Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014 Ran by anna (administrator) on VAIO on 18-02-2014 11:26:18 Running from C:\Users\anna\Desktop Windows 8 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\FindRight\updateFindRight.exe () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-20] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://vaioportal.sony.eu HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX&q={searchTerms} SearchScopes: HKCU - {C45484F9-A871-4A96-850E-A5EEA00D914A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightbho.dll (FindRight) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default FF user.js: detected! => C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\user.js FF Homepage: https://www.google.pl/ FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml FF Extension: No Name - C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\Extensions\1392662223_xpi [2014-02-17] FF Extension: Extension_Protected - C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17] FF Extension: Lightning Speed Dial - C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\Extensions\lightningnewtab@gmail.com.xpi [2014-02-17] FF Extension: FindRight - C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-17] FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\extensions\lightningnewtab@gmail.com.xpi FF Extension: Lightning Speed Dial - C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jhfm5icr.default\extensions\lightningnewtab@gmail.com.xpi [2014-02-17] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-14] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-page.com/?type=sc&ts=1392662215&from=cor&uid=HitachiXHTS545050A7E380_130427TM85434925G87LX ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-10] (Advanced Micro Devices, Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.) R2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.) R2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2776256 2013-08-08] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [80672 2014-02-14] () R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [80672 2014-02-17] () S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-17] (Cherished Technololgy LIMITED) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-11-12] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.) U3 mfeapfk01; No ImagePath R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-10-23] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-18 11:26 - 2014-02-18 11:26 - 00019433 _____ () C:\Users\anna\Desktop\FRST.txt 2014-02-18 11:25 - 2014-02-18 11:26 - 00000000 ____D () C:\FRST 2014-02-18 11:20 - 2014-02-18 11:20 - 00112496 _____ () C:\Users\anna\Desktop\OTL.Txt 2014-02-18 11:20 - 2014-02-18 11:20 - 00064626 _____ () C:\Users\anna\Desktop\Extras.Txt 2014-02-18 11:05 - 2014-02-18 11:05 - 02152448 _____ (Farbar) C:\Users\anna\Desktop\FRST64.exe 2014-02-18 10:58 - 2014-02-18 10:58 - 00602112 _____ (OldTimer Tools) C:\Users\anna\Desktop\OTL.com 2014-02-17 20:26 - 2014-02-17 20:26 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-17 20:26 - 2014-02-17 20:26 - 00000000 ____D () C:\Users\anna\AppData\Roaming\Malwarebytes 2014-02-17 20:26 - 2014-02-17 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-17 20:26 - 2014-02-17 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 20:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-17 19:41 - 2014-02-17 19:41 - 00000000 ____D () C:\Users\anna\AppData\Local\Skype 2014-02-17 19:40 - 2014-02-17 19:46 - 00000000 ____D () C:\Users\anna\AppData\Roaming\Skype 2014-02-17 19:40 - 2014-02-17 19:40 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-17 19:40 - 2014-02-17 19:40 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-17 19:40 - 2014-02-17 19:40 - 00000000 ____D () C:\ProgramData\Skype 2014-02-17 19:38 - 2014-02-17 20:42 - 00000000 ____D () C:\Program Files (x86)\FindRight 2014-02-17 19:38 - 2014-02-17 19:38 - 00000000 ____D () C:\ProgramData\WPM 2014-02-17 19:37 - 2014-02-17 19:37 - 00000000 ____D () C:\Users\anna\AppData\Roaming\sweet-page 2014-02-17 19:20 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2014-02-17 18:43 - 2014-02-17 19:37 - 00001367 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-17 18:43 - 2014-02-17 18:45 - 00000000 ____D () C:\Users\anna\AppData\Roaming\Mozilla 2014-02-17 18:43 - 2014-02-17 18:45 - 00000000 ____D () C:\Users\anna\AppData\Local\Mozilla 2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-15 19:45 - 2014-02-15 19:46 - 00278376 _____ () C:\Windows\Minidump\021514-871047-01.dmp 2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Windows\Minidump 2014-02-15 19:31 - 2014-02-15 19:31 - 505945578 _____ () C:\Windows\MEMORY.DMP 2014-02-09 21:55 - 2014-02-09 22:00 - 00000000 ____D () C:\Users\anna\Desktop\MUZYKA ==================== One Month Modified Files and Folders ======= 2014-02-18 11:26 - 2014-02-18 11:26 - 00019433 _____ () C:\Users\anna\Desktop\FRST.txt 2014-02-18 11:26 - 2014-02-18 11:25 - 00000000 ____D () C:\FRST 2014-02-18 11:25 - 2013-05-14 17:21 - 00000000 ____D () C:\ProgramData\MOCP 2014-02-18 11:22 - 2013-11-11 00:48 - 00116224 ___SH () C:\Users\anna\Desktop\Thumbs.db 2014-02-18 11:20 - 2014-02-18 11:20 - 00112496 _____ () C:\Users\anna\Desktop\OTL.Txt 2014-02-18 11:20 - 2014-02-18 11:20 - 00064626 _____ () C:\Users\anna\Desktop\Extras.Txt 2014-02-18 11:05 - 2014-02-18 11:05 - 02152448 _____ (Farbar) C:\Users\anna\Desktop\FRST64.exe 2014-02-18 10:58 - 2014-02-18 10:58 - 00602112 _____ (OldTimer Tools) C:\Users\anna\Desktop\OTL.com 2014-02-18 10:58 - 2013-05-14 16:46 - 01293389 _____ () C:\Windows\WindowsUpdate.log 2014-02-18 10:04 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache 2014-02-18 10:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2014-02-18 08:54 - 2013-10-13 20:30 - 00000000 ____D () C:\Users\anna 2014-02-18 08:51 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-17 21:39 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-02-17 20:42 - 2014-02-17 19:38 - 00000000 ____D () C:\Program Files (x86)\FindRight 2014-02-17 20:26 - 2014-02-17 20:26 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-17 20:26 - 2014-02-17 20:26 - 00000000 ____D () C:\Users\anna\AppData\Roaming\Malwarebytes 2014-02-17 20:26 - 2014-02-17 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-17 20:26 - 2014-02-17 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 19:50 - 2012-08-03 22:06 - 00009818 _____ () C:\Windows\PFRO.log 2014-02-17 19:46 - 2014-02-17 19:40 - 00000000 ____D () C:\Users\anna\AppData\Roaming\Skype 2014-02-17 19:42 - 2013-05-14 16:50 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2014-02-17 19:41 - 2014-02-17 19:41 - 00000000 ____D () C:\Users\anna\AppData\Local\Skype 2014-02-17 19:40 - 2014-02-17 19:40 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-17 19:40 - 2014-02-17 19:40 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-17 19:40 - 2014-02-17 19:40 - 00000000 ____D () C:\ProgramData\Skype 2014-02-17 19:38 - 2014-02-17 19:38 - 00000000 ____D () C:\ProgramData\WPM 2014-02-17 19:37 - 2014-02-17 19:37 - 00000000 ____D () C:\Users\anna\AppData\Roaming\sweet-page 2014-02-17 19:37 - 2014-02-17 18:43 - 00001367 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-17 19:37 - 2013-10-13 20:39 - 00001670 _____ () C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-17 19:14 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-02-17 19:13 - 2013-05-14 16:50 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-02-17 19:11 - 2013-05-14 16:50 - 00000000 ____D () C:\ProgramData\McAfee 2014-02-17 19:01 - 2013-10-13 20:42 - 00000000 ____D () C:\Users\anna\AppData\Local\CrashDumps 2014-02-17 18:45 - 2014-02-17 18:43 - 00000000 ____D () C:\Users\anna\AppData\Roaming\Mozilla 2014-02-17 18:45 - 2014-02-17 18:43 - 00000000 ____D () C:\Users\anna\AppData\Local\Mozilla 2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-15 20:41 - 2012-08-03 23:19 - 00794946 _____ () C:\Windows\system32\perfh015.dat 2014-02-15 20:41 - 2012-08-03 23:19 - 00159530 _____ () C:\Windows\system32\perfc015.dat 2014-02-15 20:41 - 2012-08-03 23:12 - 00440762 _____ () C:\Windows\system32\perfh014.dat 2014-02-15 20:41 - 2012-08-03 23:12 - 00076914 _____ () C:\Windows\system32\perfc014.dat 2014-02-15 20:41 - 2012-08-03 23:05 - 00730544 _____ () C:\Windows\system32\perfh00E.dat 2014-02-15 20:41 - 2012-08-03 23:05 - 00174018 _____ () C:\Windows\system32\perfc00E.dat 2014-02-15 20:41 - 2012-08-03 22:59 - 00426314 _____ () C:\Windows\system32\perfh00B.dat 2014-02-15 20:41 - 2012-08-03 22:59 - 00081450 _____ () C:\Windows\system32\perfc00B.dat 2014-02-15 20:41 - 2012-08-03 22:52 - 00541792 _____ () C:\Windows\system32\perfh008.dat 2014-02-15 20:41 - 2012-08-03 22:52 - 00088858 _____ () C:\Windows\system32\perfc008.dat 2014-02-15 20:41 - 2012-07-26 08:28 - 04343750 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-15 20:36 - 2012-07-26 08:21 - 00027661 _____ () C:\Windows\setupact.log 2014-02-15 19:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-02-15 19:46 - 2014-02-15 19:45 - 00278376 _____ () C:\Windows\Minidump\021514-871047-01.dmp 2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Windows\Minidump 2014-02-15 19:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore 2014-02-15 19:33 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-02-15 19:31 - 2014-02-15 19:31 - 505945578 _____ () C:\Windows\MEMORY.DMP 2014-02-09 22:05 - 2013-10-13 20:59 - 00000000 ____D () C:\Users\anna\Desktop\FILMY 2014-02-09 22:00 - 2014-02-09 21:55 - 00000000 ____D () C:\Users\anna\Desktop\MUZYKA ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-18 04:33 ==================== End Of Log ============================