Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by gruby (administrator) on GRUBY on 12-03-2015 01:11:22 Running from D:\instalki\użytki Loaded Profiles: gruby (Available profiles: gruby) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\ProgramData\nvxasync\cvxasync.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (http://www.hiren.info) G:\HBCD\HBCDMenu.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014752 2010-05-13] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated) HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-05-03] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo) HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo) HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Run: [nvxasync] => C:\Users\gruby\AppData\Roaming\nvxasync\nvxasync.exe HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: F - F:\Setup.exe -auto HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: {63a5ad51-00bd-11e2-a3f4-60eb694d6c24} - H:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-03-12] () <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {9ABED254-E67E-44DB-921E-019347DA9E24} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-28] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-28] (Oracle Corporation) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation) BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation) BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2CC18BAD-CDD6-4816-8769-90E81FEA0B9D}: [NameServer] 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default FF Homepage: https://duckduckgo.com/ FF NetworkProxy: "type", 0 FF Homepage: hxxp://www.surfvox.com FF DefaultSearchEngine: SurfVox FF SelectedSearchEngine: SurfVox FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com FF DefaultSearchEngine: SurfVox FF SelectedSearchEngine: SurfVox FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com FF DefaultSearchEngine: SurfVox FF SelectedSearchEngine: SurfVox FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com FF DefaultSearchEngine: SurfVox FF SelectedSearchEngine: SurfVox FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com FF DefaultSearchEngine: SurfVox FF SelectedSearchEngine: SurfVox FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-28] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1261315055-2766284447-2599145269-1003: @tools.google.com/Google Update;version=8 -> C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-12-06] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-04-06] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\100-search-engines.xml [2010-12-19] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\dodatki-dla-firefox.xml [2014-12-06] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\erotic-search.xml [2010-12-19] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\filmwebpl.xml [2014-04-16] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\starter.xml [2015-03-12] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrent-freedom.xml [2010-12-19] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrent-metasearch.xml [2014-11-13] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrentfinder.xml [2010-12-19] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrentsto.xml [2010-12-19] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\tumacz-google.xml [2013-11-30] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\urban-dictionary.xml [2015-01-01] FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\youtube.xml [2011-06-05] FF Extension: Dummy Lipsum - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\dummylipsum@sogame.cat [2011-01-06] FF Extension: Xmarks - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\foxmarks@kei.com [2014-11-30] FF Extension: FireShot - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-26] FF Extension: FireFTP - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-15] FF Extension: CSS Usage - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\csscoverage@spaghetticoder.org.xpi [2011-10-04] FF Extension: Firebug - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\firebug@software.joehewitt.com.xpi [2011-03-23] FF Extension: FirePHP - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2011-04-12] FF Extension: FireQuery - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\firequery@binaryage.com.xpi [2011-10-04] FF Extension: FirePath - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\FireXPath@pierre.tholence.com.xpi [2011-10-04] FF Extension: DuckDuckGo Plus - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-12-06] FF Extension: SEO Doctor - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\seodoctor@prelovac.com.xpi [2011-04-13] FF Extension: Status-4-Evar - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\status4evar@caligonstudios.com.xpi [2014-05-11] FF Extension: ImTranslator - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-12] FF Extension: Web Developer - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-05-15] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-11-11] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12] CHR Extension: (Google Drive) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12] CHR Extension: (YouTube) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12] CHR Extension: (Google Search) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12] CHR Extension: (Gmail) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] Opera: ======= OPR StartupUrls: "hxxp://www.surfvox.com/" ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-01-06] (Adobe Systems) [File not signed] S4 Adobe Version Cue CS2; E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited) R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET) R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET) R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.) R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [56688 2010-02-05] (JMicron Technology Corp.) R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31088 2010-02-05] (JMicron Technology Corp.) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] () S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] () [File not signed] R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo) U3 BcmSqlStartupSvc; No ImagePath U2 IviRegMgr; No ImagePath S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 NPF; system32\drivers\NPF.sys [X] U2 RichVideo; No ImagePath U3 SQLWriter; No ImagePath S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 01:11 - 2015-03-12 01:11 - 00000000 ____D () C:\FRST 2015-03-12 01:04 - 2015-03-12 01:04 - 00000000 _RSHD () C:\Users\gruby\AppData\Roaming\nvxasync 2015-03-12 00:47 - 2015-03-12 01:06 - 00000000 ____D () C:\AdwCleaner 2015-03-12 00:42 - 2015-03-12 00:42 - 00000336 _____ () C:\windows\PFRO.log 2015-03-12 00:07 - 2015-03-12 00:07 - 00000000 _RSHD () C:\ProgramData\nvxasync 2015-03-12 00:07 - 2014-09-22 04:39 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\fportable 2015-03-05 23:33 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 01:11 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-12 01:11 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-12 01:08 - 2010-11-21 04:51 - 24887010 _____ () C:\windows\system32\perfh015.dat 2015-03-12 01:08 - 2010-11-21 04:51 - 08765862 _____ () C:\windows\system32\perfc015.dat 2015-03-12 01:08 - 2009-07-14 05:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI 2015-03-12 01:04 - 2014-05-12 09:50 - 00001042 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 01:04 - 2013-02-15 13:06 - 00117010 _____ () C:\windows\setupact.log 2015-03-12 01:04 - 2012-09-23 13:46 - 00065536 _____ () C:\windows\system32\Ikeext.etl 2015-03-12 01:04 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-03-12 01:03 - 2010-09-17 00:29 - 01508501 _____ () C:\windows\WindowsUpdate.log 2015-03-12 00:03 - 2013-03-20 20:03 - 00000000 ____D () C:\Users\gruby\Documents\FIFA 13 2015-03-09 22:59 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing 2015-03-08 22:45 - 2012-10-31 15:01 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\uTorrent 2015-03-08 19:44 - 2010-11-21 11:31 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Skype 2015-03-07 16:02 - 2010-11-21 04:14 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\foobar2000 2015-03-06 08:42 - 2013-04-24 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-02 00:04 - 2010-11-21 05:21 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Tlen.pl 2015-02-22 00:46 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF ==================== Files in the root of some directories ======= 2010-11-21 16:45 - 2011-11-03 18:35 - 0007602 _____ () C:\Users\gruby\AppData\Local\resmon.resmoncfg 2010-11-21 11:32 - 2010-11-21 11:32 - 0000048 ____H () C:\ProgramData\ezsidmv.dat 2010-09-17 00:53 - 2010-10-06 18:57 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2012-09-17 12:17 - 2012-10-12 20:06 - 0000078 _____ () C:\ProgramData\profile.xml Some content of TEMP: ==================== C:\Users\gruby\AppData\Local\Temp\Quarantine.exe C:\Users\gruby\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-03-18 16:10 ==================== End Of Log ============================