Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 Ran by ROX (administrator) on ROXANA on 22-01-2014 06:53:34 Running from C:\Users\ROX\Downloads Windows 8 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe () C:\Users\ROX\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\CertifiedBrowserService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\Internet w Cyfrowym Polsacie\Internet w Cyfrowym Polsacie.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Redefine Sp. z o.o.) C:\Program Files (x86)\RedApp\redApp.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-28] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-13] (AVAST Software) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 MountPoints2: E - "E:\AutoRun.exe" MountPoints2: {12c36c87-3415-11e3-be8c-00a0c6000000} - "E:\AutoRun.exe" MountPoints2: {12c36d00-3415-11e3-be8c-00a0c6000000} - "E:\AutoRun.exe" MountPoints2: {5bbfb4fd-3c62-11e3-be8e-001e101feefc} - "E:\AutoRun.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=DE0E00A0C6000000&affID=125032&tsp=5034 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://vaioportal.sony.eu HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {BCF91377-0223-4E0B-97CA-8A5EC285DE94} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS SearchScopes: HKCU - {CEEFDF2B-54F7-4843-88A5-AA3D2C9C70BD} URL = http://search.us.com/serp?guid={C843085E-147C-4EA7-BDB2-518884F2CA39}&action=default_search&serpv=5&k={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\ROX\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\..\Interfaces\{22706DF7-92FA-44A8-B4C6-A1416688C4D9}: [NameServer]212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{33C4FCC4-87FA-4DC0-ADD2-58720CE6DAF7}: [NameServer]212.2.96.53 212.2.96.54 FireFox: ======== FF ProfilePath: C:\Users\ROX\AppData\Roaming\Mozilla\Firefox\Profiles\r8fqxv4j.default-1384150058929 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: gamevenus.com/CertifiedBrowser - C:\Users\ROX\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\npCertifiedBrowser.dll (GVU Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-23] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-17] Chrome: ======= CHR HomePage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=DE0E00A0C6000000&affID=125032&tsp=5034 CHR Extension: (avast! Online Security) - C:\Users\ROX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-13] CHR Extension: (Google Wallet) - C:\Users\ROX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02] ==================== Services (Whitelisted) ================= U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-13] (AVAST Software) U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-29] (Intel Corporation) U2 Internet w Cyfrowym Polsacie. RunOuc; C:\Program Files (x86)\Internet w Cyfrowym Polsacie\UpdateDog\ouc.exe [246112 2013-10-15] () U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-29] (Intel Corporation) U2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.) U3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) U2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) U4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) U4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.) U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.) U2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2776256 2013-08-08] (McAfee, Inc.) U2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.) U2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) U3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation) U2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) U2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () U3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) U3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation) U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) U2 YouTubeDownloaderConverter; C:\Users\ROX\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\CertifiedBrowserService.exe [104448 2013-07-02] () U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) ==================== Drivers (Whitelisted) ==================== U2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-22] (AVAST Software) U1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software) U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] () U1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-22] (AVAST Software) U1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-22] (AVAST Software) U3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-22] (AVAST Software) U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-22] () U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-10-23] (Advanced Micro Devices) U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros) U3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros) U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.) U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) U3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) U3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.) U3 mfeapfk01; No ImagePath U3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.) U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.) U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.) U0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.) U3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.) U3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.) U0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.) U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated) U3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) U3 massfilter; system32\drivers\massfilter.sys [x] U3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [x] U3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [x] U3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [x] U3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-22 06:53 - 2014-01-22 06:55 - 00019891 _____ C:\Users\ROX\Downloads\FRST.txt 2014-01-22 06:53 - 2014-01-22 06:53 - 00000000 ____D C:\FRST 2014-01-22 06:52 - 2014-01-22 06:52 - 02077184 _____ (Farbar) C:\Users\ROX\Downloads\FRST64.exe 2014-01-22 06:49 - 2014-01-22 06:49 - 25393424 _____ (Simply Super Software ) C:\Users\ROX\Downloads\Trojan Remover 6.8.8.2623.exe 2014-01-22 06:39 - 2014-01-22 06:39 - 00592032 _____ C:\Users\ROX\Downloads\Trojan Remover 6.8.8.2623_isdmgr.exe 2014-01-22 06:37 - 2014-01-22 06:37 - 00000000 ____D C:\Users\ROX\AppData\Roaming\Malwarebytes 2014-01-22 06:36 - 2014-01-22 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-22 06:36 - 2014-01-22 06:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-22 06:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-22 06:09 - 2014-01-22 06:09 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1390367394 2014-01-22 06:09 - 2014-01-22 06:09 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-22 05:21 - 2010-05-17 15:15 - 00002258 _____ C:\Users\ROX\Downloads\eula.txt 2014-01-22 05:05 - 2014-01-22 05:12 - 00466166 _____ C:\Users\ROX\Downloads\Ginekologiczno poloznicze.rar.part 2014-01-15 20:12 - 2014-01-15 20:12 - 00795189 _____ C:\Users\ROX\Desktop\py.abw 2014-01-15 18:19 - 2014-01-15 18:19 - 00000000 ____D C:\Users\ROX\AppData\Roaming\enchant 2014-01-14 14:05 - 2014-01-16 18:58 - 00000000 ____D C:\Users\ROX\Desktop\Originals 2014-01-05 10:02 - 2014-01-05 10:02 - 00000283 _____ C:\Users\ROX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kosz.lnk ==================== One Month Modified Files and Folders ======= 2014-01-22 06:55 - 2014-01-22 06:53 - 00019891 _____ C:\Users\ROX\Downloads\FRST.txt 2014-01-22 06:54 - 2013-01-17 21:55 - 00000000 ____D C:\ProgramData\MOCP 2014-01-22 06:53 - 2014-01-22 06:53 - 00000000 ____D C:\FRST 2014-01-22 06:52 - 2014-01-22 06:52 - 02077184 _____ (Farbar) C:\Users\ROX\Downloads\FRST64.exe 2014-01-22 06:49 - 2014-01-22 06:49 - 25393424 _____ (Simply Super Software ) C:\Users\ROX\Downloads\Trojan Remover 6.8.8.2623.exe 2014-01-22 06:42 - 2013-07-22 13:22 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-22 06:41 - 2013-07-23 00:37 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-22 06:39 - 2014-01-22 06:39 - 00592032 _____ C:\Users\ROX\Downloads\Trojan Remover 6.8.8.2623_isdmgr.exe 2014-01-22 06:37 - 2014-01-22 06:37 - 00000000 ____D C:\Users\ROX\AppData\Roaming\Malwarebytes 2014-01-22 06:37 - 2014-01-22 06:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-22 06:36 - 2014-01-22 06:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-22 06:09 - 2014-01-22 06:09 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1390367394 2014-01-22 06:09 - 2014-01-22 06:09 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-22 06:09 - 2013-07-23 00:37 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-22 06:09 - 2013-07-23 00:37 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-01-22 06:09 - 2013-07-23 00:37 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-22 06:09 - 2013-07-23 00:37 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys 2014-01-22 06:09 - 2013-07-23 00:37 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-22 06:09 - 2013-07-23 00:37 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-22 06:09 - 2013-07-23 00:37 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-22 06:09 - 2013-01-17 21:26 - 01703735 _____ C:\Windows\WindowsUpdate.log 2014-01-22 06:08 - 2013-07-23 00:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-22 06:05 - 2012-08-03 23:19 - 00794946 _____ C:\Windows\system32\perfh015.dat 2014-01-22 06:05 - 2012-08-03 23:19 - 00159530 _____ C:\Windows\system32\perfc015.dat 2014-01-22 06:05 - 2012-07-26 08:28 - 01793398 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-22 06:02 - 2013-09-02 13:30 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1611734483-3099937677-53973924-1001 2014-01-22 06:00 - 2013-10-10 19:50 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec5e9a1ee4cac.job 2014-01-22 06:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru 2014-01-22 05:56 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-22 05:21 - 2012-07-26 06:26 - 00000219 _____ C:\Windows\system.ini 2014-01-22 05:12 - 2014-01-22 05:05 - 00466166 _____ C:\Users\ROX\Downloads\Ginekologiczno poloznicze.rar.part 2014-01-21 22:18 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2014-01-21 11:05 - 2013-07-26 19:25 - 00000000 ____D C:\Users\ROX\AppData\Local\CrashDumps 2014-01-17 13:55 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2014-01-16 18:58 - 2014-01-14 14:05 - 00000000 ____D C:\Users\ROX\Desktop\Originals 2014-01-16 18:58 - 2013-09-05 16:55 - 00022528 ____H C:\Users\ROX\Desktop\photothumb.db 2014-01-15 20:21 - 2013-10-07 16:32 - 00000000 ____D C:\Users\ROX\AbiSuite 2014-01-15 20:12 - 2014-01-15 20:12 - 00795189 _____ C:\Users\ROX\Desktop\py.abw 2014-01-15 19:02 - 2013-11-03 13:12 - 00000000 ____D C:\Users\ROX\Documents\Licencjat 2014-01-15 18:19 - 2014-01-15 18:19 - 00000000 ____D C:\Users\ROX\AppData\Roaming\enchant 2014-01-14 05:28 - 2013-07-16 15:51 - 00000000 ____D C:\Users\ROX\AppData\Roaming\Atheros 2014-01-13 21:41 - 2013-07-13 18:29 - 00000000 ____D C:\Users\ROX\Documents\Bluetooth Folder 2014-01-13 17:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2014-01-12 08:37 - 2013-08-17 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-05 10:02 - 2014-01-05 10:02 - 00000283 _____ C:\Users\ROX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kosz.lnk 2013-12-24 15:59 - 2013-01-17 21:46 - 00000000 ____D C:\Users\Public\Documents\VAIO Movie Creator Some content of TEMP: ==================== C:\Users\ROX\AppData\Local\Temp\GoogleSetup.exe C:\Users\ROX\AppData\Local\Temp\Quarantine.exe C:\Users\ROX\AppData\Local\Temp\SHSetup.exe C:\Users\ROX\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\ROX\AppData\Local\Temp\uninst1.exe C:\Users\ROX\AppData\Local\Temp\utt7042.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 18:59 ==================== End Of Log ============================