Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02 Ran by Magda (administrator) on MADZIK on 14-01-2014 10:05:50 Running from C:\Users\Magda\Desktop Windows 7 Home Basic Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3CX Ltd) C:\Program Files (x86)\3CXPhone\3CXPhone.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\calc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2013-03-10] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2013-03-10] (Lenovo (Beijing) Limited) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2011-12-06] (Conexant Systems, Inc.) HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-03-26] (Synaptics) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-09] () HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\Magda\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-04] (Facebook Inc.) HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MountPoints2: F - F:\AutoRun.exe MountPoints2: {5402f575-0275-11e3-9f29-08edb9a6cd10} - F:\fscommand\LS_Start_Launch.cmd MountPoints2: {5ab6af63-22d0-11e2-a0bc-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {5ab6af73-22d0-11e2-a0bc-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {6ca6da08-9202-11e2-ac7b-08edb9a6cd10} - G:\AutoRun.exe MountPoints2: {98712100-58a3-11e2-a01b-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {9871210d-58a3-11e2-a01b-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {9a721cad-9135-11e2-b67f-08edb9a6cd10} - G:\AutoRun.exe MountPoints2: {a845a462-28ee-11e2-893f-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {e547ef14-2362-11e2-abc9-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {e547ef22-2362-11e2-abc9-08edb9a6cd10} - F:\AutoRun.exe MountPoints2: {f1d33599-22d7-11e2-b3da-08edb9a6cd10} - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260968 2012-06-23] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/?type=hp&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {1B9F830A-21E7-4BDC-9D9F-2C706DFAA41D} URL = SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=512&r=2013/04/24&hid=2032089653&lg=EN&cc=PL SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689 URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385380379&from=obw&uid=ST500LT012-9WS142_W0V0KX3WXXXXW0V0KX3W&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={BAE85896-BEC9-4799-AC7A-7860576FB0A3}&mid=4e45cac9aeb34fc39d46f8fcd981273d-c10b2142ba203899408fa1ba0056bb9de8e7a6d7&lang=pl&ds=xn011&pr=sa&d=2012-11-21 00:08:58&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=512&r=2013/04/24&hid=2032089653&lg=EN&cc=PL BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 89.231.1.206 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-12-09] CHR Extension: (Google Drive) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1 [2013-12-09] CHR Extension: (YouTube) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-12-09] CHR Extension: (Google Search) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-12-09] CHR Extension: (Google Wallet) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19] CHR Extension: (Gmail) - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 [2013-12-09] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Magda\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-11-25] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-09] ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.) S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2012-03-02] (Qualcomm Atheros Co., Ltd.) R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation) S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] U3 pfldypow; \??\C:\Users\Magda\AppData\Local\Temp\pfldypow.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-14 10:05 - 2014-01-14 10:06 - 00018563 _____ C:\Users\Magda\Desktop\FRST.txt 2014-01-14 10:05 - 2014-01-14 10:05 - 00000000 ____D C:\FRST 2014-01-14 10:04 - 2014-01-14 10:04 - 02075648 _____ (Farbar) C:\Users\Magda\Desktop\FRST64.exe 2014-01-14 10:03 - 2014-01-14 10:03 - 00005943 _____ C:\Users\Magda\Desktop\gmerMadzik.txt 2014-01-14 00:59 - 2014-01-14 01:00 - 00724584 _____ C:\Windows\Minidump\011414-66550-01.dmp 2014-01-14 00:59 - 2014-01-14 00:59 - 00000000 ____D C:\Windows\Minidump 2014-01-13 23:33 - 2014-01-13 23:33 - 00006999 _____ C:\Users\Magda\Desktop\UsbFix [Listing 1] MADZIK.txt 2014-01-13 23:29 - 2014-01-13 23:33 - 00006999 _____ C:\UsbFix [Listing 1] MADZIK.txt 2014-01-13 23:28 - 2014-01-13 23:29 - 00000000 ____D C:\UsbFix 2014-01-13 23:28 - 2014-01-13 23:28 - 00001281 _____ C:\Users\Magda\Desktop\UsbFix.lnk 2014-01-13 23:25 - 2014-01-13 23:25 - 00377856 _____ C:\Users\Magda\Desktop\cuucp8fm.exe 2014-01-13 23:19 - 2014-01-13 23:19 - 00000000 ____D C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-13 18:10 - 2014-01-13 18:10 - 00039424 _____ C:\Users\Magda\Downloads\70945.xls 2014-01-13 11:55 - 2014-01-13 11:55 - 00015827 _____ C:\Users\Magda\Downloads\narty 2014 2.xlsx 2014-01-13 11:55 - 2014-01-13 11:55 - 00000165 ____H C:\Users\Magda\Downloads\~$narty 2014 2.xlsx 2014-01-13 09:40 - 2014-01-13 09:40 - 00006656 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_1340b160b17e9d10775a4c6f7a10330143.xls 2014-01-10 09:50 - 2014-01-10 09:50 - 00009728 _____ C:\Users\Magda\Downloads\70945_9_18_2014_01_102c24f231298e6270f86b90cce84b25dd.xls 2014-01-09 09:43 - 2014-01-09 09:43 - 00008704 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_09e0927703304720c043ed6317c80aaab3.xls 2014-01-08 09:20 - 2014-01-08 09:20 - 00011264 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_0885585675f79a6e9c7235b949e2f5021a.xls 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 14:35 - 2014-01-06 14:35 - 00008704 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_0689a39dd703ec3669619aa39c15106a75.xls 2014-01-03 12:01 - 2014-01-03 12:01 - 01158903 _____ C:\Users\Magda\Downloads\Bedziesz moja Pania.wma 2014-01-03 11:59 - 2014-01-03 11:59 - 01118493 _____ C:\Users\Magda\Downloads\Niepewność -.wma 2014-01-02 18:54 - 2014-01-02 18:54 - 00012800 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_24382fb987acf1703bee3a0cd15852b56d.xls 2014-01-02 18:07 - 2014-01-02 18:07 - 00009216 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_231f7fc19f30876e9d22b978ec9c28274c (1).xls 2014-01-02 10:59 - 2014-01-02 10:59 - 00006656 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_3169c090b2dafe7b50a5c1737a27dcbe62.xls 2013-12-23 11:09 - 2013-12-23 11:09 - 00009216 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_231f7fc19f30876e9d22b978ec9c28274c.xls 2013-12-20 10:12 - 2013-12-20 10:12 - 00025088 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_20761704b203cdeab7f1bd9bc01b46acf5.xls 2013-12-19 23:07 - 2013-12-19 23:16 - 00064000 _____ C:\Users\Magda\Desktop\PROGNOZA KOSZTÓW 2013 druk Gdańsk.xls 2013-12-19 11:23 - 2013-12-19 11:23 - 00048128 _____ C:\Users\Magda\Downloads\KONSULTACJE_DZ+ZAO_KTiZJ.xls 2013-12-16 23:10 - 2013-12-16 23:10 - 00051712 _____ C:\Users\Magda\Downloads\OFERTA TESTY 11.12.xls ==================== One Month Modified Files and Folders ======= 2014-01-14 10:06 - 2014-01-14 10:05 - 00018563 _____ C:\Users\Magda\Desktop\FRST.txt 2014-01-14 10:05 - 2014-01-14 10:05 - 00000000 ____D C:\FRST 2014-01-14 10:04 - 2014-01-14 10:04 - 02075648 _____ (Farbar) C:\Users\Magda\Desktop\FRST64.exe 2014-01-14 10:03 - 2014-01-14 10:03 - 00005943 _____ C:\Users\Magda\Desktop\gmerMadzik.txt 2014-01-14 09:54 - 2013-12-09 10:38 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-14 09:47 - 2012-10-30 21:50 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-14 09:13 - 2009-07-14 05:45 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-14 09:13 - 2009-07-14 05:45 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-14 09:12 - 2012-10-30 23:44 - 00000000 ____D C:\ProgramData\MFAData 2014-01-14 09:12 - 2009-07-14 18:55 - 00738192 _____ C:\Windows\system32\perfh015.dat 2014-01-14 09:12 - 2009-07-14 18:55 - 00154848 _____ C:\Windows\system32\perfc015.dat 2014-01-14 09:12 - 2009-07-14 06:13 - 01663412 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-14 09:11 - 2012-10-30 21:11 - 01244340 _____ C:\Windows\WindowsUpdate.log 2014-01-14 09:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2014-01-14 09:06 - 2013-12-09 10:38 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-14 09:06 - 2013-06-10 07:50 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2014-01-14 09:06 - 2013-06-03 07:52 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-01-14 09:05 - 2013-12-09 10:05 - 00003080 _____ C:\Windows\setupact.log 2014-01-14 09:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-14 09:03 - 2012-11-04 19:16 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-503745508-334110650-3806541175-1000UA.job 2014-01-14 01:00 - 2014-01-14 00:59 - 00724584 _____ C:\Windows\Minidump\011414-66550-01.dmp 2014-01-14 00:59 - 2014-01-14 00:59 - 00000000 ____D C:\Windows\Minidump 2014-01-13 23:33 - 2014-01-13 23:33 - 00006999 _____ C:\Users\Magda\Desktop\UsbFix [Listing 1] MADZIK.txt 2014-01-13 23:33 - 2014-01-13 23:29 - 00006999 _____ C:\UsbFix [Listing 1] MADZIK.txt 2014-01-13 23:29 - 2014-01-13 23:28 - 00000000 ____D C:\UsbFix 2014-01-13 23:28 - 2014-01-13 23:28 - 00001281 _____ C:\Users\Magda\Desktop\UsbFix.lnk 2014-01-13 23:25 - 2014-01-13 23:25 - 00377856 _____ C:\Users\Magda\Desktop\cuucp8fm.exe 2014-01-13 23:19 - 2014-01-13 23:19 - 00000000 ____D C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-13 20:23 - 2012-11-04 19:16 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-503745508-334110650-3806541175-1000Core.job 2014-01-13 18:10 - 2014-01-13 18:10 - 00039424 _____ C:\Users\Magda\Downloads\70945.xls 2014-01-13 17:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-13 11:55 - 2014-01-13 11:55 - 00015827 _____ C:\Users\Magda\Downloads\narty 2014 2.xlsx 2014-01-13 11:55 - 2014-01-13 11:55 - 00000165 ____H C:\Users\Magda\Downloads\~$narty 2014 2.xlsx 2014-01-13 09:40 - 2014-01-13 09:40 - 00006656 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_1340b160b17e9d10775a4c6f7a10330143.xls 2014-01-10 09:50 - 2014-01-10 09:50 - 00009728 _____ C:\Users\Magda\Downloads\70945_9_18_2014_01_102c24f231298e6270f86b90cce84b25dd.xls 2014-01-09 11:00 - 2012-11-21 00:08 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2014-01-09 09:43 - 2014-01-09 09:43 - 00008704 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_09e0927703304720c043ed6317c80aaab3.xls 2014-01-08 09:20 - 2014-01-08 09:20 - 00011264 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_0885585675f79a6e9c7235b949e2f5021a.xls 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 14:35 - 2014-01-06 14:35 - 00008704 _____ C:\Users\Magda\Downloads\70945_9_17_2014_01_0689a39dd703ec3669619aa39c15106a75.xls 2014-01-04 22:25 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-04 22:21 - 2012-10-31 10:10 - 00000000 ____D C:\Users\Magda\AppData\Roaming\uTorrent 2014-01-03 12:01 - 2014-01-03 12:01 - 01158903 _____ C:\Users\Magda\Downloads\Bedziesz moja Pania.wma 2014-01-03 11:59 - 2014-01-03 11:59 - 01118493 _____ C:\Users\Magda\Downloads\Niepewność -.wma 2014-01-02 18:54 - 2014-01-02 18:54 - 00012800 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_24382fb987acf1703bee3a0cd15852b56d.xls 2014-01-02 18:07 - 2014-01-02 18:07 - 00009216 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_231f7fc19f30876e9d22b978ec9c28274c (1).xls 2014-01-02 10:59 - 2014-01-02 10:59 - 00006656 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_3169c090b2dafe7b50a5c1737a27dcbe62.xls 2013-12-23 11:09 - 2013-12-23 11:09 - 00009216 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_231f7fc19f30876e9d22b978ec9c28274c.xls 2013-12-20 10:12 - 2013-12-20 10:12 - 00025088 _____ C:\Users\Magda\Downloads\70945_9_17_2013_12_20761704b203cdeab7f1bd9bc01b46acf5.xls 2013-12-19 23:16 - 2013-12-19 23:07 - 00064000 _____ C:\Users\Magda\Desktop\PROGNOZA KOSZTÓW 2013 druk Gdańsk.xls 2013-12-19 11:23 - 2013-12-19 11:23 - 00048128 _____ C:\Users\Magda\Downloads\KONSULTACJE_DZ+ZAO_KTiZJ.xls 2013-12-16 23:10 - 2013-12-16 23:10 - 00051712 _____ C:\Users\Magda\Downloads\OFERTA TESTY 11.12.xls 2013-12-16 23:08 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-12-15 22:36 - 2013-11-25 13:02 - 00000000 ____D C:\Users\Magda\AppData\Roaming\Media Player Classic 2013-12-15 03:04 - 2013-08-11 11:06 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 03:00 - 2013-03-10 15:07 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 01:17 ==================== End Of Log ============================