Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by sere (administrator) on SERE-KOMPUTER on 05-04-2015 17:17:32 Running from D:\NAPRAWA Loaded Profiles: sere (Available profiles: sere & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK COMPUTER INC.) C:\Windows\System32\ATKFUSService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe () C:\Windows\SysWOW64\ASDR.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe () C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BEWConfigSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Users\sere\AppData\Local\Google\Update\GoogleUpdate.exe (Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BusinessEverywhere.exe () C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\UpdteApp.exe () C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\SMSNotifier.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Last.fm) D:\Dyskietka Mega\Last.fm\LastFM.exe (Monolith Productions Inc.) C:\Program Files (x86)\Pazur\CLAW.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\osk.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor) HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.) HKLM-x32\...\Run: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [20480 2007-07-26] () HKLM-x32\...\Run: [ASUSGamerOSD] => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-03-22] (Nullsoft, Inc.) HKLM-x32\...\Run: [NeroCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [0 2011-09-27] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] () HKLM-x32\...\Run: [Start_BusinessEverywhere_{ad30a369-08e3-414c-9d2c-7f47dbe748da}] => C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BusinessEverywhere.exe [3363808 2012-06-06] () HKLM-x32\...\Run: [Start_Update_{ad30a369-08e3-414c-9d2c-7f47dbe748da}] => C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\UpdteApp.exe [966600 2012-06-06] () HKLM-x32\...\Run: [Start_SMSNotifier_{ad30a369-08e3-414c-9d2c-7f47dbe748da}] => C:\Program Files (x86)\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\SMSNotifier.exe [1359824 2012-06-06] () HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Run: [Google Update] => C:\Users\sere\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-20] (Google Inc.) HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Run: [ALLUpdate] => D:\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] () HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Run: [Sony Ericsson PC Companion] => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144 2009-12-08] (Sony Ericsson Mobile Communications AB) HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Run: [HEXelon MAX] => "C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe" /auto HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Run: [MediaGet2] => C:\Users\sere\AppData\Local\MediaGet2\mediaget.exe --minimized HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Run: [ABBYY Screenshot Reader Bonus] => "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun HKU\S-1-5-21-448289024-605243297-948884167-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-448289024-605243297-948884167-1000\...\MountPoints2: {036e9690-bcf6-11df-a8d2-6cf049ad44bb} - F:\autorun.exe HKU\S-1-5-21-448289024-605243297-948884167-1000\...\MountPoints2: {78f43d04-d76c-11df-ae79-6cf049ad44bb} - G:\Startme.exe HKU\S-1-5-21-448289024-605243297-948884167-1000\...\MountPoints2: {861ed185-99f5-11e2-8d0f-b0474f000aa8} - G:\Setup.exe HKU\S-1-5-21-448289024-605243297-948884167-1000\...\MountPoints2: {898ac51a-cb07-11e4-9dc1-806e6f6e6963} - E:\setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\sere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-448289024-605243297-948884167-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-448289024-605243297-948884167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=135 URLSearchHook: HKU\S-1-5-21-448289024-605243297-948884167-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.) URLSearchHook: HKU\S-1-5-21-448289024-605243297-948884167-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) URLSearchHook: HKU\S-1-5-21-448289024-605243297-948884167-1000 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File SearchScopes: HKU\S-1-5-21-448289024-605243297-948884167-1000 -> DefaultScope {0AD681F7-84E3-4df6-AADA-EABF3BEBA857} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKU\S-1-5-21-448289024-605243297-948884167-1000 -> {0AD681F7-84E3-4df6-AADA-EABF3BEBA857} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKU\S-1-5-21-448289024-605243297-948884167-1000 -> {98CEAFE1-FF0E-41fc-B688-9D68CB8630A5} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: Bcool Class -> {2416BAB2-A62C-8B48-420D-149190AB6F64} -> C:\ProgramData\Bcool\bhoclass.dll [2012-07-04] () BHO-x32: DivX Plus Web Player HTML5