Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014 Ran by Marcin (administrator) on GRUCHOT on 07-03-2014 23:21:28 Running from C:\Users\Marcin\Downloads Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Spotify Ltd) C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (EFD Software) E:\Program Files (x86)\HD Tune\HDTune.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Spotify Ltd) C:\Users\Marcin\AppData\Roaming\Spotify\spotify.exe () C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2014-01-12] (RealNetworks, Inc.) HKLM-x32\...\Run: [avast] - D:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software) HKU\S-1-5-21-4064342124-2159464177-1407347778-1000\...\Run: [DAEMON Tools Lite] - E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) HKU\S-1-5-21-4064342124-2159464177-1407347778-1000\...\Run: [Spotify Web Helper] - C:\Users\Marcin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-03-06] (Spotify Ltd) HKU\S-1-5-21-4064342124-2159464177-1407347778-1000\...\MountPoints2: {501d0189-45de-11e1-b470-806e6f6e6963} - F:\_AUTORUN\AUTORUN.EXE HKU\S-1-5-21-4064342124-2159464177-1407347778-1000\...\MountPoints2: {874a0780-b783-11e1-9851-001a4df9b628} - G:\setup\rsrc\Autorun.exe HKU\S-1-5-21-4064342124-2159464177-1407347778-1000\...\MountPoints2: {981bccbd-5e52-11e2-aff0-001a4df9b628} - G:\setup.exe Startup: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> E:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\zrq33z1e.default-1394140941966 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=1.0.3.732 - D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - D:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-18] FF HKCU\...\Firefox\Extensions: [support@mozilla.com] - C:\Users\Marcin\AppData\Roaming\support@mozilla.com FF Extension: Firefox Extension Manager - C:\Users\Marcin\AppData\Roaming\support@mozilla.com [2012-08-18] Chrome: ======= ==================== Services (Whitelisted) ================= S2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-14] (DT Soft Ltd) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-03-07] (REALiX(tm)) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-07 23:21 - 2014-03-07 23:21 - 00010002 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-03-07 23:13 - 2014-03-07 23:13 - 00000000 ____D () C:\Users\Marcin\Downloads\Smart 2014-03-07 23:12 - 2014-01-27 21:18 - 00000000 ____D () C:\Users\Marcin\Downloads\License 2014-03-07 23:12 - 2014-01-27 19:20 - 00000000 ____D () C:\Users\Marcin\Downloads\CdiResource 2014-03-07 23:00 - 2014-03-07 23:00 - 00031648 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS 2014-03-07 09:21 - 2014-03-07 09:21 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\HD Tune Pro 2014-03-06 23:33 - 2014-03-06 23:33 - 00000000 __SHD () C:\found.006 2014-03-06 22:25 - 2014-03-06 22:27 - 00000000 ____D () C:\AdwCleaner 2014-03-06 22:24 - 2014-03-06 22:24 - 01244192 _____ () C:\Users\Marcin\Downloads\adwcleaner.exe 2014-03-06 22:22 - 2014-03-06 22:22 - 00000000 ____D () C:\Users\Marcin\Desktop\Stare dane programu Firefox 2014-03-06 21:19 - 2014-03-06 21:22 - 00770715 _____ () C:\Users\Marcin\Desktop\GMER 2.txt 2014-03-06 21:16 - 2014-03-06 21:24 - 01806370 _____ () C:\Users\Marcin\Desktop\GMER1.txt 2014-03-06 19:40 - 2014-03-07 23:21 - 00000000 ____D () C:\FRST 2014-03-06 19:39 - 2014-03-06 19:39 - 02156544 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2014-03-06 16:30 - 2014-03-06 16:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-25 16:08 - 2014-02-25 16:12 - 00000000 ____D () C:\Users\Marcin\AppData\Local\EZ CD Audio Converter 2014-02-23 22:32 - 2014-02-23 22:37 - 00000254 _____ () C:\Users\Marcin\Desktop\narkotyki.txt ==================== One Month Modified Files and Folders ======= 2014-03-07 23:21 - 2014-03-07 23:21 - 00010002 _____ () C:\Users\Marcin\Downloads\FRST.txt 2014-03-07 23:21 - 2014-03-06 19:40 - 00000000 ____D () C:\FRST 2014-03-07 23:14 - 2014-01-18 15:20 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\Spotify 2014-03-07 23:13 - 2014-03-07 23:13 - 00000000 ____D () C:\Users\Marcin\Downloads\Smart 2014-03-07 23:00 - 2014-03-07 23:00 - 00031648 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS 2014-03-07 22:52 - 2012-12-26 18:03 - 00000000 ____D () C:\Users\Marcin\Desktop\Programy 2014-03-07 22:41 - 2012-03-04 00:32 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-07 20:23 - 2012-01-23 17:24 - 01091844 _____ () C:\Windows\WindowsUpdate.log 2014-03-07 20:18 - 2012-03-04 00:32 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-07 20:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-07 20:17 - 2009-07-14 05:51 - 00144704 _____ () C:\Windows\setupact.log 2014-03-07 09:21 - 2014-03-07 09:21 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\HD Tune Pro 2014-03-07 08:30 - 2014-01-18 15:21 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Spotify 2014-03-06 23:33 - 2014-03-06 23:33 - 00000000 __SHD () C:\found.006 2014-03-06 22:27 - 2014-03-06 22:25 - 00000000 ____D () C:\AdwCleaner 2014-03-06 22:24 - 2014-03-06 22:24 - 01244192 _____ () C:\Users\Marcin\Downloads\adwcleaner.exe 2014-03-06 22:22 - 2014-03-06 22:22 - 00000000 ____D () C:\Users\Marcin\Desktop\Stare dane programu Firefox 2014-03-06 21:32 - 2013-11-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-06 21:24 - 2014-03-06 21:16 - 01806370 _____ () C:\Users\Marcin\Desktop\GMER1.txt 2014-03-06 21:22 - 2014-03-06 21:19 - 00770715 _____ () C:\Users\Marcin\Desktop\GMER 2.txt 2014-03-06 19:39 - 2014-03-06 19:39 - 02156544 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2014-03-06 17:37 - 2009-07-14 05:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-06 17:37 - 2009-07-14 05:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-06 17:24 - 2012-12-26 16:07 - 00000585 _____ () C:\Users\Marcin\Desktop\komputer.txt 2014-03-06 16:38 - 2012-02-17 00:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Adobe 2014-03-06 16:37 - 2013-01-14 18:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-06 16:37 - 2013-01-14 18:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-06 16:30 - 2014-03-06 16:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-06 08:29 - 2013-01-14 19:17 - 00011153 _____ () C:\Users\Marcin\Desktop\kultura.txt 2014-03-05 20:25 - 2012-01-29 11:20 - 00000000 ____D () C:\Users\Marcin\AppData\Local\Microsoft Games 2014-03-04 22:57 - 2013-01-02 15:26 - 00019367 _____ () C:\Users\Marcin\Desktop\WZĂ“R_SKIEROWANIA KOPIA1.odt 2014-03-03 23:40 - 2013-04-03 17:19 - 00000057 _____ () C:\Users\Marcin\Desktop\LUXMED.txt 2014-03-01 01:25 - 2013-01-14 19:14 - 00003276 _____ () C:\Users\Marcin\Desktop\Słownik.txt 2014-02-27 17:58 - 2012-07-01 08:49 - 00007888 _____ () C:\Users\Marcin\Desktop\przysłowia.txt 2014-02-25 20:54 - 2012-02-05 09:54 - 00021800 _____ () C:\Windows\PFRO.log 2014-02-25 17:07 - 2009-07-14 18:55 - 04663884 _____ () C:\Windows\system32\perfh015.dat 2014-02-25 17:07 - 2009-07-14 18:55 - 01476554 _____ () C:\Windows\system32\perfc015.dat 2014-02-25 17:07 - 2009-07-14 06:13 - 00004568 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-25 16:12 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Marcin\AppData\Local\EZ CD Audio Converter 2014-02-24 20:11 - 2014-01-12 10:47 - 00000000 ____D () C:\Users\Marcin\AppData\Roaming\Real 2014-02-23 22:37 - 2014-02-23 22:32 - 00000254 _____ () C:\Users\Marcin\Desktop\narkotyki.txt 2014-02-15 13:36 - 2012-03-04 00:32 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-15 13:36 - 2012-03-04 00:32 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-15 12:57 - 2014-01-23 17:17 - 00000000 ____D () C:\Users\Marcin\Desktop\BANGERlista 2014-02-07 16:56 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 12:01 ==================== End Of Log ============================