (OldTimer Tools) C:\Users\acer\Downloads\OTL.exe 2014-01-02 10:13 - 2014-01-02 10:13 - 00016945 _____ C:\Users\acer\Desktop\combofix.txt 2014-01-02 10:09 - 2014-01-02 10:09 - 00016945 _____ C:\ComboFix.txt 2014-01-02 09:07 - 2014-01-02 09:07 - 218777981 _____ C:\Windows\MEMORY.DMP 2014-01-02 09:07 - 2014-01-02 09:07 - 00143368 _____ C:\Windows\Minidump\Mini010214-01.dmp 2014-01-02 08:41 - 2014-01-02 08:41 - 00103680 _____ (GMER) C:\kgldrpob.sys 2014-01-02 08:40 - 2014-01-02 08:40 - 00377856 _____ C:\Users\acer\Downloads\wzd6kl94.exe 2014-01-02 08:38 - 2014-01-02 08:38 - 00377856 _____ C:\Users\acer\Downloads\d6gqrc3d.exe 2014-01-02 08:04 - 2012-05-19 05:03 - 00000027 _____ C:\Windows\System32\Drivers\etc\hosts.20140102-170438.backup 2014-01-02 06:12 - 2014-01-02 06:12 - 00000000 ____D C:\Users\acer\AppData\Local\Apps\2.0 2014-01-02 01:33 - 2014-01-02 13:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2014-01-02 01:30 - 2014-01-02 01:32 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\acer\Downloads\spybot-2.2.exe 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Roaming\Windows Live Writer 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Local\Windows Live Writer 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Local\{EC09503F-E0F8-4313-B25D-B987B1998A83} 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Local\{CB2C9E2F-1A85-45B8-91C8-FA6B43FE4071} 2013-12-20 12:40 - 2013-12-20 12:41 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-13 10:07 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-12-13 10:07 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-12-13 10:07 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-12-13 10:07 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-12-13 10:07 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-12-13 10:07 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-12-13 10:07 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-12-13 10:07 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-12-13 10:07 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-12-13 10:07 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-12-13 10:07 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-12-13 10:07 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-12-13 10:07 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-12-13 10:07 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-12-13 10:07 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-12-13 10:07 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-12-12 10:34 - 2013-10-29 18:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll 2013-12-12 10:34 - 2013-10-29 17:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys 2013-12-12 10:34 - 2013-10-29 16:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys 2013-12-12 10:34 - 2013-10-29 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-12-12 10:34 - 2013-10-10 18:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll 2013-12-12 10:34 - 2013-10-10 18:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx 2013-12-12 10:34 - 2013-10-10 18:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wshcon.dll 2013-12-12 10:34 - 2013-10-10 16:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe 2013-12-12 10:34 - 2013-10-10 16:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe 2013-12-12 10:32 - 2013-10-21 23:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll ==================== One Month Modified Files and Folders ======= 2014-01-02 13:41 - 2012-05-19 06:51 - 00551298 _____ C:\Windows\PFRO.log 2014-01-02 13:14 - 2014-01-02 01:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2014-01-02 13:13 - 2008-02-20 12:48 - 00131072 _____ C:\Windows\System32\Ikeext.etl 2014-01-02 13:13 - 2008-01-27 13:53 - 00000012 _____ C:\Windows\bthservsdp.dat 2014-01-02 13:13 - 2007-11-09 13:07 - 01469526 _____ C:\Windows\WindowsUpdate.log 2014-01-02 13:13 - 2006-11-02 04:45 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-02 13:13 - 2006-11-02 04:45 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-02 13:12 - 2014-01-02 13:12 - 00000440 _____ C:\Users\acer\Desktop\FIX.REG 2014-01-02 13:11 - 2014-01-02 13:11 - 00000079 _____ C:\Windows\wininit.ini 2014-01-02 13:11 - 2012-01-15 03:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2014-01-02 13:10 - 2014-01-02 13:10 - 00000000 ___SD C:\32788R22FWJFW 2014-01-02 13:10 - 2012-05-19 04:37 - 00000000 ____D C:\Windows\ERDNT 2014-01-02 13:07 - 2014-01-02 13:07 - 00000000 ____D C:\Users\acer\Desktop\Stare dane programu Firefox 2014-01-02 13:06 - 2014-01-02 10:39 - 00000000 ____D C:\FRST 2014-01-02 11:37 - 2014-01-02 11:37 - 00987410 _____ C:\Users\acer\Downloads\SecurityCheck.exe 2014-01-02 11:36 - 2014-01-02 11:36 - 00001866 _____ C:\Users\acer\Desktop\GMER.txt 2014-01-02 11:11 - 2014-01-02 11:10 - 00377856 _____ C:\Users\acer\Downloads\z9w92eco.exe 2014-01-02 11:09 - 2014-01-02 11:09 - 00029110 _____ C:\Users\acer\Desktop\FRST.txt 2014-01-02 11:08 - 2014-01-02 11:08 - 00022796 _____ C:\Users\acer\Desktop\Addition.txt 2014-01-02 11:08 - 2014-01-02 10:42 - 00022796 _____ C:\Users\acer\Downloads\Addition.txt 2014-01-02 10:39 - 2014-01-02 10:31 - 00111188 _____ C:\Users\acer\Desktop\OTL.Txt 2014-01-02 10:32 - 2014-01-02 10:32 - 00055032 _____ C:\Users\acer\Desktop\Extras.Txt 2014-01-02 10:29 - 2014-01-02 10:29 - 01064581 _____ (Farbar) C:\Users\acer\Downloads\FRST.exe 2014-01-02 10:19 - 2014-01-02 10:19 - 00688992 _____ (Swearware) C:\Users\acer\Downloads\dds.com 2014-01-02 10:15 - 2014-01-02 10:15 - 00602112 _____ (OldTimer Tools) C:\Users\acer\Downloads\OTL.exe 2014-01-02 10:13 - 2014-01-02 10:13 - 00016945 _____ C:\Users\acer\Desktop\combofix.txt 2014-01-02 10:09 - 2014-01-02 10:09 - 00016945 _____ C:\ComboFix.txt 2014-01-02 10:06 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini 2014-01-02 09:07 - 2014-01-02 09:07 - 218777981 _____ C:\Windows\MEMORY.DMP 2014-01-02 09:07 - 2014-01-02 09:07 - 00143368 _____ C:\Windows\Minidump\Mini010214-01.dmp 2014-01-02 09:07 - 2010-06-11 12:33 - 00000000 ____D C:\Windows\Minidump 2014-01-02 08:41 - 2014-01-02 08:41 - 00103680 _____ (GMER) C:\kgldrpob.sys 2014-01-02 08:40 - 2014-01-02 08:40 - 00377856 _____ C:\Users\acer\Downloads\wzd6kl94.exe 2014-01-02 08:38 - 2014-01-02 08:38 - 00377856 _____ C:\Users\acer\Downloads\d6gqrc3d.exe 2014-01-02 06:12 - 2014-01-02 06:12 - 00000000 ____D C:\Users\acer\AppData\Local\Apps\2.0 2014-01-02 06:11 - 2013-11-24 09:44 - 00000000 ____D C:\Users\acer\Desktop\egzamin gimnazjalny odpowiedzi2013 2014-01-02 01:32 - 2014-01-02 01:30 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\acer\Downloads\spybot-2.2.exe 2013-12-30 13:00 - 2008-01-18 15:20 - 00000069 _____ C:\Windows\NeroDigital.ini 2013-12-30 12:32 - 2007-12-28 11:19 - 00000000 ____D C:\Users\acer\AppData\Roaming\Skype 2013-12-30 10:46 - 2013-11-12 12:01 - 00002339 _____ C:\Users\Public\Desktop\Skype.lnk 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Roaming\Windows Live Writer 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Local\Windows Live Writer 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Local\{EC09503F-E0F8-4313-B25D-B987B1998A83} 2013-12-28 13:58 - 2013-12-28 13:58 - 00000000 ____D C:\Users\acer\AppData\Local\{CB2C9E2F-1A85-45B8-91C8-FA6B43FE4071} 2013-12-28 13:58 - 2013-11-12 21:39 - 00000000 ____D C:\Users\acer\AppData\Local\Windows Live 2013-12-22 00:58 - 2012-05-14 12:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-20 12:41 - 2013-12-20 12:40 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-18 12:10 - 2007-07-16 10:20 - 00672140 _____ C:\Windows\System32\perfh015.dat 2013-12-18 12:10 - 2007-07-16 10:20 - 00130516 _____ C:\Windows\System32\perfc015.dat 2013-12-18 12:10 - 2006-11-02 02:33 - 01495264 _____ C:\Windows\System32\PerfStringBackup.INI 2013-12-15 13:40 - 2007-12-28 11:09 - 00000000 ____D C:\ProgramData\Skype 2013-12-15 13:39 - 2007-12-28 11:09 - 00000000 ___RD C:\Program Files\Skype 2013-12-13 10:48 - 2006-11-02 04:44 - 00384032 _____ C:\Windows\System32\FNTCACHE.DAT 2013-12-13 10:43 - 2007-07-16 00:48 - 00000000 ____D C:\Windows\System32\RTCOM 2013-12-13 10:15 - 2013-07-13 00:30 - 00000000 ____D C:\Windows\System32\MRT 2013-12-13 10:08 - 2006-11-02 02:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-12-10 10:36 - 2012-06-08 05:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-12-10 10:36 - 2012-06-08 05:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-12-05 11:20 - 2011-11-05 14:02 - 00002047 _____ C:\Users\acer\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\ProgramData\ezsid.dat ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-01-02 01:29:45 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 1525.81 MB Available physical RAM: 1256.75 MB Total Pagefile: 1476.25 MB Available Pagefile: 1331.9 MB Total Virtual: 2047.88 MB Available Virtual: 1971.48 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:51.01 GB) (Free:10.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:51.01 GB) (Free:50.52 GB) NTFS Drive f: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:4.44 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 112 GB) (Disk ID: 88067F61) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-01-02 09:18 ==================== End Of Log ============================