Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by win7 (administrator) on WIN7-KOMPUTER on 28-01-2015 18:25:11 Running from C:\Users\win7\Downloads Loaded Profiles: win7 (Available profiles: win7) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe () C:\ProgramData\MobileBrServ\mbbService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe () C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Nektra S.A.) C:\Program Files (x86)\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe (My Portal) C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe () C:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2013-01-24] () HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.) HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.) HKLM\...\RunOnce: [Unattend0000000001{A8125975-BD0D-4F01-8D64-0910B5C74BEE}] => c:\windows\system32\oem\ConfigAp.cmd [242 2009-03-05] () HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911160 2012-01-18] (Microsoft Corporation) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [IROElauncher] => C:\Program Files (x86)\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe [94720 2008-09-26] (Nektra S.A.) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [AQQ] => C:\Program Files\WapSter\WapSter AQQ\AQQ.exe [13296128 2014-11-26] (My Portal) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocAction (Plustek OpticSlim 2600).lnk ShortcutTarget: DocAction (Plustek OpticSlim 2600).lnk -> C:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://176.109.163.26/WebClient.exe DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{5C0FE770-FBFC-4087-8D9C-90BE4CA3A72D}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{86AB903A-0190-40B2-B78F-0B485519F988}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{B4DCAF92-CAB2-48EA-958F-85D38117FA39}: [NameServer] 89.108.202.21 89.108.195.21 FireFox: ======== ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S2 Multimedia mobilNET. RunOuc; C:\Program Files (x86)\Multimedia mobilNET\UpdateDog\ouc.exe [218624 2013-02-06] () [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-05-29] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 18:25 - 2015-01-28 18:25 - 00009817 _____ () C:\Users\win7\Downloads\FRST.txt 2015-01-28 17:55 - 2015-01-28 17:55 - 00000000 ____D () C:\Users\win7\Downloads\FRST-OlderVersion 2015-01-26 20:11 - 2015-01-26 20:11 - 00036352 _____ () C:\Users\win7\Desktop\Kamery 2A,1502.xls 2015-01-26 19:16 - 2015-01-26 19:16 - 00000000 ____D () C:\Users\win7\Desktop\Bella i Sebastian.2014.Lektor.PLIONEK 2015-01-26 19:11 - 2015-01-26 19:15 - 718971543 _____ () C:\Users\win7\Desktop\Bella i Sebastian.2014.Lektor.PLIONEK.rar 2015-01-26 18:56 - 2015-01-26 18:56 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-26 18:56 - 2015-01-26 18:56 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-26 18:56 - 2015-01-26 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-26 18:55 - 2015-01-26 18:55 - 40601600 _____ () C:\Users\win7\Downloads\Firefox Setup 35.0.1.exe 2015-01-26 01:52 - 2015-01-26 01:58 - 00000000 ____D () C:\Users\win7\Desktop\logi 2 2015-01-26 00:11 - 2015-01-26 00:12 - 00380416 _____ () C:\Users\win7\Downloads\1t3get9j.exe 2015-01-26 00:05 - 2015-01-28 18:25 - 00000000 ____D () C:\FRST 2015-01-26 00:04 - 2015-01-28 17:55 - 02130432 _____ (Farbar) C:\Users\win7\Downloads\FRST64.exe 2015-01-25 23:41 - 2015-01-25 23:41 - 00000469 _____ () C:\Windows\SynInst.log 2015-01-15 10:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 10:45 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 10:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 10:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 10:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 10:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 10:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 10:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 10:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 10:45 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 10:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 10:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 10:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-04 22:26 - 2015-01-04 22:26 - 00000662 _____ () C:\Users\Public\Desktop\ChomikBox.lnk 2015-01-04 22:25 - 2015-01-04 22:26 - 28266496 _____ () C:\Users\win7\Desktop\ChomikBox.msi 2014-12-29 18:32 - 2014-12-29 18:32 - 00000000 ____D () C:\Users\win7\AppData\Local\TeamViewer 2014-12-29 18:31 - 2014-12-29 18:31 - 00000935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 18:13 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-28 18:13 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-28 18:10 - 2013-01-27 17:44 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-28 18:07 - 2013-02-10 21:07 - 00000000 ____D () C:\Users\win7\AppData\Roaming\Skype 2015-01-28 18:06 - 2009-08-22 07:01 - 00411196 _____ () C:\Windows\PLaunch.log 2015-01-28 18:06 - 2009-08-22 06:12 - 01034135 _____ () C:\Windows\launApp.log 2015-01-28 18:05 - 2009-08-22 09:34 - 00788600 _____ () C:\Windows\PFRO.log 2015-01-28 18:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-28 18:05 - 2009-07-14 05:51 - 00123022 _____ () C:\Windows\setupact.log 2015-01-28 18:04 - 2013-01-24 13:54 - 02086545 _____ () C:\Windows\WindowsUpdate.log 2015-01-28 17:57 - 2013-01-24 14:11 - 00001219 _____ () C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-26 00:10 - 2014-07-29 10:58 - 00000278 _____ () C:\Windows\wininit.ini 2015-01-26 00:10 - 2014-05-07 17:29 - 00000000 ____D () C:\Users\win7\AppData\Local\Unity 2015-01-25 23:41 - 2014-08-31 18:41 - 00000000 ____D () C:\Program Files (x86)\Sims 2015-01-25 23:10 - 2013-01-27 17:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 23:10 - 2013-01-27 17:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 23:10 - 2013-01-27 17:44 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-24 20:56 - 2013-03-24 15:59 - 00000000 ____D () C:\Users\win7\AppData\Local\ChomikBox 2015-01-24 19:22 - 2013-03-24 15:59 - 00000000 ____D () C:\Users\win7\.gstreamer-0.10 2015-01-24 18:48 - 2014-12-22 08:05 - 00000000 ____D () C:\Users\win7\Desktop\zus 2015-01-24 18:48 - 2013-01-24 22:32 - 00740688 _____ () C:\Windows\system32\perfh015.dat 2015-01-24 18:48 - 2013-01-24 22:32 - 00156230 _____ () C:\Windows\system32\perfc015.dat 2015-01-24 18:48 - 2009-07-14 06:13 - 01670590 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-23 18:15 - 2014-05-01 18:13 - 00001453 _____ () C:\Users\win7\Desktop\kamery.txt 2015-01-16 09:29 - 2013-08-15 00:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 09:22 - 2013-01-24 18:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 14:46 - 2013-01-25 15:42 - 00000000 ____D () C:\Users\win7\AppData\Roaming\vlc 2015-01-13 17:32 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-12 18:38 - 2013-03-04 00:11 - 00000000 ____D () C:\Users\win7\AppData\Roaming\ipla 2015-01-12 18:38 - 2013-03-04 00:11 - 00000000 ____D () C:\ProgramData\ipla 2015-01-10 17:42 - 2014-12-18 21:00 - 00036864 _____ () C:\Users\win7\Desktop\Kamery 2A,15.xls 2015-01-04 22:26 - 2014-08-31 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl 2015-01-04 22:26 - 2014-08-31 18:18 - 00000000 ____D () C:\Program Files (x86)\ChomikBox 2014-12-31 12:14 - 2013-01-24 14:22 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-29 22:20 - 2013-02-13 17:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-12-29 22:09 - 2013-01-24 14:10 - 00117296 _____ () C:\Users\win7\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 22:08 - 2009-07-14 05:45 - 00446160 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2009-08-22 09:43 - 2009-02-10 20:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico 2014-06-07 21:02 - 2014-06-07 21:02 - 0000600 _____ () C:\Users\win7\AppData\Roaming\winscp.rnd 2013-01-26 12:35 - 2013-01-26 12:38 - 0006288 _____ () C:\Users\win7\AppData\Local\MyWinLockerInstaller.txt-20130126.log 2013-01-24 14:17 - 2013-01-24 14:22 - 0007825 _____ () C:\ProgramData\ArcadeDeluxe3.log 2009-08-22 09:44 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-25 18:08 ==================== End Of Log ============================