Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Viola (administrator) on VIOLA_LENOVO on 31-03-2014 11:34:58 Running from K:\fixitpc\inne\Farbar Recovery Scan Tool (FRST)\32 Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe (Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE (Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe () C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\OnlineUpdate\ouc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ( ) c:\program files\lenovo\system update\suservice.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo.) C:\WINDOWS\System32\TPHDEXLG.exe () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe () C:\Program Files\FindRight\updateFindRight.exe () C:\Program Files\FindRight\bin\utilFindRight.exe (Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo.) C:\WINDOWS\system32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Gadu-Gadu S.A.) C:\Program Files\Gadu-Gadu\gg.exe () C:\Program Files\Mobile Partner\Mobile Partner.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [58416 2007-04-09] (Lenovo Group Limited) HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [66176 2007-03-09] (Lenovo Group Limited) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [172032 2007-03-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [] - [X] HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [181808 2007-03-29] (Lenovo.) HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software) HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-02-08] (Lenovo Group Limited) HKLM\...\Run: [AwaySch] - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll () HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\Run: [Gadu-Gadu] - C:\Program Files\Gadu-Gadu\gg.exe [2127296 2008-03-20] (Gadu-Gadu S.A.) HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\Run: [Mobile Partner] - C:\Program Files\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] () HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {83b433ca-c6e7-11e2-856e-001e3723db44} - G:\Launcher.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {b49486a6-8bf7-11e3-8614-001e4cda9302} - G:\AutoRun.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {b49486a8-8bf7-11e3-8614-001e4cda9302} - G:\AutoRun.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {b49486ab-8bf7-11e3-8614-001e4cda9302} - G:\AutoRun.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {ccd99446-b76e-11e3-865c-001e4cda9302} - G:\AutoRun.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {ccd99449-b76e-11e3-865c-001e4cda9302} - G:\AutoRun.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {ccd9944b-b76e-11e3-865c-001e4cda9302} - G:\AutoRun.exe HKU\S-1-5-21-841416981-3060091748-961958888-1005\...\MountPoints2: {ccd9944d-b76e-11e3-865c-001e4cda9302} - G:\AutoRun.exe Lsa: [Notification Packages] scecli ACGina Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\Viola\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX&q={searchTerms} SearchScopes: HKCU - {B5C76DF6-453A-4CEC-A5C5-B4BED075ABF6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files\FindRight\FindRightBHO.dll (FindRight) BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) BHO: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353399011093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Tcpip\..\Interfaces\{9A1B7BC7-82E8-49C5-9DBE-8F43C36CF3A3}: [NameServer]208.67.222.222,208.67.220.220 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default FF NewTab: about:blank FF DefaultSearchEngine: sweet-page FF SelectedSearchEngine: sweet-page FF Homepage: https://www.facebook.com/|https://soundcloud.com/izinsiz|hxxp://nk.pl/|hxxp://www.youtube.com/?gl=PL FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\v9.xml FF Extension: Quick Start - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\quick_start@gmail.com [2014-02-23] FF Extension: Site Finder - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\sitefinder@sitefinder.com [2014-03-22] FF Extension: Youtube MP3 Podcaster - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-03-20] FF Extension: YouTube to MP3 - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\info@sharkcube.com.xpi [2013-07-17] FF Extension: YouTube to MP3 - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\info@video2mp3.at.xpi [2013-07-17] FF Extension: Iplex to ALLPlayer - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2012-11-21] FF Extension: YouTube MP3 Download - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-17] FF Extension: ALLYouTubeDownloader - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-11-21] FF Extension: FindRight - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-23] FF Extension: Adblock Plus - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-19] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-19] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\extensions\quick_start@gmail.com FF Extension: Quick Start - C:\Documents and Settings\Viola\Dane aplikacji\Mozilla\Firefox\Profiles\z2uoq419.default\extensions\quick_start@gmail.com [2014-02-23] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.sweet-page.com/?type=sc&ts=1393174133&from=cor&uid=FUJITSUXMHY2120BH_K434T8327W0CT8327W0CX ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software) R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [622700 2006-05-23] (Diskeeper Corporation) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] () R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-04-16] (Intel Corporation ) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) R2 SUService; c:\program files\lenovo\system update\suservice.exe [11776 2006-12-15] ( ) R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-02-08] () S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-02-08] (Lenovo Group Limited) S4 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2007-02-08] () R2 Update FindRight; C:\Program Files\FindRight\updateFindRight.exe [348448 2014-03-27] () R2 Util FindRight; C:\Program Files\FindRight\bin\utilFindRight.exe [348448 2014-03-27] () S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [856064 2005-10-06] (Microsoft Corporation) R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [493568 2014-02-23] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [25256 2012-10-31] (AVAST Software) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [106880 2009-11-06] (AnyDATA.NET INC.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2012-11-17] (Cisco Systems, Inc.) R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2005-11-08] (IBM Corp.) R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software) R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [97608 2012-10-31] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [35928 2012-10-31] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software) R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [530861 2007-01-24] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-10-09] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868042 2007-02-27] (Broadcom Corporation.) R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2006-10-15] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-01-24] (Broadcom Corporation.) R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions) R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions) R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions) R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions) R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions) R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions) R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions) R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions) S3 G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [322432 2001-10-26] (Matrox Graphics Inc.) R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAudN.sys [666112 2007-04-27] (Conexant Systems Inc.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210688 2007-03-25] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-03-25] (Conexant Systems, Inc.) R3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.) R3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [69760 2012-08-20] (Huawei Technologies Co., Ltd.) R3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.) R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2007-04-02] () R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2206976 2007-04-30] (Intel Corporation) R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2012-11-18] (Microsoft Corporation) R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-03-29] (Intel Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2012-12-27] () R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17778 2006-10-23] (IBM Corporation) R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2007-06-17] () R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [12848 2007-04-09] () R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55224 2014-03-25] (StdLib) R3 TVTPktFilter; C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys [17664 2007-02-08] (Lenovo Group Limited) U3 ahs86jwr; C:\WINDOWS\system32\Drivers\ahs86jwr.sys [0 ] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-29 20:21 - 2014-03-29 20:21 - 00000761 _____ () C:\Documents and Settings\All Users\Pulpit\Mobile Partner.lnk 2014-03-29 20:21 - 2014-03-29 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Mobile Partner 2014-03-29 20:21 - 2012-08-20 02:54 - 00096000 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-03-29 20:21 - 2012-08-20 02:54 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-03-29 20:21 - 2012-08-20 02:54 - 00069760 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-03-29 20:21 - 2012-08-20 02:54 - 00027520 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-03-29 20:21 - 2012-04-20 08:14 - 00249472 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys 2014-03-29 20:21 - 2011-12-31 03:20 - 00199168 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2014-03-29 20:21 - 2010-10-08 10:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-03-29 20:21 - 2010-09-26 12:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-03-29 20:21 - 2010-08-06 01:42 - 00861696 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-03-29 20:21 - 2010-07-27 03:52 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-03-29 20:21 - 2010-03-20 06:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-03-29 20:21 - 2005-05-13 10:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccid.sys 2014-03-29 20:20 - 2014-03-29 20:22 - 00000000 ____D () C:\Program Files\Mobile Partner 2014-03-28 15:51 - 2014-03-28 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\OnlineUpdate 2014-03-28 15:51 - 2014-03-28 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\log 2014-03-25 18:22 - 2014-03-25 18:22 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys 2014-03-25 15:10 - 2014-03-31 11:34 - 00000000 ____D () C:\FRST 2014-03-24 22:43 - 2014-03-24 22:43 - 00007168 ___SH () C:\Documents and Settings\Viola\Pulpit\Thumbs.db 2014-03-19 15:04 - 2014-03-19 15:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$ 2014-03-19 15:04 - 2014-03-19 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Picasa 3 2014-03-19 15:03 - 2014-03-19 15:04 - 00008805 _____ () C:\WINDOWS\KB952011.log 2014-03-19 15:03 - 2014-03-19 15:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2014-03-11 22:07 - 2014-03-11 22:07 - 04550656 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr 2014-03-11 21:34 - 2014-03-11 21:34 - 00922112 ____N (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00922112 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imapi2fs.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00426496 ____N (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00426496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imapi2.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00062592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cdrom.sys ==================== One Month Modified Files and Folders ======= 2014-03-31 11:34 - 2014-03-25 15:10 - 00000000 ____D () C:\FRST 2014-03-31 11:34 - 2012-11-17 23:57 - 00024576 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG 2014-03-31 11:28 - 2012-11-19 11:15 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-03-31 11:28 - 2012-11-18 00:12 - 01317668 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-31 11:27 - 2007-03-02 14:15 - 00025297 _____ () C:\WINDOWS\system32\PROCDB.INI 2014-03-31 11:26 - 2012-11-18 00:12 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-31 11:26 - 2012-11-18 00:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-31 11:26 - 2012-11-18 00:12 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-31 11:26 - 2012-11-18 00:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-31 11:26 - 2012-11-17 23:58 - 00003312 _____ () C:\TPHKLOCK.TXT 2014-03-31 11:26 - 2007-03-02 14:15 - 00000480 _____ () C:\WINDOWS\system32\IPSCtrl.INI 2014-03-29 21:18 - 2012-11-18 00:30 - 00000188 ___SH () C:\Documents and Settings\Viola\ntuser.ini 2014-03-29 21:18 - 2012-11-18 00:30 - 00000000 ____D () C:\Documents and Settings\Viola 2014-03-29 21:18 - 2012-11-18 00:12 - 00032388 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-29 21:16 - 2012-11-19 11:08 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-29 21:08 - 2012-11-18 00:41 - 00000254 _____ () C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job 2014-03-29 20:47 - 2014-01-02 23:32 - 00448918 _____ () C:\WINDOWS\setupapi.log 2014-03-29 20:40 - 2012-11-18 00:12 - 00041503 _____ () C:\WINDOWS\setupact.log 2014-03-29 20:22 - 2014-03-29 20:20 - 00000000 ____D () C:\Program Files\Mobile Partner 2014-03-29 20:22 - 2014-02-02 17:31 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService 2014-03-29 20:21 - 2014-03-29 20:21 - 00000761 _____ () C:\Documents and Settings\All Users\Pulpit\Mobile Partner.lnk 2014-03-29 20:21 - 2014-03-29 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Mobile Partner 2014-03-29 20:21 - 2012-11-18 00:12 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-03-29 20:21 - 2012-11-18 00:12 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-03-28 15:51 - 2014-03-28 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\OnlineUpdate 2014-03-28 15:51 - 2014-03-28 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\log 2014-03-28 15:51 - 2012-11-18 00:12 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-03-25 18:22 - 2014-03-25 18:22 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys 2014-03-24 22:43 - 2014-03-24 22:43 - 00007168 ___SH () C:\Documents and Settings\Viola\Pulpit\Thumbs.db 2014-03-24 22:43 - 2014-02-07 18:32 - 00000000 ____D () C:\Documents and Settings\Viola\Pulpit\paula_7-2-14 2014-03-24 22:43 - 2012-11-18 00:30 - 00000000 ____D () C:\Documents and Settings\Viola\Pulpit 2014-03-24 22:42 - 2013-07-25 18:20 - 00000000 ____D () C:\Documents and Settings\Viola\Pulpit\pmn 2014-03-19 15:04 - 2014-03-19 15:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$ 2014-03-19 15:04 - 2014-03-19 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Picasa 3 2014-03-19 15:04 - 2014-03-19 15:03 - 00008805 _____ () C:\WINDOWS\KB952011.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00978482 _____ () C:\WINDOWS\iis6.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00890705 _____ () C:\WINDOWS\FaxSetup.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00439633 _____ () C:\WINDOWS\ocgen.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00419941 _____ () C:\WINDOWS\tsoc.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00304452 _____ () C:\WINDOWS\comsetup.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00280678 _____ () C:\WINDOWS\msmqinst.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00183036 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00157268 _____ () C:\WINDOWS\netfxocm.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00064239 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00054910 _____ () C:\WINDOWS\ocmsn.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00046756 _____ () C:\WINDOWS\tabletoc.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00044933 _____ () C:\WINDOWS\msgsocm.log 2014-03-19 15:04 - 2012-11-18 00:12 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-19 15:04 - 2012-11-18 00:08 - 00000000 ____D () C:\Program Files\Picasa2 2014-03-19 15:03 - 2014-03-19 15:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2014-03-19 15:03 - 2012-11-18 00:12 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2014-03-19 14:44 - 2012-11-19 16:04 - 00000000 ____D () C:\Documents and Settings\Viola\Ustawienia lokalne\Dane aplikacji\GHISLER 2014-03-12 20:16 - 2012-11-19 11:08 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-12 20:16 - 2012-11-19 11:08 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-11 22:07 - 2014-03-11 22:07 - 04550656 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr 2014-03-11 21:34 - 2014-03-11 21:34 - 00922112 ____N (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00922112 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imapi2fs.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00426496 ____N (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00426496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imapi2.dll 2014-03-11 21:34 - 2014-03-11 21:34 - 00062592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cdrom.sys 2014-03-05 13:25 - 2014-02-23 18:49 - 00000000 ____D () C:\Program Files\FindRight Some content of TEMP: ==================== C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\bundlesweetimsetup.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\fp_pl_pfs_installer.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\jre-6u45-windows-i586-iftw_2f3dd198.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\PicasaUpdater_771.exe C:\Documents and Settings\Viola\Ustawienia lokalne\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2012-11-18 00:13] - [2008-04-14 23:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2012-11-18 00:13] - [2008-04-14 23:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2012-11-18 00:13] - [2008-04-14 23:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2012-11-18 00:13] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2012-11-18 00:13] - [2008-04-14 23:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2012-11-18 00:13] - [2008-04-14 23:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2012-11-18 00:13] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2012-11-18 00:13] - [2008-04-14 22:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================