Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Justynka (administrator) on LAPEK on 17-10-2013 10:38:37 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2012-02-09] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2012-02-09] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2012-06-15] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-15] (Lenovo) HKLM\...\Run: [OneKeyReminder] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Reminder.exe [537896 2012-01-12] (CyberLink) HKLM\...\RunOnce: [OneKeyReminder] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Reminder.exe /DeleteRunKey [537896 2012-01-12] (CyberLink) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2011-11-22] (McAfee, Inc.) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-15] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [155960 2012-02-17] (Lenovo) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [155960 2012-02-17] (Lenovo) BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120615065911.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120615065911.dll (McAfee, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) S2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-02-13] (Lenovo (Beijing) Limited) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-09] (Atheros) S2 Mobile Broadband HL Service; "C:\ProgramData\MobileBrServ\mbbservice.exe" [x] ==================== Drivers (Whitelisted) ==================== S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-10-15] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-12-31] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-12-31] (AVG Technologies CZ, s.r.o. ) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-12-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-12-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111456 2012-12-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-12-31] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-12-31] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-29] (AVG Technologies) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-01-12] (Bytemobile, Inc.) S1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) S1 dbmecpbd; C:\Windows\system32\drivers\dbmecpbd.sys [49872 2013-10-10] (Microsoft Corporation) S1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-01] (Duplex Secure Ltd.) S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-01-12] (Bytemobile, Inc.) S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-01-12] (Bytemobile, Inc.) S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) U3 BcmSqlStartupSvc; S3 catchme; \??\C:\ComboFix\catchme.sys [x] U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [x] U2 DriverService; S3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [x] S3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [x] U2 IAStorDataMgrSvc; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 nvUpdatusService; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; S3 Sftfs; system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay; system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir; system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol; system32\DRIVERS\Sftvollh.sys [x] U2 SoftwareService; U3 SQLWriter; S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [x] S3 WinUsb; system32\DRIVERS\WinUsb.sys [x] S3 zte_cdc_acm; system32\DRIVERS\zte_cdc_acm.sys [x] S3 zte_cpo; system32\DRIVERS\zte_cpo.sys [x] U3 pxtdapow; \??\C:\Users\Justynka\AppData\Local\Temp\pxtdapow.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-17 10:37 - 2013-10-17 10:37 - 00000000 ____D C:\FRST 2013-10-16 10:33 - 2013-10-16 10:33 - 00006110 _____ C:\Users\Justynka\Documents\cc_20131016_103338.reg 2013-10-16 10:22 - 2013-10-16 10:23 - 00000000 ____D C:\Program Files\CCleaner 2013-10-16 09:04 - 2013-10-16 09:04 - 00000000 ____D C:\Users\Justynka\Doctor Web 2013-10-16 08:55 - 2013-10-16 08:55 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-16 08:55 - 2013-10-16 08:55 - 00000000 ____D C:\Users\Justynka\AppData\Roaming\Malwarebytes 2013-10-16 08:55 - 2013-10-16 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-16 08:55 - 2013-10-16 08:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-16 08:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-16 08:47 - 2013-10-16 10:32 - 00000000 ____D C:\Users\Justynka\AppData\Local\CrashDumps 2013-10-16 08:22 - 2013-10-16 08:32 - 00000000 ____D C:\ComboFix 2013-10-16 00:25 - 2013-10-16 08:22 - 00000000 ____D C:\Qoobox 2013-10-16 00:25 - 2013-10-16 00:55 - 00000000 ____D C:\Windows\erdnt 2013-10-16 00:25 - 2013-10-15 23:35 - 05133109 ____R (Swearware) C:\Users\Justynka\Desktop\ComboFix.exe 2013-10-16 00:25 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-16 00:25 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-16 00:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-16 00:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-16 00:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-16 00:25 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-16 00:25 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-16 00:25 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-16 00:23 - 2013-10-16 00:23 - 00000000 ____D C:\Users\Justynka\AppData\Local\Google 2013-10-15 22:20 - 2013-10-15 22:20 - 00000000 ____D C:\Users\Public\CyberLink 2013-10-15 22:20 - 2013-10-15 22:20 - 00000000 ____D C:\Users\Justynka\AppData\Roaming\CyberLink 2013-10-15 21:29 - 2013-10-16 08:21 - 00000000 ____D C:\AdwCleaner 2013-10-15 21:29 - 2013-10-10 13:58 - 01048960 _____ C:\Users\Justynka\Desktop\adwcleaner.exe 2013-10-15 09:21 - 2013-10-15 09:21 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\AVGDISKA.sys 2013-10-14 14:52 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-14 14:52 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-14 14:52 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-14 14:52 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-14 14:52 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-14 14:52 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-14 14:52 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-11 23:09 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-11 23:09 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-11 23:09 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-11 23:09 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-11 23:09 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-11 23:09 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-11 23:09 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-11 23:09 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-11 23:09 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-11 23:09 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-11 23:09 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-11 23:09 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-11 11:47 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 11:47 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-11 11:46 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-11 11:46 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-11 11:46 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-11 11:46 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 11:46 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-11 11:46 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-11 11:46 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-11 11:46 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 11:46 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-11 11:46 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-11 11:41 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 11:35 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-11 11:35 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-11 11:35 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-11 11:35 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-11 11:35 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-11 11:35 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-11 11:35 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-11 11:35 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-11 11:35 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-11 11:35 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-11 11:35 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-11 11:35 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-11 11:35 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-11 11:34 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 09:39 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-11 09:39 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-11 09:39 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-11 09:39 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-11 09:39 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-11 09:39 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-11 09:39 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-11 09:39 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-11 09:39 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-11 09:39 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-11 09:38 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-11 09:38 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-11 09:38 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-11 09:38 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-11 09:38 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-11 09:37 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-11 09:37 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 09:37 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 09:37 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ==================== One Month Modified Files and Folders ======= 2013-10-17 10:37 - 2013-10-17 10:37 - 00000000 ____D C:\FRST 2013-10-17 10:09 - 1601-01-01 02:14 - 01600652 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-17 10:09 - 1601-01-01 02:14 - 00722372 _____ C:\Windows\system32\perfh015.dat 2013-10-17 10:09 - 1601-01-01 02:14 - 00143058 _____ C:\Windows\system32\perfc015.dat 2013-10-17 10:04 - 1601-01-01 02:14 - 00068185 _____ C:\Windows\system32\fastboot.set 2013-10-17 10:03 - 2009-07-14 06:45 - 00289968 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-17 09:11 - 2012-06-15 07:11 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-16 13:11 - 2012-06-15 07:11 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-16 10:33 - 2013-10-16 10:33 - 00006110 _____ C:\Users\Justynka\Documents\cc_20131016_103338.reg 2013-10-16 10:32 - 2013-10-16 08:47 - 00000000 ____D C:\Users\Justynka\AppData\Local\CrashDumps 2013-10-16 10:32 - 2011-02-24 19:03 - 00000000 ____D C:\Windows\Panther 2013-10-16 10:23 - 2013-10-16 10:22 - 00000000 ____D C:\Program Files\CCleaner 2013-10-16 10:23 - 1601-01-01 02:14 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-10-16 09:04 - 2013-10-16 09:04 - 00000000 ____D C:\Users\Justynka\Doctor Web 2013-10-16 09:04 - 2012-10-29 18:49 - 00000000 ____D C:\Users\Justynka 2013-10-16 08:55 - 2013-10-16 08:55 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-16 08:55 - 2013-10-16 08:55 - 00000000 ____D C:\Users\Justynka\AppData\Roaming\Malwarebytes 2013-10-16 08:55 - 2013-10-16 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-16 08:55 - 2013-10-16 08:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-16 08:32 - 2013-10-16 08:22 - 00000000 ____D C:\ComboFix 2013-10-16 08:29 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-10-16 08:22 - 2013-10-16 00:25 - 00000000 ____D C:\Qoobox 2013-10-16 08:21 - 2013-10-15 21:29 - 00000000 ____D C:\AdwCleaner 2013-10-16 00:57 - 2009-07-14 05:20 - 00000000 ___HD C:\Users\Default 2013-10-16 00:55 - 2013-10-16 00:25 - 00000000 ____D C:\Windows\erdnt 2013-10-16 00:39 - 2009-07-14 04:34 - 49283072 _____ C:\Windows\system32\config\SOFTWARE.bak 2013-10-16 00:39 - 2009-07-14 04:34 - 26738688 _____ C:\Windows\system32\config\SYSTEM.bak 2013-10-16 00:39 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2013-10-16 00:39 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2013-10-16 00:39 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak 2013-10-16 00:23 - 2013-10-16 00:23 - 00000000 ____D C:\Users\Justynka\AppData\Local\Google 2013-10-15 23:35 - 2013-10-16 00:25 - 05133109 ____R (Swearware) C:\Users\Justynka\Desktop\ComboFix.exe 2013-10-15 22:20 - 2013-10-15 22:20 - 00000000 ____D C:\Users\Public\CyberLink 2013-10-15 22:20 - 2013-10-15 22:20 - 00000000 ____D C:\Users\Justynka\AppData\Roaming\CyberLink 2013-10-15 22:20 - 1601-01-01 02:14 - 00001129 _____ C:\Users\Justynka\Desktop\Cyberlink Power2Go.lnk 2013-10-15 09:21 - 2013-10-15 09:21 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\AVGDISKA.sys 2013-10-10 16:20 - 1601-01-01 02:14 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\DBMECPBD.sys 2013-10-10 16:17 - 1601-01-01 02:14 - 00000000 ____D C:\Windows\system32\MpEngineStore 2013-10-10 13:58 - 2013-10-15 21:29 - 01048960 _____ C:\Users\Justynka\Desktop\adwcleaner.exe 2013-09-29 19:06 - 1601-01-01 02:14 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-09-23 01:28 - 2013-10-11 23:09 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 01:28 - 2013-10-11 23:09 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 01:27 - 2013-10-11 23:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 00:55 - 2013-10-11 23:09 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-23 00:55 - 2013-10-11 23:09 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-23 00:55 - 2013-10-11 23:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-23 00:54 - 2013-10-11 23:09 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-23 00:54 - 2013-10-11 23:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-21 05:38 - 2013-10-11 23:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-21 05:30 - 2013-10-11 23:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-21 04:48 - 2013-10-11 23:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-21 04:39 - 2013-10-11 23:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.3160.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Menedżer rozruchu systemu Windows --------------------------------- Identyfikator {bootmgr} device partition=C: path \bootmgr description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {794dfe61-8130-11e2-be29-806e6f6e6963} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Moduł ładujący rozruchu systemu Windows --------------------------------------- Identyfikator {06f87eb4-4038-11e0-aecc-c1f066e6c02a} device locate=\Windows\system32\winload.exe path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} osdevice locate=\Windows systemroot \Windows resumeobject {06f87eb3-4038-11e0-aecc-c1f066e6c02a} nx OptIn numproc 2 usefirmwarepcisettings No Moduł ładujący rozruchu systemu Windows --------------------------------------- Identyfikator {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 Home Premium (odzyskano) locale pl-PL recoverysequence {06f87eb6-4038-11e0-aecc-c1f066e6c02a} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {794dfe61-8130-11e2-be29-806e6f6e6963} Moduł ładujący rozruchu systemu Windows --------------------------------------- Identyfikator {06f87eb6-4038-11e0-aecc-c1f066e6c02a} device ramdisk=[C:]\Recovery\97d31492-21e8-11e2-a04d-446d57e56a88\Winre.wim,{06f87eb7-4038-11e0-aecc-c1f066e6c02a} path \windows\system32\winload.exe description Windows Recovery Environment (odzyskano) locale osdevice ramdisk=[C:]\Recovery\97d31492-21e8-11e2-a04d-446d57e56a88\Winre.wim,{06f87eb7-4038-11e0-aecc-c1f066e6c02a} systemroot \windows winpe Yes Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {06f87eb3-4038-11e0-aecc-c1f066e6c02a} device locate=\Windows\system32\winresume.exe path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {794dfe61-8130-11e2-be29-806e6f6e6963} device partition=C: path \Windows\system32\winresume.exe description Windows 7 Home Premium (odzyskano) locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Moduł testujący pamięć systemu Windows -------------------------------------- Identyfikator {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes Ustawienia usług EMS -------------------- Identyfikator {emssettings} bootems Yes Ustawienia debugera ------------------- Identyfikator {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Uszkodzenia pamięci RAM ----------------------- Identyfikator {badmemory} Ustawienia globalne ------------------- Identyfikator {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Ustawienia modułu ładującego rozruchu ------------------------------------- Identyfikator {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Ustawienia funkcji hypervisor ----------------------------- Identyfikator {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Ustawienia modułu ładującego wznawiania --------------------------------------- Identyfikator {resumeloadersettings} inherit {globalsettings} Opcje urządzenia ---------------- Identyfikator {06f87eb7-4038-11e0-aecc-c1f066e6c02a} ramdisksdidevice partition=C: ramdisksdipath \Recovery\97d31492-21e8-11e2-a04d-446d57e56a88\boot.sdi LastRegBack: 2011-02-24 19:04 ==================== End Of Log ============================