Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014 Ran by user (administrator) on USER-KOMPUTER on 07-02-2014 11:47:23 Running from C:\Users\user\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-15] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3168336 2009-11-03] (Dell Inc.) HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Bron-Spizaetus] - C:\Windows\ShellNew\sempalong.exe [42713 2010-12-16] () HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-26] (Dell) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks) HKLM-x32\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe" [42713 ] () <=== ATTENTION HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Run: [Google Update] - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-07] (Google Inc.) HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-16] (Facebook Inc.) HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Run: [Tok-Cirrhatus] - C:\Users\user\AppData\Local\smss.exe [42713 2010-12-16] () HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {003d61bd-0875-11e1-9860-5c260a4ec3f5} - E:\AutoRun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {054396a8-4947-11e3-ac72-5c260a4ec3f5} - E:\Windows\Autorun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {0fe05418-0799-11e1-905a-5c260a4ec3f5} - G:\AutoRun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {0fe05425-0799-11e1-905a-5c260a4ec3f5} - E:\AutoRun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {4717c96c-ec54-11e0-b73f-5c260a4ec3f5} - F:\Setup.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {822bbb58-0bbe-11e2-9333-5c260a4ec3f5} - E:\AutoRun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {a364aaec-af0c-11e2-8dc7-5c260a4ec3f5} - E:\AutoRun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {c5e275e9-41ac-11e3-bf5b-5c260a4ec3f5} - E:\Windows\Autorun.exe HKU\S-1-5-21-1271186975-1988078534-1357833348-1000\...\MountPoints2: {e0c55b40-5ff6-11e2-9c96-5c260a4ec3f5} - E:\LaunchU3.exe -a AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] () AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => File Not Found AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?babsrc=HP_ss&mntrId=7A58CCAF780AE8E1&affID=121962&tsp=4937 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com?searchsource=10&ctid=ct2786678 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.holasearch.com/?babsrc=HP_ss&mntrId=7A58CCAF780AE8E1&affID=121962&tsp=4937 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hitboxskins/{A41B2787-0FB1-4F81-998E-885346E6EFB6} URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbhelper.dll () StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={2034CCF6-3073-4523-9585-C1857512142A} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={2034CCF6-3073-4523-9585-C1857512142A} SearchScopes: HKCU - DefaultScope {82A3B5C1-6CC4-4E6A-8FE3-475F17590621} URL = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=969 SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=7A58CCAF780AE8E1&affID=121962&tsp=4937 SearchScopes: HKCU - {82A3B5C1-6CC4-4E6A-8FE3-475F17590621} URL = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=969 SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hitboxskins/{A41B2787-0FB1-4F81-998E-885346E6EFB6}?q={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={2034CCF6-3073-4523-9585-C1857512142A} BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: holasearch Helper Object - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com) BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.4.3\bh\Softonic.dll (Softonic.com) BHO-x32: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbcore3.dll () Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - DealBulldog Toolbar Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbcore3.dll () Toolbar: HKLM-x32 - Holasearch Toolbar - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=7A58CCAF780AE8E1&affID=121962&tsp=4937 CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: ( "name" : "",) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-07] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-07] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-07] CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\user\AppData\Local\Temp\crxFB05.tmp [2012-05-07] CHR HKLM-x32\...\Chrome\Extension: [clbfjfbnelcflpgpklppgplejolacbej] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2012-05-07] CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\user\AppData\Roaming\BabSolution\CR\hola.crx [2012-05-07] CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-26] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-11-26] CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] () R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [1488136 2009-07-17] (Raxco Software, Inc.) S3 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1485576 2009-07-17] (Raxco Software, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 onda_mx83xup_cdc_acm; C:\Windows\System32\DRIVERS\onda_mx83xup_cdc_acm.sys [80384 2010-05-13] (ONDA) S3 onda_mx83xup_cpo; C:\Windows\System32\DRIVERS\onda_mx83xup_cpo.sys [13824 2010-05-13] (ONDA) R3 onda_mx83xup_dc_enum; C:\Windows\System32\DRIVERS\onda_mx83xup_dc_enum.sys [80384 2010-05-13] (ONDA) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X] U3 kftcaaob; \??\C:\Users\user\AppData\Local\Temp\kftcaaob.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-07 11:47 - 2014-02-07 11:47 - 00021074 _____ () C:\Users\user\Desktop\FRST.txt 2014-02-07 11:46 - 2014-02-07 11:47 - 00000000 ____D () C:\FRST 2014-02-07 11:44 - 2014-02-07 11:44 - 00073732 _____ () C:\Users\user\Desktop\Extras.Txt 2014-02-07 11:43 - 2014-02-07 11:43 - 00111746 _____ () C:\Users\user\Desktop\OTL.Txt 2014-02-07 11:35 - 2014-02-07 11:35 - 00085761 _____ () C:\Users\user\Desktop\skan GMER.txt 2014-02-07 11:35 - 2014-02-07 11:35 - 00085761 _____ () C:\Users\user\Desktop\log GMER.log 2014-02-07 10:54 - 2014-02-07 10:54 - 02079744 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-02-07 10:54 - 2014-02-07 10:54 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe 2014-02-07 10:54 - 2014-02-07 10:54 - 00380416 _____ () C:\Users\user\Desktop\50smlc4r.exe 2014-02-07 10:50 - 2014-02-07 10:50 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\user\Desktop\SPTDinst-v186-x64.exe 2014-02-04 20:53 - 2014-02-04 20:53 - 00012393 _____ () C:\Users\user\AppData\Local\Update.12.Bron.Tok.bin 2014-02-04 01:20 - 2014-02-04 02:02 - 00023451 _____ () C:\Users\user\Desktop\Michał Jurak streszczenie i temat pracy.odt 2014-02-04 01:20 - 2014-02-04 02:02 - 00000124 ____H () C:\Users\user\Desktop\.~lock.Michał Jurak streszczenie i temat pracy.odt# 2014-01-31 14:10 - 2014-01-31 14:10 - 00008845 _____ () C:\Users\user\Downloads\The_Necessary_Death_of_Charlie_Countryman_2013_720p_BluRay_x264_YIFY_mp4.torrent 2014-01-31 14:10 - 2014-01-31 14:10 - 00008845 _____ () C:\Users\user\Downloads\The_Necessary_Death_of_Charlie_Countryman_2013_720p_BluRay_x264_YIFY_mp4 (1).torrent 2014-01-28 18:52 - 2014-01-28 18:52 - 00000000 ____D () C:\Users\user\Desktop\inz 2014-01-12 23:40 - 2014-01-12 23:40 - 00000000 ____D () C:\Users\user\AppData\Local\{17045928-7BAF-4FD1-890B-6C7469979BC4} ==================== One Month Modified Files and Folders ======= 2014-02-07 11:47 - 2014-02-07 11:47 - 00021074 _____ () C:\Users\user\Desktop\FRST.txt 2014-02-07 11:47 - 2014-02-07 11:46 - 00000000 ____D () C:\FRST 2014-02-07 11:44 - 2014-02-07 11:44 - 00073732 _____ () C:\Users\user\Desktop\Extras.Txt 2014-02-07 11:43 - 2014-02-07 11:43 - 00111746 _____ () C:\Users\user\Desktop\OTL.Txt 2014-02-07 11:37 - 2012-05-07 16:01 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1271186975-1988078534-1357833348-1000UA.job 2014-02-07 11:35 - 2014-02-07 11:35 - 00085761 _____ () C:\Users\user\Desktop\skan GMER.txt 2014-02-07 11:35 - 2014-02-07 11:35 - 00085761 _____ () C:\Users\user\Desktop\log GMER.log 2014-02-07 11:00 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-07 11:00 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-07 10:57 - 2012-01-16 22:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-02-07 10:57 - 2011-06-21 01:18 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-02-07 10:56 - 2009-07-14 06:10 - 01233526 _____ () C:\Windows\WindowsUpdate.log 2014-02-07 10:54 - 2014-02-07 10:54 - 02079744 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-02-07 10:54 - 2014-02-07 10:54 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe 2014-02-07 10:54 - 2014-02-07 10:54 - 00380416 _____ () C:\Users\user\Desktop\50smlc4r.exe 2014-02-07 10:52 - 2012-09-19 07:46 - 00150202 _____ () C:\Windows\PFRO.log 2014-02-07 10:52 - 2012-09-18 19:00 - 00070327 _____ () C:\Windows\setupact.log 2014-02-07 10:52 - 2011-08-29 12:58 - 00000000 ____D () C:\Users\user\AppData\Local\SoftThinks 2014-02-07 10:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-07 10:50 - 2014-02-07 10:50 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\user\Desktop\SPTDinst-v186-x64.exe 2014-02-07 10:49 - 2011-10-01 18:44 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Toolbar 2014-02-04 20:53 - 2014-02-04 20:53 - 00012393 _____ () C:\Users\user\AppData\Local\Update.12.Bron.Tok.bin 2014-02-04 02:02 - 2014-02-04 01:20 - 00023451 _____ () C:\Users\user\Desktop\Michał Jurak streszczenie i temat pracy.odt 2014-02-04 02:02 - 2014-02-04 01:20 - 00000124 ____H () C:\Users\user\Desktop\.~lock.Michał Jurak streszczenie i temat pracy.odt# 2014-02-04 02:02 - 2011-09-24 20:59 - 30883840 ___SH () C:\Users\user\Desktop\Thumbs.db 2014-02-02 21:05 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-31 14:58 - 2011-09-24 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent 2014-01-31 14:10 - 2014-01-31 14:10 - 00008845 _____ () C:\Users\user\Downloads\The_Necessary_Death_of_Charlie_Countryman_2013_720p_BluRay_x264_YIFY_mp4.torrent 2014-01-31 14:10 - 2014-01-31 14:10 - 00008845 _____ () C:\Users\user\Downloads\The_Necessary_Death_of_Charlie_Countryman_2013_720p_BluRay_x264_YIFY_mp4 (1).torrent 2014-01-31 14:08 - 2012-09-11 19:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-01-31 12:16 - 2013-10-16 20:11 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1271186975-1988078534-1357833348-1000UA.job 2014-01-30 21:35 - 2013-10-16 20:11 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1271186975-1988078534-1357833348-1000Core.job 2014-01-30 20:37 - 2012-05-07 16:01 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1271186975-1988078534-1357833348-1000Core.job 2014-01-30 19:55 - 2013-09-03 23:28 - 00000000 ____D () C:\Users\user\Desktop\ZDJĘCIA 2013 2014-01-30 19:55 - 2009-07-14 18:55 - 00738386 _____ () C:\Windows\system32\perfh015.dat 2014-01-30 19:55 - 2009-07-14 18:55 - 00154784 _____ () C:\Windows\system32\perfc015.dat 2014-01-30 19:55 - 2009-07-14 06:13 - 01663912 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-01-28 19:09 - 2011-09-10 15:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\SoftGrid Client 2014-01-28 18:52 - 2014-01-28 18:52 - 00000000 ____D () C:\Users\user\Desktop\inz 2014-01-16 00:12 - 2013-01-19 10:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\AIMP3 2014-01-12 23:40 - 2014-01-12 23:40 - 00000000 ____D () C:\Users\user\AppData\Local\{17045928-7BAF-4FD1-890B-6C7469979BC4} 2014-01-12 23:33 - 2012-07-18 18:09 - 00000000 ____D () C:\Users\user\Desktop\Foldery PULPIT 2014-01-12 02:33 - 2013-02-19 17:02 - 00000000 ____D () C:\Users\user\Desktop\PULPIT 2014-01-09 02:10 - 2013-10-16 02:32 - 00000000 ____D () C:\Users\user\Desktop\Nowy folder Files to move or delete: ==================== C:\Users\user\jagex_cl_runescape_LIVE.dat C:\Users\user\random.dat Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\06rl1fji.dll C:\Users\user\AppData\Local\Temp\0yl3r9ic.dll C:\Users\user\AppData\Local\Temp\1ibm0qmp.dll C:\Users\user\AppData\Local\Temp\2pqsjevu.dll C:\Users\user\AppData\Local\Temp\2tjodfar.dll C:\Users\user\AppData\Local\Temp\3chgctfq.dll C:\Users\user\AppData\Local\Temp\6idprymk.dll C:\Users\user\AppData\Local\Temp\AskSLib.dll C:\Users\user\AppData\Local\Temp\av8zea66.dll C:\Users\user\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\user\AppData\Local\Temp\bj_vgzoy.dll C:\Users\user\AppData\Local\Temp\ct4youco.dll C:\Users\user\AppData\Local\Temp\cuf_oa-3.dll C:\Users\user\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\user\AppData\Local\Temp\gcnvbsiw.dll C:\Users\user\AppData\Local\Temp\gg10.upgr.exe C:\Users\user\AppData\Local\Temp\gruhctw5.dll C:\Users\user\AppData\Local\Temp\ieso6sjz.dll C:\Users\user\AppData\Local\Temp\instalacja_flasha.exe C:\Users\user\AppData\Local\Temp\ivkxcr6i.dll C:\Users\user\AppData\Local\Temp\iwiicsdz.dll C:\Users\user\AppData\Local\Temp\jr3mojru.dll C:\Users\user\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\knkgsp-6.dll C:\Users\user\AppData\Local\Temp\m-ejmdyc.dll C:\Users\user\AppData\Local\Temp\pi_dddec.dll C:\Users\user\AppData\Local\Temp\ResetDevice.exe C:\Users\user\AppData\Local\Temp\SIMEEI2Installer.exe C:\Users\user\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\user\AppData\Local\Temp\SkypeSetup.exe C:\Users\user\AppData\Local\Temp\somoto-master.exe C:\Users\user\AppData\Local\Temp\sonarinst.exe C:\Users\user\AppData\Local\Temp\tbMyAs.dll C:\Users\user\AppData\Local\Temp\TB_7536.exe C:\Users\user\AppData\Local\Temp\twpzcc72.dll C:\Users\user\AppData\Local\Temp\vroxfhdx.dll C:\Users\user\AppData\Local\Temp\vrphkfdt.dll C:\Users\user\AppData\Local\Temp\x37od47h.dll C:\Users\user\AppData\Local\Temp\ycbzpuja.dll C:\Users\user\AppData\Local\Temp\ymxnxrty.dll C:\Users\user\AppData\Local\Temp\yrjz4qfk.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-29 23:56 ==================== End Of Log ============================