Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01 Ran by boys (administrator) on BOYS-KOMPUTER on 10-10-2014 22:07:45 Running from C:\Users\boys\Desktop\frst Loaded Profile: boys (Available profiles: boys) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Macrovision Europe Ltd.) C:\Users\boys\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor) HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2650901788-2749221157-3041939507-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6277912 2014-03-18] (Piriform Ltd) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: localhost:8080 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {CB3DA99F-EF9F-4969-99B0-F94383A2903D} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\boys\AppData\Roaming\Mozilla\Firefox\Profiles\2qhp7s1t.default-1361472549805 FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: YouTube Flash to HTML5 - C:\Users\boys\AppData\Roaming\Mozilla\Firefox\Profiles\2qhp7s1t.default-1361472549805\Extensions\garg_sms@yahoo.in.xpi [2013-06-24] FF Extension: Speed Dial - C:\Users\boys\AppData\Roaming\Mozilla\Firefox\Profiles\2qhp7s1t.default-1361472549805\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-02-21] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-03] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-09-15] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-15] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2012-09-15] (Creative Labs) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-06] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-10] (DT Soft Ltd) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-09-15] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-09-15] (FNet Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-06] () R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools) R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 cpuz135; \??\C:\Users\boys\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 22:06 - 2014-10-10 22:07 - 00000000 ____D () C:\FRST 2014-10-10 22:04 - 2014-10-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-10 22:01 - 2014-10-10 22:07 - 00000000 ____D () C:\Users\boys\Desktop\frst 2014-10-10 22:01 - 2014-10-10 22:01 - 00000000 ____D () C:\Users\boys\Desktop\gmer 2014-10-10 22:00 - 2014-10-10 22:01 - 00000000 ____D () C:\Users\boys\Desktop\otl 2014-10-10 21:50 - 2014-10-10 21:50 - 00109632 _____ () C:\Users\boys\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-10 21:44 - 2014-10-10 21:56 - 00073396 _____ () C:\Windows\WindowsUpdate.log 2014-10-10 21:44 - 2014-10-10 21:45 - 00000000 ____D () C:\Users\boys\Desktop\PSIO 2014-10-09 22:45 - 2014-10-09 22:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-09 22:45 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-09 22:44 - 2014-10-09 22:44 - 00004682 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-10-09 22:44 - 2014-10-09 22:44 - 00000000 ____D () C:\Users\boys\Desktop\gothic3 2014-10-09 22:44 - 2014-10-09 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-09 22:44 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-09 22:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-09 22:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-09 22:39 - 2014-10-10 21:41 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-09 22:39 - 2014-10-09 23:37 - 00003870 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-08 00:04 - 2014-05-25 11:40 - 27765848 ____N () C:\Users\boys\Desktop\20140520_135648.mp4 2014-09-30 21:15 - 2014-09-30 21:15 - 00002281 _____ () C:\Users\boys\AppData\Local\recently-used.xbel 2014-09-30 19:03 - 2014-09-30 19:03 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_boys 2014-09-30 19:02 - 2014-10-10 21:42 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_boys.job 2014-09-30 19:02 - 2014-10-09 19:05 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_boys 2014-09-30 19:02 - 2014-10-09 19:05 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_boys.job 2014-09-30 19:02 - 2014-10-01 19:06 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_boys.job 2014-09-30 19:02 - 2014-09-30 19:03 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_boys 2014-09-30 19:02 - 2014-09-30 19:03 - 00002668 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_boys 2014-09-23 23:47 - 2014-09-23 23:47 - 00000000 ____D () C:\Users\boys\Desktop\gwarancja ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 22:04 - 2012-09-16 00:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-10 21:55 - 2012-10-14 11:19 - 00000000 ___RD () C:\Users\boys\Desktop\DP 2014-10-10 21:54 - 2014-06-22 18:17 - 00000000 ____D () C:\Users\boys\Desktop\gothic 3 2014-10-10 21:49 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-10 21:49 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-10 21:47 - 2012-10-11 21:31 - 00000000 ____D () C:\ProgramData\MFAData 2014-10-10 21:46 - 2014-02-25 22:07 - 00000000 ____D () C:\Users\boys\Desktop\muza 2014-10-10 21:45 - 2013-01-02 21:05 - 00000000 ____D () C:\Users\boys\Desktop\psy 2014-10-10 21:44 - 2013-12-15 17:48 - 00000000 ____D () C:\Users\boys\Desktop\mig 2014-10-10 21:44 - 2012-11-17 20:08 - 00000000 ____D () C:\Users\boys\Desktop\strona 2014-10-10 21:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-09 23:45 - 2012-12-28 22:46 - 00000000 ____D () C:\Users\boys\Downloads\antywirusy 2014-10-09 23:35 - 2013-02-04 20:12 - 00000000 ____D () C:\Users\boys\AppData\Roaming\Media Player Classic 2014-10-09 22:44 - 2012-11-21 20:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-09 22:39 - 2012-09-15 23:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-09 22:39 - 2012-09-15 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-09 22:39 - 2012-09-15 16:20 - 00000000 ____D () C:\Users\boys\AppData\Local\Adobe 2014-10-09 22:25 - 2014-06-26 23:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-09 22:20 - 2013-08-15 20:18 - 00003302 _____ () C:\Windows\System32\Tasks\{C396A08B-F114-4268-95FB-229C925786E6} 2014-10-09 22:20 - 2013-03-13 19:32 - 00003128 _____ () C:\Windows\System32\Tasks\{B148234C-0FDA-43EA-9A2A-7C6FFEF3DA8B} 2014-10-09 22:20 - 2012-10-13 10:34 - 00003176 _____ () C:\Windows\System32\Tasks\{625E9A2A-0605-4681-8DF8-9C04EB489137} 2014-10-02 18:54 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-01 20:18 - 2012-10-28 18:12 - 00000000 ____D () C:\Users\boys\Desktop\zdj traktorów 2014-09-30 23:06 - 2012-10-27 21:38 - 00000000 ____D () C:\Users\boys\.gimp-2.8 2014-09-23 23:45 - 2013-12-15 16:57 - 00000000 ____D () C:\Users\boys\AppData\Roaming\Audacity ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-07 22:59 ==================== End Of Log ============================