Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by bengrush (administrator) on BENGRUSH2 on 13-03-2014 21:44:02 Running from C:\FRST Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe () C:\Program Files\blueconnect Z\UIExec.exe ( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) D:\Program Files\Picasa2\PicasaMediaDetector.exe () C:\ProgramData\MobileBrServ\mbbservice.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe () C:\Program Files\blueconnect Z\AssistantServices.exe (Data Perceptions / PowerProgrammer) C:\Windows\system32\WebUpdateSvc4.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Users\bengrush\Downloads\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [192512 2007-07-26] (Wistron) HKLM\...\Run: [HFALoader] - C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe [2260480 2012-03-06] (Hamster Soft) HKLM\...\Run: [UIExec] - C:\Program Files\blueconnect Z\UIExec.exe [132608 2009-04-07] () HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software) HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\Run: [Picasa Media Detector] - d:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.) HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\Run: [Facebook Update] - C:\Users\bengrush\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.) HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {11433d84-c2e9-11e2-bb58-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {11433d95-c2e9-11e2-bb58-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {2a012dd6-949e-11e2-8fc4-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {2a012de0-949e-11e2-8fc4-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {2a012dea-949e-11e2-8fc4-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {2a012dec-949e-11e2-8fc4-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {2a012dfa-949e-11e2-8fc4-000ae4cf8709} - H:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {312bdd90-f6a2-11e0-9fd2-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {312bdd94-f6a2-11e0-9fd2-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {6135d62e-b092-11e2-ba45-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {645628b3-bf92-11e1-9969-0016ea48e802} - F:\Install.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {67d66b2a-f684-11e0-9618-0016ea48e802} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {6f8e416e-96ef-11e2-af6d-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {6f8e4171-96ef-11e2-af6d-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {86b23f78-9aec-11e2-8a47-0016ea48e802} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {a1e81f25-9bb8-11e2-9fba-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {c9749674-9c1a-11e2-9e51-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {e07bdaf2-9bb4-11e2-b148-0016ea48e802} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {eb28d93d-9b94-11e2-b269-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {eb67f4e7-542f-11e1-8686-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {f6cfdf5f-97bc-11e2-ac53-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {f6cfdfe5-97bc-11e2-ac53-000ae4cf8709} - F:\AutoRun.exe HKU\S-1-5-21-2424988559-2705854300-922594339-1000\...\MountPoints2: {f6cfdffe-97bc-11e2-ac53-000ae4cf8709} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com URLSearchHook: HKCU - (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\bengrush\AppData\Roaming\Mozilla\Firefox\Profiles\vfxb6nq4.default-1394737357584 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @google.com/npPicasa2,version=2.0.0 - d:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\bengrush\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\blueconnect Z\addon FF Extension: Bytemobile Optimization Client - C:\Program Files\blueconnect Z\addon [2013-04-29] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-13] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-26] (AVAST Software) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233864 2012-09-04] () R2 UI Assistant Service; C:\Program Files\blueconnect Z\AssistantServices.exe [241664 2009-04-07] () R2 WebUpdate4; C:\Windows\system32\WebUpdateSvc4.exe [412776 2013-11-25] (Data Perceptions / PowerProgrammer) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2013-12-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-02-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-13] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-13] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-26] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-23] () R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 Tosrfcom; No ImagePath S3 WinPhlash; \??\C:\WINDOWS\TEMP\WINPHLASH\PHLASHNT.SYS [X] U3 kxlcqpod; \??\C:\Users\bengrush\AppData\Local\Temp\kxlcqpod.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-13 21:33 - 2014-03-13 21:33 - 00032640 _____ () C:\Users\bengrush\Downloads\Extras.Txt 2014-03-13 21:32 - 2014-03-13 21:32 - 00068638 _____ () C:\Users\bengrush\Downloads\OTL.Txt 2014-03-13 20:40 - 2014-02-14 09:21 - 00000426 _____ () C:\AVScanner.ini 2014-03-13 20:24 - 2014-03-13 20:24 - 00707006 _____ () C:\Users\bengrush\Downloads\delfix.exe 2014-03-13 20:23 - 2014-03-13 20:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\bengrush\Downloads\tdsskiller.exe 2014-03-13 20:14 - 2014-03-13 20:14 - 00032961 _____ () C:\Users\bengrush\Downloads\How to Remove Win32 BProtect-D[Trj], Manually Delete Win32 BProtect-D[Trj] Virus.htm 2014-03-13 20:14 - 2014-03-13 20:14 - 00000000 ____D () C:\Users\bengrush\Downloads\How to Remove Win32 BProtect-D[Trj], Manually Delete Win32 BProtect-D[Trj] Virus_pliki 2014-03-13 20:02 - 2014-03-13 20:02 - 00000000 ____D () C:\Users\bengrush\Desktop\Stare dane programu Firefox 2014-03-13 19:57 - 2014-03-13 19:57 - 00000000 ____D () C:\MATS 2014-03-13 19:38 - 2014-03-13 19:46 - 00000000 ____D () C:\AdwCleaner 2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Nowy folder 2014-03-13 19:25 - 2014-03-13 21:44 - 00000000 ____D () C:\FRST 2014-03-08 05:55 - 2014-03-08 05:55 - 279417301 _____ () C:\Windows\MEMORY.DMP 2014-03-03 22:36 - 2014-03-03 22:36 - 00018272 _____ () C:\Users\bengrush\.recently-used.xbel 2014-03-03 22:33 - 2014-03-03 22:33 - 58468575 _____ () C:\Users\bengrush\Downloads\Hulk splecenie.xcf 2014-03-03 22:31 - 2014-03-03 22:31 - 48440087 _____ () C:\Users\bengrush\Downloads\Hulk lekki żar.xcf 2014-03-03 22:30 - 2014-03-03 22:30 - 60738059 _____ () C:\Users\bengrush\Downloads\Hulk kubizm.xcf 2014-03-03 22:28 - 2014-03-03 22:28 - 57345738 _____ () C:\Users\bengrush\Downloads\Hulk 4.xcf 2014-03-03 22:24 - 2014-03-03 22:24 - 02710973 _____ () C:\Users\bengrush\Downloads\Hulk fraktal.xcf 2014-03-03 22:19 - 2014-03-03 22:19 - 02013870 _____ () C:\Users\bengrush\Downloads\Hulk.xcf 2014-02-22 08:32 - 2014-02-22 08:33 - 01050624 _____ (Unity Technologies ApS) C:\Users\bengrush\Downloads\UnityWebPlayer.exe 2014-02-19 05:19 - 2014-02-20 03:42 - 00000000 ____D () C:\PIT Format 2013 2014-02-19 04:58 - 2014-02-19 05:02 - 13733136 _____ (FORMAT Biuro Informatyki Stosowanej ) C:\Users\bengrush\Downloads\Instaluj_PIT_Format_2013.exe 2014-02-15 20:50 - 2014-02-15 20:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-15 03:35 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-15 03:35 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-15 03:35 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-15 03:35 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-15 03:35 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-15 03:35 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-15 03:35 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-15 03:35 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-15 03:35 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-15 03:35 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-15 03:35 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-15 03:35 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-15 03:35 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-15 03:35 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-15 03:35 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-15 03:35 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-15 03:35 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-15 03:34 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-15 03:34 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-15 03:34 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-15 03:34 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-15 03:32 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-14 04:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-14 04:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-14 04:15 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-14 04:15 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-13 21:44 - 2014-03-13 19:25 - 00000000 ____D () C:\FRST 2014-03-13 21:33 - 2014-03-13 21:33 - 00032640 _____ () C:\Users\bengrush\Downloads\Extras.Txt 2014-03-13 21:32 - 2014-03-13 21:32 - 00068638 _____ () C:\Users\bengrush\Downloads\OTL.Txt 2014-03-13 21:28 - 2011-10-14 17:36 - 01061449 _____ () C:\Windows\WindowsUpdate.log 2014-03-13 21:26 - 2013-11-13 16:08 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-13 21:17 - 2012-06-17 12:33 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-13 21:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2014-03-13 20:27 - 2011-11-02 17:17 - 00001090 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2424988559-2705854300-922594339-1000UA.job 2014-03-13 20:26 - 2014-03-13 20:23 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\bengrush\Downloads\tdsskiller.exe 2014-03-13 20:24 - 2014-03-13 20:24 - 00707006 _____ () C:\Users\bengrush\Downloads\delfix.exe 2014-03-13 20:14 - 2014-03-13 20:14 - 00032961 _____ () C:\Users\bengrush\Downloads\How to Remove Win32 BProtect-D[Trj], Manually Delete Win32 BProtect-D[Trj] Virus.htm 2014-03-13 20:14 - 2014-03-13 20:14 - 00000000 ____D () C:\Users\bengrush\Downloads\How to Remove Win32 BProtect-D[Trj], Manually Delete Win32 BProtect-D[Trj] Virus_pliki 2014-03-13 20:02 - 2014-03-13 20:02 - 00000000 ____D () C:\Users\bengrush\Desktop\Stare dane programu Firefox 2014-03-13 19:58 - 2009-07-14 05:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-13 19:58 - 2009-07-14 05:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-13 19:57 - 2014-03-13 19:57 - 00000000 ____D () C:\MATS 2014-03-13 19:51 - 2013-11-13 16:08 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-13 19:51 - 2012-02-27 15:33 - 00053000 _____ () C:\Windows\setupact.log 2014-03-13 19:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-13 19:46 - 2014-03-13 19:38 - 00000000 ____D () C:\AdwCleaner 2014-03-13 19:41 - 2011-10-14 21:16 - 00001122 _____ () C:\Users\bengrush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-13 19:31 - 2014-03-13 19:31 - 00000000 ____D () C:\Nowy folder 2014-03-13 08:53 - 2011-11-02 17:17 - 00001068 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2424988559-2705854300-922594339-1000Core.job 2014-03-12 07:18 - 2012-06-17 12:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 07:18 - 2011-10-15 08:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-08 21:33 - 2014-01-18 10:50 - 00001739 _____ () C:\Windows\system32\WebUpdateSvc4.log 2014-03-08 21:33 - 2014-01-18 10:50 - 00000031 _____ () C:\Windows\WebUpdateSvc4.INI 2014-03-08 05:55 - 2014-03-08 05:55 - 279417301 _____ () C:\Windows\MEMORY.DMP 2014-03-08 05:55 - 2011-10-15 07:42 - 00000000 ____D () C:\Windows\Minidump 2014-03-04 04:14 - 2012-08-15 13:46 - 00000000 ____D () C:\Users\bengrush\.gimp-2.6 2014-03-03 22:36 - 2014-03-03 22:36 - 00018272 _____ () C:\Users\bengrush\.recently-used.xbel 2014-03-03 22:36 - 2012-08-15 13:55 - 00000000 ____D () C:\Users\bengrush\AppData\Roaming\gtk-2.0 2014-03-03 22:36 - 2011-10-14 21:15 - 00000000 ____D () C:\Users\bengrush 2014-03-03 22:33 - 2014-03-03 22:33 - 58468575 _____ () C:\Users\bengrush\Downloads\Hulk splecenie.xcf 2014-03-03 22:31 - 2014-03-03 22:31 - 48440087 _____ () C:\Users\bengrush\Downloads\Hulk lekki żar.xcf 2014-03-03 22:30 - 2014-03-03 22:30 - 60738059 _____ () C:\Users\bengrush\Downloads\Hulk kubizm.xcf 2014-03-03 22:28 - 2014-03-03 22:28 - 57345738 _____ () C:\Users\bengrush\Downloads\Hulk 4.xcf 2014-03-03 22:24 - 2014-03-03 22:24 - 02710973 _____ () C:\Users\bengrush\Downloads\Hulk fraktal.xcf 2014-03-03 22:19 - 2014-03-03 22:19 - 02013870 _____ () C:\Users\bengrush\Downloads\Hulk.xcf 2014-03-03 22:13 - 2011-10-14 17:59 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-03 22:13 - 2009-07-14 09:07 - 00687828 _____ () C:\Windows\system32\perfh015.dat 2014-03-03 22:13 - 2009-07-14 09:07 - 00131382 _____ () C:\Windows\system32\perfc015.dat 2014-02-26 18:31 - 2013-12-02 09:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-22 08:33 - 2014-02-22 08:32 - 01050624 _____ (Unity Technologies ApS) C:\Users\bengrush\Downloads\UnityWebPlayer.exe 2014-02-20 03:42 - 2014-02-19 05:19 - 00000000 ____D () C:\PIT Format 2013 2014-02-19 09:16 - 2008-12-06 14:26 - 00000000 ____D () C:\Priv 2014-02-19 05:02 - 2014-02-19 04:58 - 13733136 _____ (FORMAT Biuro Informatyki Stosowanej ) C:\Users\bengrush\Downloads\Instaluj_PIT_Format_2013.exe 2014-02-18 15:42 - 2013-12-02 06:32 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys 2014-02-15 20:50 - 2014-02-15 20:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-15 06:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-15 03:34 - 2013-07-17 03:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-15 03:33 - 2011-10-15 18:04 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-14 09:21 - 2014-03-13 20:40 - 00000426 _____ () C:\AVScanner.ini Some content of TEMP: ==================== C:\Users\bengrush\AppData\Local\Temp\GLB1A2B.EXE C:\Users\bengrush\AppData\Local\Temp\hfza_update_2_0_1_8_b28062013.exe C:\Users\bengrush\AppData\Local\Temp\ICReinstall_Narzedzie.do.usuwania.zlosliwego.oprogramowania_5.5 (34329).exe C:\Users\bengrush\AppData\Local\Temp\instloffer.exe C:\Users\bengrush\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\bengrush\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\bengrush\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\bengrush\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\bengrush\AppData\Local\Temp\Quarantine.exe C:\Users\bengrush\AppData\Local\Temp\uninst1.exe C:\Users\bengrush\AppData\Local\Temp\wuwinstaller.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 07:56 ==================== End Of Log ============================