Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need help with fixlist.txt file, please! [Solved]

surfvox malware fixlist.txt

  • This topic is locked This topic is locked

#1
grubyrules

grubyrules

    Member

  • Member
  • PipPip
  • 18 posts

Please, help me with this infection. I added both files, first and addition - I have no idea what I have to do to fix the problem. All webbrowser are hijacke on my system, I really need help.

Attached Files


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



As long as you'll be using torrents be ready to catch any number of infections. And believe me - this browser hijacker isn't the biggest of your issues.
Beside of that you are using dodgy websites/search engines. This also adds to your problem.
There are lots of errors pointing to the broken registry in the event log.

Running from D:\instalki\użytki

Move your copy of FRST to the desktop please.



FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    start
    CreateRestorePoint:
    CloseProcesses: 
    HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Run: [nvxasync] => C:\Users\gruby\AppData\Roaming\nvxasync\nvxasync.exe
    HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: F - F:\Setup.exe -auto
    HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: {63a5ad51-00bd-11e2-a3f4-60eb694d6c24} - H:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-03-12] () <==== ATTENTION 
    HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    FF Homepage: hxxp://www.surfvox.com
    FF DefaultSearchEngine: SurfVox
    FF SelectedSearchEngine: SurfVox
    FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
    FF DefaultSearchEngine: SurfVox
    FF SelectedSearchEngine: SurfVox
    FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
    FF DefaultSearchEngine: SurfVox
    FF SelectedSearchEngine: SurfVox
    FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
    FF DefaultSearchEngine: SurfVox
    FF SelectedSearchEngine: SurfVox
    FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
    FF DefaultSearchEngine: SurfVox
    FF SelectedSearchEngine: SurfVox
    CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    OPR StartupUrls: "hxxp://www.surfvox.com/"
    U3 BcmSqlStartupSvc; No ImagePath
    U2 IviRegMgr; No ImagePath
    S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
    S3 NPF; system32\drivers\NPF.sys [X]
    U2 RichVideo; No ImagePath
    U3 SQLWriter; No ImagePath
    S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
    2015-03-12 01:04 - 2015-03-12 01:04 - 00000000 _RSHD () C:\Users\gruby\AppData\Roaming\nvxasync
    2015-03-12 00:07 - 2015-03-12 00:07 - 00000000 _RSHD () C:\ProgramData\nvxasync
    Task: {5D916564-0F78-4564-84E7-56AA8E84120A} - System32\Tasks\Origin => C:\Users\gruby\AppData\Roaming\Origin\update.vbe <==== ATTENTION
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
    2015-03-12 00:07 - 2015-03-12 00:07 - 142679040 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    Reboot: 
    end
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#3
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thanks Naat :)

This fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 09:55:45 Run:1
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Run: [nvxasync] => C:\Users\gruby\AppData\Roaming\nvxasync\nvxasync.exe
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: F - F:\Setup.exe -auto
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: {63a5ad51-00bd-11e2-a3f4-60eb694d6c24} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-03-12] () <==== ATTENTION
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Homepage: hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
OPR StartupUrls: "hxxp://www.surfvox.com/"
U3 BcmSqlStartupSvc; No ImagePath
U2 IviRegMgr; No ImagePath
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
2015-03-12 01:04 - 2015-03-12 01:04 - 00000000 _RSHD () C:\Users\gruby\AppData\Roaming\nvxasync
2015-03-12 00:07 - 2015-03-12 00:07 - 00000000 _RSHD () C:\ProgramData\nvxasync
Task: {5D916564-0F78-4564-84E7-56AA8E84120A} - System32\Tasks\Origin => C:\Users\gruby\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
2015-03-12 00:07 - 2015-03-12 00:07 - 142679040 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Windows\CurrentVersion\Run\\nvxasync => value deleted successfully.
"HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63a5ad51-00bd-11e2-a3f4-60eb694d6c24}" => Key deleted successfully.
HKCR\CLSID\{63a5ad51-00bd-11e2-a3f4-60eb694d6c24} => Key not found.
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll not found.
c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll not found.
Opera StartupUrls deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
IviRegMgr => Service deleted successfully.
moufiltr => Service deleted successfully.
NPF => Service deleted successfully.
RichVideo => Service deleted successfully.
SQLWriter => Service deleted successfully.
vhidmini => Service deleted successfully.
C:\Users\gruby\AppData\Roaming\nvxasync => Moved successfully.
C:\ProgramData\nvxasync => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D916564-0F78-4564-84E7-56AA8E84120A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D916564-0F78-4564-84E7-56AA8E84120A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"C:\ProgramData\nvxasync\cvxasync.exe" => File/Directory not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {FD71AA28-E0C1-4141-91F1-B6831A74481F}.
Unable to cancel {D86BBA9E-72A0-43FD-A857-E15428AEA4C5}.
Unable to cancel {B113290D-B4D6-4E7E-935D-DD7E5D477014}.
Unable to cancel {2D70B401-65D7-4ABD-A7A8-F2315AF74392}.
0 out of 4 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 137 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:55:53 ====


  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Good. Let's investigate this one deeper.



gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

#5
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

My name is Jakub, by the way :)

 

gmer scan

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-12 10:31:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: 8mm4ivww.exe; Driver: C:\Users\gruby\AppData\Local\Temp\fgddqpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1548] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                      0000000074d28799 4 bytes [C2, 04, 00, 00]
.text   C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1548] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000074fd1465 2 bytes [FD, 74]
.text   C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1548] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000074fd14bb 2 bytes [FD, 74]
.text   ...                                                                                                                                            * 2
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\kernel32.dll!LoadLibraryW                                                           0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                       000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\ole32.dll!CoCreateInstance                                                          000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\WINMM.dll!waveOutReset                                                              000007fef8fda38c 5 bytes JMP 000007fefd7f02b8
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\WINMM.dll!waveOutPause                                                              000007fef8ff4b60 5 bytes JMP 000007fefd7f0238
.text   C:\windows\system32\taskhost.exe[1408] C:\windows\system32\WINMM.dll!waveOutRestart                                                            000007fef8ff4ba0 5 bytes JMP 000007fefd7f01b8
.text   C:\windows\system32\Dwm.exe[2072] C:\windows\system32\kernel32.dll!LoadLibraryW                                                                0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\Dwm.exe[2072] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                            000007fefd80a900 5 bytes JMP 000007fffd7e0038
.text   C:\windows\system32\Dwm.exe[2072] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                            000007fefd80c5e0 5 bytes JMP 000007fffd7e00b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\kernel32.dll!LoadLibraryW                            0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                        000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                        000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\WINMM.dll!waveOutReset                               000007fef8fda38c 5 bytes JMP 000007fefd7f02b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\WINMM.dll!waveOutPause                               000007fef8ff4b60 5 bytes JMP 000007fefd7f0238
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\WINMM.dll!waveOutRestart                             000007fef8ff4ba0 5 bytes JMP 000007fefd7f01b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\ole32.dll!CoCreateInstance                           000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\kernel32.dll!LoadLibraryW                                         0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                     000007fefd80a900 5 bytes JMP 000007fffd7e0038
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                     000007fefd80c5e0 5 bytes JMP 000007fffd7e00b8
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\ole32.dll!CoCreateInstance                                        000007feff417490 5 bytes JMP 000007fffd7e0138
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\kernel32.dll!LoadLibraryW                                              0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                          000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                          000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\WINMM.dll!waveOutReset                                                 000007fef8fda38c 5 bytes JMP 000007fefd7f02b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\WINMM.dll!waveOutPause                                                 000007fef8ff4b60 5 bytes JMP 000007fefd7f0238
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\WINMM.dll!waveOutRestart                                               000007fef8ff4ba0 5 bytes JMP 000007fefd7f01b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\ole32.dll!CoCreateInstance                                             000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\kernel32.dll!LoadLibraryW                                            0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                        000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                        000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\ole32.dll!CoCreateInstance                                           000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA            0000000074d248e3 5 bytes JMP 00000001100027c0
.text   C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW              0000000074d248fb 5 bytes JMP 00000001100028a0
.text   C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW            0000000074d2492d 5 bytes JMP 0000000110002830
.text   C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\ole32.dll!CoCreateInstance             00000000753a9d0b 5 bytes JMP 0000000110002900
.text   C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\KERNEL32.dll!LoadLibraryW                                 0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                             000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                             000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\ole32.dll!CoCreateInstance                                000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\kernel32.dll!LoadLibraryW                  0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA              000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW              000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\ole32.dll!CoCreateInstance                 000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\kernel32.dll!LoadLibraryExA          0000000074d248e3 5 bytes JMP 00000001002627c0
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\kernel32.dll!LoadLibraryW            0000000074d248fb 5 bytes JMP 00000001002628a0
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\kernel32.dll!LoadLibraryExW          0000000074d2492d 5 bytes JMP 0000000100262830
.text   C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\ole32.dll!CoCreateInstance           00000000753a9d0b 5 bytes JMP 0000000100262900
.text   C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\kernel32.dll!LoadLibraryW                                                      0000000077096f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                  000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text   C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                  000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text   C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\ole32.dll!CoCreateInstance                                                     000007feff417490 5 bytes JMP 000007fffd7f0138
.text   C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[1392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074fd1465 2 bytes [FD, 74]
.text   C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[1392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074fd14bb 2 bytes [FD, 74]
.text   ...                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread  System [4:892]                                                                                                                                 fffffa8008b19810

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected]                                                            0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected]                                                         0x0E 0xD1 0x31 0x49 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected]                                                                0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected]                                                             0x0E 0xD1 0x31 0x49 ...

---- EOF - GMER 2.1 ----
 


  • 0

#6
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

And FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by gruby (administrator) on GRUBY on 12-03-2015 10:32:11
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Users\gruby\Desktop\8mm4ivww.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014752 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-05-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {9ABED254-E67E-44DB-921E-019347DA9E24} URL = http://www.google.pl...age={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-28] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CC18BAD-CDD6-4816-8769-90E81FEA0B9D}: [NameServer] 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default
FF Homepage: https://duckduckgo.com/
FF NetworkProxy: "type", 0
FF Homepage: hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1261315055-2766284447-2599145269-1003: @tools.google.com/Google Update;version=8 -> C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-12-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-04-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\100-search-engines.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\dodatki-dla-firefox.xml [2014-12-06]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\erotic-search.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\filmwebpl.xml [2014-04-16]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\starter.xml [2015-03-12]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrent-freedom.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrent-metasearch.xml [2014-11-13]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrentfinder.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrentsto.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\tumacz-google.xml [2013-11-30]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\urban-dictionary.xml [2015-01-01]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\youtube.xml [2011-06-05]
FF Extension: Dummy Lipsum - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-01-06]
FF Extension: Xmarks - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2014-11-30]
FF Extension: FireShot - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-26]
FF Extension: FireFTP - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-15]
FF Extension: CSS Usage - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-10-04]
FF Extension: Firebug - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-03-23]
FF Extension: FirePHP - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-04-12]
FF Extension: FireQuery - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-10-04]
FF Extension: FirePath - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-10-04]
FF Extension: DuckDuckGo Plus - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2014-12-06]
FF Extension: SEO Doctor - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-04-13]
FF Extension: Status-4-Evar - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2014-05-11]
FF Extension: ImTranslator - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-12]
FF Extension: Web Developer - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-05-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Search) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Gmail) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

Opera:
=======
OPR StartupUrls: "hxxp://www.surfvox.com/"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-01-06] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [56688 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31088 2010-02-05] (JMicron Technology Corp.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] (Duplex Secure Ltd.)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 fgddqpog; \??\C:\Users\gruby\AppData\Local\Temp\fgddqpog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 10:32 - 2015-03-12 10:32 - 00022934 _____ () C:\Users\gruby\Desktop\FRST.txt
2015-03-12 10:15 - 2015-03-12 10:31 - 00013402 _____ () C:\Users\gruby\Desktop\gmer.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000652 _____ () C:\Users\gruby\Desktop\defogger_disable.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000188 _____ () C:\Users\gruby\defogger_reenable
2015-03-12 10:08 - 2015-03-12 10:08 - 00050477 _____ () C:\Users\gruby\Desktop\Defogger.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2015-03-12 09:53 - 2015-03-12 01:10 - 02095616 _____ (Farbar) C:\Users\gruby\Desktop\FRST64.exe
2015-03-12 01:11 - 2015-03-12 10:32 - 00000000 ____D () C:\FRST
2015-03-12 00:47 - 2015-03-12 01:06 - 00000000 ____D () C:\AdwCleaner
2015-03-12 00:42 - 2015-03-12 09:19 - 00000628 _____ () C:\windows\PFRO.log
2015-03-12 00:07 - 2014-09-22 04:39 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\fportable
2015-03-05 23:33 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:15 - 2010-11-21 04:51 - 24976806 _____ () C:\windows\system32\perfh015.dat
2015-03-12 10:15 - 2010-11-21 04:51 - 08798062 _____ () C:\windows\system32\perfc015.dat
2015-03-12 10:15 - 2009-07-14 05:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-12 10:10 - 2014-05-12 09:50 - 00001042 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 10:10 - 2013-02-15 13:06 - 00117402 _____ () C:\windows\setupact.log
2015-03-12 10:10 - 2012-09-23 13:46 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-03-12 10:10 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-12 10:09 - 2010-11-21 03:40 - 00000000 ____D () C:\Users\gruby
2015-03-12 10:09 - 2010-09-17 00:29 - 01546605 _____ () C:\windows\WindowsUpdate.log
2015-03-12 00:03 - 2013-03-20 20:03 - 00000000 ____D () C:\Users\gruby\Documents\FIFA 13
2015-03-09 22:59 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-03-08 22:45 - 2012-10-31 15:01 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\uTorrent
2015-03-08 19:44 - 2010-11-21 11:31 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Skype
2015-03-07 16:02 - 2010-11-21 04:14 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\foobar2000
2015-03-06 08:42 - 2013-04-24 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-02 00:04 - 2010-11-21 05:21 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Tlen.pl
2015-02-22 00:46 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF

==================== Files in the root of some directories =======

2010-11-21 16:45 - 2011-11-03 18:35 - 0007602 _____ () C:\Users\gruby\AppData\Local\resmon.resmoncfg
2010-11-21 11:32 - 2010-11-21 11:32 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-09-17 00:53 - 2010-10-06 18:57 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-09-17 12:17 - 2012-10-12 20:06 - 0000078 _____ () C:\ProgramData\profile.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-03-18 16:10

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 10:33:18
Running from C:\Users\gruby\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{F1E02922-FA0F-6EF1-1F95-CA23D65523C5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Ashampoo Burning Studio 2012 v10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Daum PotPlayer 1.5.35491 (HKLM-x32\...\PotPlayer) (Version:  - )
Digital Photo Software FotoMorph 12.4.5 (HKLM-x32\...\FotoMorph) (Version: 12.4.5 - Digital Photo Software)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.6 - Lenovo)
ESET Smart Security (HKLM\...\{C0D93E4E-0866-43C8-A104-BF41A803EA84}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
FIFA 13 1.0.28 (HKLM-x32\...\FIFA 13 1.0.28) (Version: 1.0.28 - EA Games)
foobar2000 v1.1 (HKLM-x32\...\foobar2000) (Version: 1.1 - Peter Pawlowski)
Freemake Video Converter version 2.2.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 2.2.0 - Ellora Assets Corporation)
GnuWin32: Gzip-1.3.12 (HKLM-x32\...\Gzip-1.3.12_is1) (Version: 1.3.12 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
LameACM (HKLM-x32\...\LameACM) (Version:  - )
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.2 - Suyin Optronics Corp.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.22 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0415-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 pl)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (3.0.10) (HKLM-x32\...\Mozilla Thunderbird (3.0.10)) (Version: 3.0.10 (pl) - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.1.1.2314) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 1.1.1.2 - Nokia)
Nokia PC Internet Access (x32 Version: 1.1.1.2 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Odkurzacz (HKLM-x32\...\Odkurzacz 13.5_is1) (Version: 13.5.0.1911 - FranmoSoftware - Maciej Opaliński)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SWiSH Max3 (HKLM-x32\...\SWiSH Max3) (Version: 09.06.02.000 - SWiSHzone.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.19.1 - Synaptics Incorporated)
Tlen.pl (HKLM-x32\...\Tlen.pl) (Version: 6.0.3.77 - o2.pl Sp. z o. o.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.1.0 - Tukero[X]Team)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2E9823CE-8133-46D9-B26A-224826496412} - System32\Tasks\{026E6300-257E-4628-9999-CB9D1401A58A} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {46A73544-68A8-4260-A8D6-5413D1E19370} - System32\Tasks\{10FB3D92-AE74-4024-A76C-CCB6BF3E5DB9} => pcalua.exe -a C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe -c /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Task: {48F2FBB6-5797-4757-B7A4-E8CC10AAD0CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4C1E2CA1-6494-4BF2-9A3C-A3D8197DFEAD} - System32\Tasks\Opera scheduled Autoupdate 1421364199 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {6910C1F7-3251-4FDB-9424-0F241A0D2DAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8495D246-5241-44B1-ADDB-E9E55D2789A3} - System32\Tasks\{52DB10CE-5292-4494-ACF8-37CC3A919698} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {908343F7-12E4-4FE6-A2EB-66CB1835691D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {A20C71F5-8CE6-4DC5-9F3C-7BD1FF703CC0} - System32\Tasks\{28B9D897-69FC-462D-AC6E-18DF4FEB830C} => Firefox.exe http://www.skype.com...8;LastError=404
Task: {A39741F1-D1CC-43A2-B56D-D7A87A349492} - System32\Tasks\{60AC84B0-7799-4766-BA76-062986A2F2A1} => pcalua.exe -a "C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {BD4F0774-4047-47AC-A30F-6134016C9924} - System32\Tasks\{4784DDE8-A84A-439C-B7B9-0B4C425FC8A7} => pcalua.exe -a C:\Users\gruby\Downloads\lgs510.exe -d C:\Users\gruby\Downloads
Task: {BEECB5CE-FCD2-484E-85D2-633E4B5071B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {C1E6FAF2-86DD-4F5A-BFFE-2A86B65980F1} - System32\Tasks\{A3869FF0-CF06-4625-AF52-D6BB4895E0E8} => pcalua.exe -a C:\Users\gruby\Downloads\Swf2Avi_Setup.exe
Task: {CF62CF85-0E97-4D27-9BF2-363BA2C2379C} - System32\Tasks\{39E468F5-A999-4F5E-977A-8198BEF61E4C} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {D4FFDF96-F58D-4B1B-9294-BD9D51B2916C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {FBDFFB72-E843-4AAA-8FB8-74A011C7E72C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-09-17 01:06 - 2009-12-19 02:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-11-21 04:27 - 2009-06-02 00:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-12 09:49 - 2014-05-12 09:49 - 00222720 _____ () E:\sojusznicy webmastera\notepad++\NppShell_06.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2010-09-17 01:06 - 2009-12-19 02:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-09-17 01:06 - 2009-12-19 02:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-10 16:22 - 2012-05-10 16:22 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dc45bfd22b86df0074e8e521ada8d55f\IsdiInterop.ni.dll
2010-09-17 00:38 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-07 13:10 - 2015-02-07 13:10 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\gruby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lenovo Smile Dock.lnk => C:\windows\pss\Lenovo Smile Dock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe
MSCONFIG\startupreg: BEWINTERNET-PLSessionManager => "C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => E:\sojusznicy webmastera\corel\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=030213 serial=DR12CUB-5137358-MCC lang=PL
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Lenovo SplitScreen => "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
MSCONFIG\startupreg: MacroKeyManager => WTMKM.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UCam_Menu => "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\gruby\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-1261315055-2766284447-2599145269-500 - Administrator - Disabled)
gruby (S-1-5-21-1261315055-2766284447-2599145269-1003 - Administrator - Enabled) => C:\Users\gruby
Guest (S-1-5-21-1261315055-2766284447-2599145269-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1261315055-2766284447-2599145269-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Nazwa modułu powodującego błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0008d93e
Identyfikator procesu powodującego błąd: 0x1338
Godzina uruchomienia aplikacji powodującej błąd: 0x8mm4ivww.exe0
Ścieżka aplikacji powodującej błąd: 8mm4ivww.exe1
Ścieżka modułu powodującego błąd: 8mm4ivww.exe2
Identyfikator raportu: 8mm4ivww.exe3

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Nie można utworzyć punktu przywracania (Proces = C:\Users\gruby\Desktop\FRST64.exe ; Opis = Restore Point Created by FRST; Błąd = 0x80070422).

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.


System errors:
=============
Error: (03/12/2015 10:12:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2

Error: (03/12/2015 10:10:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.

Error: (03/12/2015 10:09:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2

Error: (03/12/2015 09:56:45 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.

Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:56:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:55:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Live ID Sign-in Assistant niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.


Microsoft Office Sessions:
=========================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 8mm4ivww.exe2.1.19357.052e7ea838mm4ivww.exe2.1.19357.052e7ea83c00000050008d93e133801d05cacfdbe4751C:\Users\gruby\Desktop\8mm4ivww.exeC:\Users\gruby\Desktop\8mm4ivww.exe94c30278-c8a0-11e4-b034-60eb694d6c24

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\gruby\Desktop\FRST64.exe Restore Point Created by FRST0x80070422

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 49%
Total physical RAM: 4028.56 MB
Available physical RAM: 2038.84 MB
Total Pagefile: 8055.32 MB
Available Pagefile: 6054.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:54.54 GB) (Free:19.06 GB) NTFS
Drive d: (magazyn) (Fixed) (Total:311.02 GB) (Free:143.98 GB) NTFS
Drive e: (praca) (Fixed) (Total:85.25 GB) (Free:59.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396.3 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=02)

==================== End Of Log ============================


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Cześć Jakubie zwany Grubym :)



Firefox-icon.png Reset Firefox to defaults

Please open Mozilla Firefox.
  • In the address bar at the top please type in about:support.
  • You will be taken to the Troubleshooting information menu.
  • Find there Reset Firefox button and press it just once.
  • In the shown window please press Reset Firefox button once more.
  • FireFox will close and reset.
Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore FF engine to a state similar after a fresh installation.



after that post me another, fresh FRST report.
  • 0

#8
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Mówimy po polsku? :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by gruby (administrator) on GRUBY on 12-03-2015 10:47:52
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\gruby\Desktop\8mm4ivww.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014752 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-05-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {9ABED254-E67E-44DB-921E-019347DA9E24} URL = http://www.google.pl...age={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-28] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CC18BAD-CDD6-4816-8769-90E81FEA0B9D}: [NameServer] 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\5bbus0xz.default-1426157137755
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1261315055-2766284447-2599145269-1003: @tools.google.com/Google Update;version=8 -> C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-12-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-04-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Search) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Gmail) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

Opera:
=======
OPR StartupUrls: "hxxp://www.surfvox.com/"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-01-06] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [56688 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31088 2010-02-05] (JMicron Technology Corp.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] (Duplex Secure Ltd.)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 fgddqpog; \??\C:\Users\gruby\AppData\Local\Temp\fgddqpog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 10:45 - 2015-03-12 10:45 - 00000000 ____D () C:\Users\gruby\Desktop\Stare dane programu Firefox
2015-03-12 10:33 - 2015-03-12 10:33 - 00035353 _____ () C:\Users\gruby\Desktop\Addition.txt
2015-03-12 10:32 - 2015-03-12 10:48 - 00017279 _____ () C:\Users\gruby\Desktop\FRST.txt
2015-03-12 10:15 - 2015-03-12 10:31 - 00013402 _____ () C:\Users\gruby\Desktop\gmer.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000652 _____ () C:\Users\gruby\Desktop\defogger_disable.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000188 _____ () C:\Users\gruby\defogger_reenable
2015-03-12 10:08 - 2015-03-12 10:08 - 00050477 _____ () C:\Users\gruby\Desktop\Defogger.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2015-03-12 09:53 - 2015-03-12 01:10 - 02095616 _____ (Farbar) C:\Users\gruby\Desktop\FRST64.exe
2015-03-12 01:11 - 2015-03-12 10:47 - 00000000 ____D () C:\FRST
2015-03-12 00:47 - 2015-03-12 01:06 - 00000000 ____D () C:\AdwCleaner
2015-03-12 00:42 - 2015-03-12 09:19 - 00000628 _____ () C:\windows\PFRO.log
2015-03-12 00:07 - 2014-09-22 04:39 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\fportable
2015-03-05 23:33 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:15 - 2010-11-21 04:51 - 24976806 _____ () C:\windows\system32\perfh015.dat
2015-03-12 10:15 - 2010-11-21 04:51 - 08798062 _____ () C:\windows\system32\perfc015.dat
2015-03-12 10:15 - 2009-07-14 05:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-12 10:10 - 2014-05-12 09:50 - 00001042 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 10:10 - 2013-02-15 13:06 - 00117402 _____ () C:\windows\setupact.log
2015-03-12 10:10 - 2012-09-23 13:46 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-03-12 10:10 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-12 10:09 - 2010-11-21 03:40 - 00000000 ____D () C:\Users\gruby
2015-03-12 10:09 - 2010-09-17 00:29 - 01546605 _____ () C:\windows\WindowsUpdate.log
2015-03-12 00:03 - 2013-03-20 20:03 - 00000000 ____D () C:\Users\gruby\Documents\FIFA 13
2015-03-09 22:59 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-03-08 22:45 - 2012-10-31 15:01 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\uTorrent
2015-03-08 19:44 - 2010-11-21 11:31 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Skype
2015-03-07 16:02 - 2010-11-21 04:14 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\foobar2000
2015-03-06 08:42 - 2013-04-24 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-02 00:04 - 2010-11-21 05:21 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Tlen.pl
2015-02-22 00:46 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF

==================== Files in the root of some directories =======

2010-11-21 16:45 - 2011-11-03 18:35 - 0007602 _____ () C:\Users\gruby\AppData\Local\resmon.resmoncfg
2010-11-21 11:32 - 2010-11-21 11:32 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-09-17 00:53 - 2010-10-06 18:57 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-09-17 12:17 - 2012-10-12 20:06 - 0000078 _____ () C:\ProgramData\profile.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-03-18 16:10

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 10:48:45
Running from C:\Users\gruby\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{F1E02922-FA0F-6EF1-1F95-CA23D65523C5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Ashampoo Burning Studio 2012 v10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Daum PotPlayer 1.5.35491 (HKLM-x32\...\PotPlayer) (Version:  - )
Digital Photo Software FotoMorph 12.4.5 (HKLM-x32\...\FotoMorph) (Version: 12.4.5 - Digital Photo Software)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.6 - Lenovo)
ESET Smart Security (HKLM\...\{C0D93E4E-0866-43C8-A104-BF41A803EA84}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
FIFA 13 1.0.28 (HKLM-x32\...\FIFA 13 1.0.28) (Version: 1.0.28 - EA Games)
foobar2000 v1.1 (HKLM-x32\...\foobar2000) (Version: 1.1 - Peter Pawlowski)
Freemake Video Converter version 2.2.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 2.2.0 - Ellora Assets Corporation)
GnuWin32: Gzip-1.3.12 (HKLM-x32\...\Gzip-1.3.12_is1) (Version: 1.3.12 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
LameACM (HKLM-x32\...\LameACM) (Version:  - )
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.2 - Suyin Optronics Corp.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.22 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0415-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 pl)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (3.0.10) (HKLM-x32\...\Mozilla Thunderbird (3.0.10)) (Version: 3.0.10 (pl) - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.1.1.2314) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 1.1.1.2 - Nokia)
Nokia PC Internet Access (x32 Version: 1.1.1.2 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Odkurzacz (HKLM-x32\...\Odkurzacz 13.5_is1) (Version: 13.5.0.1911 - FranmoSoftware - Maciej Opaliński)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SWiSH Max3 (HKLM-x32\...\SWiSH Max3) (Version: 09.06.02.000 - SWiSHzone.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.19.1 - Synaptics Incorporated)
Tlen.pl (HKLM-x32\...\Tlen.pl) (Version: 6.0.3.77 - o2.pl Sp. z o. o.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.1.0 - Tukero[X]Team)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2E9823CE-8133-46D9-B26A-224826496412} - System32\Tasks\{026E6300-257E-4628-9999-CB9D1401A58A} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {46A73544-68A8-4260-A8D6-5413D1E19370} - System32\Tasks\{10FB3D92-AE74-4024-A76C-CCB6BF3E5DB9} => pcalua.exe -a C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe -c /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Task: {48F2FBB6-5797-4757-B7A4-E8CC10AAD0CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4C1E2CA1-6494-4BF2-9A3C-A3D8197DFEAD} - System32\Tasks\Opera scheduled Autoupdate 1421364199 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {6910C1F7-3251-4FDB-9424-0F241A0D2DAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8495D246-5241-44B1-ADDB-E9E55D2789A3} - System32\Tasks\{52DB10CE-5292-4494-ACF8-37CC3A919698} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {908343F7-12E4-4FE6-A2EB-66CB1835691D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {A20C71F5-8CE6-4DC5-9F3C-7BD1FF703CC0} - System32\Tasks\{28B9D897-69FC-462D-AC6E-18DF4FEB830C} => Firefox.exe http://www.skype.com...8;LastError=404
Task: {A39741F1-D1CC-43A2-B56D-D7A87A349492} - System32\Tasks\{60AC84B0-7799-4766-BA76-062986A2F2A1} => pcalua.exe -a "C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {BD4F0774-4047-47AC-A30F-6134016C9924} - System32\Tasks\{4784DDE8-A84A-439C-B7B9-0B4C425FC8A7} => pcalua.exe -a C:\Users\gruby\Downloads\lgs510.exe -d C:\Users\gruby\Downloads
Task: {BEECB5CE-FCD2-484E-85D2-633E4B5071B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {C1E6FAF2-86DD-4F5A-BFFE-2A86B65980F1} - System32\Tasks\{A3869FF0-CF06-4625-AF52-D6BB4895E0E8} => pcalua.exe -a C:\Users\gruby\Downloads\Swf2Avi_Setup.exe
Task: {CF62CF85-0E97-4D27-9BF2-363BA2C2379C} - System32\Tasks\{39E468F5-A999-4F5E-977A-8198BEF61E4C} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {D4FFDF96-F58D-4B1B-9294-BD9D51B2916C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {FBDFFB72-E843-4AAA-8FB8-74A011C7E72C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-09-17 01:06 - 2009-12-19 02:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-11-21 04:27 - 2009-06-02 00:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-12 09:49 - 2014-05-12 09:49 - 00222720 _____ () E:\sojusznicy webmastera\notepad++\NppShell_06.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2010-09-17 01:06 - 2009-12-19 02:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-09-17 01:06 - 2009-12-19 02:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-10 16:22 - 2012-05-10 16:22 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dc45bfd22b86df0074e8e521ada8d55f\IsdiInterop.ni.dll
2010-09-17 00:38 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\gruby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lenovo Smile Dock.lnk => C:\windows\pss\Lenovo Smile Dock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe
MSCONFIG\startupreg: BEWINTERNET-PLSessionManager => "C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => E:\sojusznicy webmastera\corel\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=030213 serial=DR12CUB-5137358-MCC lang=PL
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Lenovo SplitScreen => "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
MSCONFIG\startupreg: MacroKeyManager => WTMKM.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UCam_Menu => "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\gruby\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-1261315055-2766284447-2599145269-500 - Administrator - Disabled)
gruby (S-1-5-21-1261315055-2766284447-2599145269-1003 - Administrator - Enabled) => C:\Users\gruby
Guest (S-1-5-21-1261315055-2766284447-2599145269-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1261315055-2766284447-2599145269-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Nazwa modułu powodującego błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0008d93e
Identyfikator procesu powodującego błąd: 0x1338
Godzina uruchomienia aplikacji powodującej błąd: 0x8mm4ivww.exe0
Ścieżka aplikacji powodującej błąd: 8mm4ivww.exe1
Ścieżka modułu powodującego błąd: 8mm4ivww.exe2
Identyfikator raportu: 8mm4ivww.exe3

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Nie można utworzyć punktu przywracania (Proces = C:\Users\gruby\Desktop\FRST64.exe ; Opis = Restore Point Created by FRST; Błąd = 0x80070422).

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.


System errors:
=============
Error: (03/12/2015 10:12:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2

Error: (03/12/2015 10:10:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.

Error: (03/12/2015 10:09:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2

Error: (03/12/2015 09:56:45 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.

Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:56:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\windows\System32\IWMSSvc.dll

Error: (03/12/2015 09:55:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Live ID Sign-in Assistant niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.


Microsoft Office Sessions:
=========================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 8mm4ivww.exe2.1.19357.052e7ea838mm4ivww.exe2.1.19357.052e7ea83c00000050008d93e133801d05cacfdbe4751C:\Users\gruby\Desktop\8mm4ivww.exeC:\Users\gruby\Desktop\8mm4ivww.exe94c30278-c8a0-11e4-b034-60eb694d6c24

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000

Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\gruby\Desktop\FRST64.exe Restore Point Created by FRST0x80070422

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 48%
Total physical RAM: 4028.56 MB
Available physical RAM: 2070.6 MB
Total Pagefile: 8055.32 MB
Available Pagefile: 6110.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:54.54 GB) (Free:19.03 GB) NTFS
Drive d: (magazyn) (Fixed) (Total:311.02 GB) (Free:143.98 GB) NTFS
Drive e: (praca) (Fixed) (Total:85.25 GB) (Free:59.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396.3 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=02)

==================== End Of Log ============================


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Owszem, jestem polakiem i mówię po Polsku :) Ale ponieważ jesteśmy na amerykańskim forum to wszystkie instrukcje mam po Angielsku.



FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    Folder: C:\Users\gruby\AppData\Roaming\Opera\Opera
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#10
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Czy to z Tobą rozmawiałem na forum.programosy.pl? Jeśli tak, to naprawdę bardzo dziękuję za wsparcie

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 11:02:56 Run:2
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Folder: C:\Users\gruby\AppData\Roaming\Opera\Opera
end
*****************


========================= Folder: C:\Users\gruby\AppData\Roaming\Opera\Opera ========================

2013-04-24 14:20 - 2015-01-15 23:21 - 0000165 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\autoupdate_region.dat
2011-04-18 09:45 - 2015-01-15 23:21 - 0002288 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\autoupdate_response.xml
2014-05-11 19:16 - 2014-05-11 19:16 - 0684706 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\bookmarks.adr
2011-04-12 19:27 - 2011-04-12 19:27 - 0192771 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\bookmarks.adr.pre_sync
2010-11-22 00:21 - 2015-01-15 23:22 - 0110890 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\browser.js
2015-01-15 23:23 - 2015-01-15 23:23 - 0000013 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\cookies4.dat
2014-03-19 10:23 - 2015-01-15 23:23 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\download.dat
2014-03-19 10:23 - 2015-01-15 23:23 - 0000000 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\global_history.dat
2015-01-15 23:23 - 2015-01-15 23:23 - 0000045 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\link_queue_myopera.dat
2015-01-15 23:23 - 2015-01-15 23:23 - 0000045 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\link_queue_out_myopera.dat
2013-04-24 14:20 - 2013-04-24 14:20 - 0000186 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\notes.adr
2010-11-22 00:20 - 2015-01-15 23:23 - 0028347 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opcacrt6.dat
2010-11-22 00:25 - 2015-01-15 23:23 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opcert6.dat
2015-01-15 23:23 - 2015-01-15 23:23 - 0033102 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini
2010-11-22 00:20 - 2015-01-15 23:23 - 0009042 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opicacrt6.dat
2010-11-22 00:32 - 2015-01-15 23:23 - 0004096 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\oprand.dat
2012-10-29 21:47 - 2015-01-15 23:23 - 0015141 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opssl6.dat
2010-11-22 00:20 - 2014-05-11 19:16 - 0002545 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opthumb.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0000000 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\optrb.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\optrust.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0002746 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opuntrust.dat
2014-04-16 10:53 - 2014-04-16 10:53 - 0013262 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\override_downloaded.ini
2012-08-04 08:27 - 2012-08-04 08:27 - 0000153 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\search.ini
2011-04-12 19:27 - 2011-04-12 19:27 - 0000153 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\search.ini.pre_sync
2014-05-11 19:16 - 2014-05-11 19:16 - 0000061 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\search_field_history.dat
2014-05-11 19:16 - 2014-05-11 19:16 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\spdysett.dat
2014-05-11 19:13 - 2014-05-11 19:13 - 0003476 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\speeddial.ini
2011-04-12 19:27 - 2011-04-12 19:27 - 0000917 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\speeddial.ini.pre_sync
2015-01-15 23:21 - 2015-01-15 23:21 - 0000431 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\tasks.xml
2015-01-15 23:23 - 2015-01-15 23:23 - 0000318 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\tips.ini
2014-03-19 10:23 - 2015-01-15 23:23 - 0000056 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\typed_history.xml
2011-04-12 19:27 - 2011-04-12 19:27 - 0000056 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\typed_history.xml.pre_sync
2010-11-22 00:20 - 2010-11-22 00:20 - 0001641 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\unite.adr
2013-04-24 14:20 - 2013-04-24 14:20 - 0000214 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\urlfilter.ini
2011-04-18 09:44 - 2011-04-18 09:44 - 0000214 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\urlfilter.ini.pre_sync
2015-01-15 23:23 - 2015-01-15 23:23 - 0000201 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\vlink4.dat
2014-05-11 19:16 - 2014-05-11 19:16 - 0000647 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\wand.dat
2013-04-24 14:20 - 2013-04-24 14:20 - 0001606 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\windows-direct3d-10.blocklist.json
2013-04-24 14:20 - 2013-04-24 14:20 - 0006204 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\windows-opengl.blocklist.json
2010-11-22 00:21 - 2010-11-22 00:21 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\dictionaries
2010-11-22 00:21 - 2012-08-04 08:27 - 0004228 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\dictionaries\dictionaries.xml
2012-08-16 09:02 - 2012-10-30 00:28 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\pstorage
2012-10-29 21:46 - 2012-10-29 21:46 - 0000056 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\pstorage\psindex.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\sessions
2015-01-15 23:23 - 2015-01-15 23:23 - 0001104 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\sessions\autosave.win
2014-04-16 10:56 - 2015-01-15 23:23 - 0001104 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
2010-11-22 00:20 - 2010-11-22 00:20 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles
2010-11-22 00:20 - 2010-11-22 00:20 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user
2010-11-22 00:20 - 2010-02-04 13:04 - 0002742 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0001353 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0001225 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\classid.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000673 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000705 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000213 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000229 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000269 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000243 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000410 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000735 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\outline.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0004569 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0002112 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0002727 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000258 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0004809 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\toc.css
2010-11-22 00:25 - 2014-05-11 19:16 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\toolbar
2014-05-11 19:16 - 2014-05-11 19:16 - 0001998 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\toolbar\standard_toolbar.ini
2010-11-22 00:32 - 2010-11-22 00:32 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\webserver
2010-11-22 00:32 - 2015-01-15 23:23 - 0000035 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\webserver\users.xml

====== End of Folder: ======


==== End of Fixlog 11:02:56 ====


  • 0

Advertisements


#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Powiedzmy że jestem obecny w wielu miejscach sieci ;)

This should force Opera to rebuild its prefs file. Is this surfvox present somewhere else?


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses: 
    C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini
    EmptyTemp:
    Reboot: 
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#12
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Opera starts normally, same Firefox and IE. But in Safari and Chrome still survfox.com is as a default search engine


  • 0

#13
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 11:10:52 Run:3
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini
EmptyTemp:
Reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini => Moved successfully.
EmptyTemp: => Removed 34.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:10:57 ====


  • 0

#14
grubyrules

grubyrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Chwilę trwał restart, przepraszam za opóźnieni


  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Here you'll find some info how to reset Safari:
http://browsers.abou...faridefault.htm


About Chrome:


chrome.png Reset Chrome to defaults

Please open Google Chrome.
  • Enter the Chrome menu by clicking the chrome-menu.png button.
  • Select Settings.
  • Click Show advanced settings and find the Reset browser settings section.
  • Click Reset browser settings.
  • In the dialog that appears, click Reset.
  • Chrome will reset itself.
Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation.


Update me what issues persist please.
  • 0






Similar Topics


Also tagged with one or more of these keywords: surfvox, malware, fixlist.txt

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP