Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014 Ran by krzysztof (administrator) on NUMIZMATYK on 05-01-2014 07:15:45 Running from C:\Users\krzysztof\Downloads Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe () C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe () C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9218592 2010-05-25] (Realtek Semiconductor) HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation) HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-02-06] (Acer Incorporated) HKLM\...\Run: [ABRegmon] - C:\Program Files\ArcaBit\ArcaVir\abregmon.exe HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [354848 2010-07-13] () HKCU\...\Run: [Google Update] - C:\Users\krzysztof\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-14] (Google Inc.) HKCU\...\Run: [ALLUpdate] - "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" HKCU\...\Run: [Facebook Update] - C:\Users\krzysztof\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-23] (Facebook Inc.) HKCU\...\Run: [GG] - C:\Users\krzysztof\AppData\Local\GG\Application\gghub.exe [4047424 2013-12-12] (GG Network S.A.) HKU\Default\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [ 2010-07-13] () HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-01-15] () HKU\Default User\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [ 2010-07-13] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-01-15] () Startup: C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aod260&r=27b51210g065l0404ww35w4722u380 SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {41917222-B30C-40F8-8314-4CED017F6AA2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL409PL409 SearchScopes: HKCU - {278A1D38-B9F9-47E9-BB7E-D56F6B9C48FC} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=C03F8119-2EF0-47FD-A3DC-9DAE5DF3665F&apn_sauid=23EE3B89-23B7-494E-A97C-1E17CF39225D SearchScopes: HKCU - {41917222-B30C-40F8-8314-4CED017F6AA2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL409PL409 SearchScopes: HKCU - {C0D8D46E-C4A0-4CCF-9EC1-7E3EF1214F66} URL = http://slowniki.gazeta.pl/pl/{searchTerms} SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = http://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\..\Interfaces\{5F22C8B5-9CB7-47FC-A7D6-7A6307C7E872}: [NameServer]217.116.104.104 217.116.100.100 FireFox: ======== FF ProfilePath: C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\xczqybk3.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\krzysztof\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\krzysztof\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\krzysztof\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\krzysztof\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\krzysztof\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\krzysztof\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wolnelektury-pl.xml FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\xczqybk3.default\Extensions\donottrackplus@abine.com FF Extension: Płatności CashBill - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\xczqybk3.default\Extensions\cashfill@cashbill.pl.xpi FF Extension: Simple Timer - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\xczqybk3.default\Extensions\simpletimer@grbradt.org.xpi FF Extension: Stylish - C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\xczqybk3.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: hxxp://www.gazeta.pl/0,0.html?p=143 CHR RestoreOnStartup: "hxxp://www.gazeta.pl/0,0.html?p=143", "hxxp://www.gazeta.pl/0,0.html?p=143", "hxxp://www.gazeta.pl/0,0.html?p=150" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\krzysztof\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\krzysztof\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\krzysztof\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\krzysztof\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: () - C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-02-06] (Acer Incorporated) R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.) R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) S3 ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WMCoreService; C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe [463912 2010-06-10] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] () R3 e36wscard; C:\Windows\System32\DRIVERS\e36wscard.sys [54440 2010-01-26] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2010-03-03] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2010-03-03] (Ericsson AB) S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82384 2010-03-02] (ENE Technology Inc.) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [329160 2010-04-27] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [388552 2010-04-27] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [14920 2010-04-27] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [405320 2010-04-27] (MCCI Corporation) R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-03] (Egis Technology Inc.) R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-03] (Egis Technology Inc.) R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-03] (Egis Technology Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [229928 2010-05-26] (Ericsson AB) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-05 07:15 - 2014-01-05 07:16 - 00019321 _____ C:\Users\krzysztof\Downloads\FRST.txt 2014-01-05 07:15 - 2014-01-05 07:15 - 00000000 ____D C:\FRST 2014-01-05 07:13 - 2014-01-05 07:13 - 01064761 _____ (Farbar) C:\Users\krzysztof\Downloads\FRST.exe 2014-01-05 07:12 - 2014-01-05 07:13 - 01064761 _____ (Farbar) C:\Users\krzysztof\Downloads\FRST(1).exe 2013-12-30 19:38 - 2013-12-30 19:38 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP(3).epub 2013-12-30 19:35 - 2013-12-30 19:35 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP(2).epub 2013-12-30 19:34 - 2013-12-30 19:34 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP(1).epub 2013-12-30 19:32 - 2013-12-30 19:32 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP.epub 2013-12-30 05:01 - 2013-12-30 05:01 - 00200048 _____ C:\Windows\Minidump\123013-26457-01.dmp 2013-12-27 16:42 - 2013-12-27 16:43 - 00000000 ____D C:\Users\krzysztof\Documents\Zbiór 2013-12-25 17:16 - 2013-12-25 17:16 - 00003149 _____ C:\Users\krzysztof\Downloads\list.html 2013-12-21 06:34 - 2013-12-21 06:34 - 00000000 ____D C:\Users\krzysztof\AppData\Local\{32942163-78B0-4FA0-AE32-D3AF77E37EA5} 2013-12-18 09:52 - 2013-12-18 09:52 - 00000000 ____D C:\Users\krzysztof\AppData\Local\{D111A609-A160-4A14-897A-4BD7AAA52D7F} 2013-12-15 17:05 - 2013-12-26 21:21 - 00000000 ____D C:\Users\krzysztof\Desktop\Zbiór 2013-12-12 15:52 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 15:52 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 15:52 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 15:52 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 15:52 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 15:52 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 15:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 15:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 15:50 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 10:01 - 2013-12-12 10:03 - 37008752 _____ C:\Users\krzysztof\Downloads\family_tree_builder_7128(1).exe 2013-12-12 10:00 - 2013-12-12 10:02 - 00606416 _____ C:\Users\krzysztof\Downloads\family_tree_builder_7128.exe 2013-12-12 09:46 - 2013-12-12 09:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-12 08:30 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 08:30 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 08:26 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 08:26 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-12 08:26 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-12 08:26 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-12 08:26 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-12 08:26 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-12 08:25 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 08:25 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 08:25 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 08:25 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-12 08:25 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-12-12 08:25 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-12 08:25 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-12 08:24 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 08:23 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 08:22 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 08:16 - 2013-12-19 14:37 - 00002007 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-12-12 04:58 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 04:58 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-01-05 07:17 - 2010-12-10 19:37 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-05 07:16 - 2014-01-05 07:15 - 00019321 _____ C:\Users\krzysztof\Downloads\FRST.txt 2014-01-05 07:15 - 2014-01-05 07:15 - 00000000 ____D C:\FRST 2014-01-05 07:14 - 2012-04-08 08:12 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-05 07:13 - 2014-01-05 07:13 - 01064761 _____ (Farbar) C:\Users\krzysztof\Downloads\FRST.exe 2014-01-05 07:13 - 2014-01-05 07:12 - 01064761 _____ (Farbar) C:\Users\krzysztof\Downloads\FRST(1).exe 2014-01-05 07:13 - 2010-09-12 21:18 - 01615329 _____ C:\Windows\WindowsUpdate.log 2014-01-05 07:13 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-05 07:13 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-05 07:09 - 2013-02-18 20:32 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620454163-3002760743-1891836912-1000UA.job 2014-01-05 06:43 - 2013-06-10 18:31 - 00000000 ____D C:\Users\krzysztof\AppData\Roaming\GG 2014-01-05 06:38 - 2010-12-10 19:37 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-05 06:37 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-05 06:37 - 2009-07-14 05:39 - 00182234 _____ C:\Windows\setupact.log 2014-01-04 22:48 - 2013-04-23 11:08 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2620454163-3002760743-1891836912-1000Core.job 2014-01-04 22:48 - 2013-02-18 20:32 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620454163-3002760743-1891836912-1000Core.job 2014-01-04 22:39 - 2013-04-23 11:08 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2620454163-3002760743-1891836912-1000UA.job 2014-01-04 03:02 - 2013-11-26 07:22 - 00204360 _____ C:\Windows\IE11_main.log 2014-01-02 19:11 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-30 19:43 - 2011-01-23 11:10 - 00000000 ____D C:\Users\krzysztof\Downloads\Telewizja. Program telewizyjny_files 2013-12-30 19:38 - 2013-12-30 19:38 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP(3).epub 2013-12-30 19:35 - 2013-12-30 19:35 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP(2).epub 2013-12-30 19:34 - 2013-12-30 19:34 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP(1).epub 2013-12-30 19:32 - 2013-12-30 19:32 - 00680837 _____ C:\Users\krzysztof\Downloads\2013-12-28_DGWRP.epub 2013-12-30 05:01 - 2013-12-30 05:01 - 00200048 _____ C:\Windows\Minidump\123013-26457-01.dmp 2013-12-30 05:01 - 2011-08-08 05:48 - 179729429 _____ C:\Windows\MEMORY.DMP 2013-12-30 05:01 - 2011-08-08 05:48 - 00000000 ____D C:\Windows\Minidump 2013-12-27 16:43 - 2013-12-27 16:42 - 00000000 ____D C:\Users\krzysztof\Documents\Zbiór 2013-12-26 21:21 - 2013-12-15 17:05 - 00000000 ____D C:\Users\krzysztof\Desktop\Zbiór 2013-12-25 17:16 - 2013-12-25 17:16 - 00003149 _____ C:\Users\krzysztof\Downloads\list.html 2013-12-21 06:34 - 2013-12-21 06:34 - 00000000 ____D C:\Users\krzysztof\AppData\Local\{32942163-78B0-4FA0-AE32-D3AF77E37EA5} 2013-12-21 06:34 - 2010-12-15 15:07 - 00000000 ____D C:\Users\krzysztof\AppData\Local\Windows Live 2013-12-21 06:29 - 2010-09-12 22:05 - 00701754 _____ C:\Windows\system32\perfh015.dat 2013-12-21 06:29 - 2010-09-12 22:05 - 00139098 _____ C:\Windows\system32\perfc015.dat 2013-12-21 06:29 - 2010-06-22 08:43 - 01565248 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-20 07:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-12-20 06:49 - 2010-06-22 09:25 - 00000000 ____D C:\Program Files\Google 2013-12-19 21:55 - 2010-09-12 21:15 - 00077334 _____ C:\Windows\PFRO.log 2013-12-19 14:58 - 2013-11-28 03:15 - 00000000 ____D C:\Users\krzysztof\Desktop\Rośliny doniczkowe, które oczyszczają powietrze z zanieczyszczeń - Zdrowie_pliki 2013-12-19 14:37 - 2013-12-12 08:16 - 00002007 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-12-19 14:37 - 2009-07-14 03:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-12-19 14:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp 2013-12-19 14:32 - 2010-12-10 18:45 - 00000000 ____D C:\Users\krzysztof 2013-12-19 14:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat 2013-12-19 14:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration 2013-12-18 09:52 - 2013-12-18 09:52 - 00000000 ____D C:\Users\krzysztof\AppData\Local\{D111A609-A160-4A14-897A-4BD7AAA52D7F} 2013-12-12 19:56 - 2013-06-10 18:31 - 00000000 ____D C:\Users\krzysztof\AppData\Local\GG 2013-12-12 19:50 - 2009-07-14 05:33 - 00427240 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 19:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pl-PL 2013-12-12 11:11 - 2013-10-02 05:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-12 10:14 - 2012-04-08 08:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-12 10:14 - 2011-05-13 04:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-12 10:03 - 2013-12-12 10:01 - 37008752 _____ C:\Users\krzysztof\Downloads\family_tree_builder_7128(1).exe 2013-12-12 10:02 - 2013-12-12 10:00 - 00606416 _____ C:\Users\krzysztof\Downloads\family_tree_builder_7128.exe 2013-12-12 09:47 - 2013-12-12 09:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-12 08:42 - 2011-04-14 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-12 08:38 - 2013-07-22 14:19 - 00000000 ____D C:\Windows\system32\MRT 2013-12-12 08:32 - 2010-12-15 14:58 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\krzysztof\AppData\Local\Temp\ApnStub.exe C:\Users\krzysztof\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\krzysztof\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\krzysztof\AppData\Local\Temp\fsclm.dll C:\Users\krzysztof\AppData\Local\Temp\fsols_launcher.exe C:\Users\krzysztof\AppData\Local\Temp\fsonlinescanner.exe C:\Users\krzysztof\AppData\Local\Temp\gg10.upgr.exe C:\Users\krzysztof\AppData\Local\Temp\ggdrive-menu.exe C:\Users\krzysztof\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\krzysztof\AppData\Local\Temp\icqsetup.exe C:\Users\krzysztof\AppData\Local\Temp\ICReinstall_System.Cleaner_7.3.9.340 (35295).exe C:\Users\krzysztof\AppData\Local\Temp\installstats.exe C:\Users\krzysztof\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\krzysztof\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\krzysztof\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\krzysztof\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\krzysztof\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\krzysztof\AppData\Local\Temp\MSN36BB.exe C:\Users\krzysztof\AppData\Local\Temp\MyHeritage_Version_7_0_0_7118_Size_36943976.exe C:\Users\krzysztof\AppData\Local\Temp\setup.exe C:\Users\krzysztof\AppData\Local\Temp\xmllite.dll C:\Users\krzysztof\AppData\Local\Temp\{2D4DDADB-F930-42CF-9C10-4266EFAAF7D8}-22.0.1229.96_chrome_installer.exe C:\Users\krzysztof\AppData\Local\Temp\{3F7B090A-233C-4CB6-BA18-296DCCAF3BBA}-chrome_updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 07:36 ==================== End Of Log ============================