Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Dorota (administrator) on DOROTA-KOMPUTER on 17-03-2014 11:46:51 Running from F:\ Microsoft Windows 7 Starter (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe (Microsoft Corporation) C:\windows\System32\lpksetup.exe () C:\Windows\System32\AsusService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files\Common Files\Protexis\License Service\PSIService.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe () C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\APRP\aprp.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\AsusVibe\AsusVibe2.0.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (InstallShield Software Corporation) c:\program files\common files\installshield\updateservice\isuspm.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.) HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.) HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.) HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS) HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] () HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe [689488 2010-06-07] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-12] (Realtek Semiconductor) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-11-22] (ASUSTek Computer Inc.) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1576152 2013-09-24] (COMODO) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\Run: [Akamai NetSession Interface] - "C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [740216 2012-02-22] (BitTorrent, Inc.) HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {374bf2da-c7bf-11e0-aeca-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {374bf2e0-c7bf-11e0-aeca-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {374bf2eb-c7bf-11e0-aeca-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {43dae5e2-ce66-11e0-b503-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {5f9ca67b-ae3b-11e0-8849-74f06dc04d37} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {8b2a62f3-b0b9-11e0-95c3-74f06dc04d37} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {8b2a6322-b0b9-11e0-95c3-74f06dc04d37} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {8f025260-c7ef-11e0-b565-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {95ccaec4-79b8-11e1-9a61-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {95ccaecc-79b8-11e1-9a61-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {95ccaf13-79b8-11e1-9a61-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {a79769ff-ad5e-11e0-9bb1-74f06dc04d37} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {c5149a41-7b60-11e1-b265-74f06dc04d37} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {d37b3442-24ef-11e1-b574-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {d6e75b1c-c94a-11e0-b5c4-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {d6e75b60-c94a-11e0-b5c4-bcaec5422fba} - H:\SETUP.EXE HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {d8635bec-24db-11e2-950d-74f06dc04d37} - E:\SETUP.EXE HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {d9bff80e-a963-11e0-8357-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {d9bff816-a963-11e0-8357-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {ff316259-c402-11e0-b5e5-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {ff316266-c402-11e0-b5e5-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {ff316271-c402-11e0-b5e5-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {ff31627c-c402-11e0-b5e5-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {ff316285-c402-11e0-b5e5-bcaec5422fba} - E:\AutoRun.exe HKU\S-1-5-21-1336589905-3049532162-246508826-1000\...\MountPoints2: {ff3162ad-c402-11e0-b5e5-bcaec5422fba} - E:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=121845&tt=110413_www&babsrc=HP_ss&mntrId=A26ABCAEC5422FBA HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=ST9250315AS_6VCLNJBN____6VCLNJBN&ts=1351928687 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=ST9250315AS_6VCLNJBN____6VCLNJBN&ts=1351928687 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=18&barid={0EC081FB-EC51-48D3-8B77-4F513A1ABC94} SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10025&barid={0EC081FB-EC51-48D3-8B77-4F513A1ABC94} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10025&barid={0EC081FB-EC51-48D3-8B77-4F513A1ABC94} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&tt=110413_www&babsrc=SP_ss&mntrId=A26ABCAEC5422FBA SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {AFD8275B-53D8-4B1A-BD9C-C911369EFFF0} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=DC19B8EE-57A7-4CE4-99A9-B3250FE12DB1&apn_sauid=BB1B4BF3-18C8-4F87-8ADA-9DD159CB572B SearchScopes: HKCU - {DD82E7B2-34C6-4440-8155-904CF75CB662} URL = http://search.softonic.com/INF00040/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=807 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10025&barid={0EC081FB-EC51-48D3-8B77-4F513A1ABC94} BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3F03D768-9AD7-4703-AE2B-5B2F9918A413}: [NameServer]156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{6DC0FE04-4FB0-4022-8B05-399E8FDB2780}: [NameServer]156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\vm9oc0ra.default FF user.js: detected! => C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\vm9oc0ra.default\user.js FF NewTab: hxxp://home.sweetim.com/?src=97&barid={0EC081FB-EC51-48D3-8B77-4F513A1ABC94} FF SearchEngineOrder.1: Delta Search FF Homepage: https://www.google.pl/ FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={0EC081FB-EC51-48D3-8B77-4F513A1ABC94}&src=2&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\vm9oc0ra.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16] FF Extension: Bitdefender QuickScan - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\vm9oc0ra.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-10-27] FF Extension: Plug-in by Integra Software - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\vm9oc0ra.default\Extensions\integra@integra.com.pl.xpi [2012-02-06] FF Extension: Iplex to ALLPlayer - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\vm9oc0ra.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2012-07-30] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-05] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-05] ========================== Services (Whitelisted) ================= R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4831680 2013-09-24] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [131288 2013-09-24] (COMODO) R2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X] ==================== Drivers (Whitelisted) ==================== R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] () S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.) R1 cmderd; C:\windows\System32\DRIVERS\cmderd.sys [20072 2013-09-24] (COMODO) R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [582936 2013-09-24] (COMODO) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R2 tmactmon; C:\windows\System32\DRIVERS\tmactmon.sys [57872 2010-02-08] (Trend Micro Inc.) R2 tmcomm; C:\windows\System32\DRIVERS\tmcomm.sys [169488 2010-02-08] (Trend Micro Inc.) R2 tmevtmgr; C:\windows\System32\DRIVERS\tmevtmgr.sys [53264 2010-02-08] (Trend Micro Inc.) R1 tmtdi; C:\windows\System32\DRIVERS\tmtdi.sys [83344 2009-11-23] (Trend Micro Inc.) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 12:41 - 2010-11-20 13:40 - 00383786 __RSH () C:\bootmgr 2014-03-17 11:46 - 2014-03-17 11:46 - 00000000 ____D () C:\FRST 2014-03-08 17:53 - 2014-03-08 17:53 - 00000000 ____D () C:\Users\Dorota\Desktop\Angry.Birds.v2.0.0.cracked.READ.NFO-THETA 2014-03-08 17:50 - 2014-03-08 17:50 - 00000000 ____D () C:\Users\Dorota\Desktop\Angry Birds 6in1 123Special v2 Full Version 2014-03-08 17:49 - 2014-03-08 17:49 - 00000000 ____D () C:\Users\Dorota\Desktop\Angry Birds All Games Collection [English][PC][ACTUALIZADOS][P2P][WwW.GamesTorrents.CoM] ==================== One Month Modified Files and Folders ======= 2030-01-01 12:41 - 2009-07-14 05:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG 2030-01-01 12:41 - 2009-07-14 05:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template 2014-03-17 20:41 - 2014-01-06 18:46 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-03-17 20:41 - 2013-12-21 02:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-17 20:41 - 2013-12-15 15:54 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth 2014-03-17 20:41 - 2012-09-12 06:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-17 20:41 - 2011-08-05 16:22 - 00000000 ____D () C:\ProgramData\Protexis 2014-03-17 20:41 - 2011-05-31 14:37 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\Skype 2014-03-17 20:41 - 2011-04-26 08:12 - 00000000 ____D () C:\Users\Dorota\Desktop\Nowy folder (2) 2014-03-17 20:41 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\wfp 2014-03-17 20:41 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\registration 2014-03-17 20:41 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\AppCompat 2014-03-17 11:46 - 2014-03-17 11:46 - 00000000 ____D () C:\FRST 2014-03-17 11:45 - 2011-07-12 09:39 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\uTorrent 2014-03-17 11:44 - 2013-04-17 18:22 - 00022768 _____ () C:\windows\setupact.log 2014-03-17 11:44 - 2012-12-27 14:36 - 00016384 _____ () C:\windows\system32\Ikeext.etl 2014-03-17 11:44 - 2011-03-17 16:57 - 00000000 ____D () C:\Users\Dorota 2014-03-17 11:44 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-09 19:46 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing 2014-03-08 17:53 - 2014-03-08 17:53 - 00000000 ____D () C:\Users\Dorota\Desktop\Angry.Birds.v2.0.0.cracked.READ.NFO-THETA 2014-03-08 17:50 - 2014-03-08 17:50 - 00000000 ____D () C:\Users\Dorota\Desktop\Angry Birds 6in1 123Special v2 Full Version 2014-03-08 17:49 - 2014-03-08 17:49 - 00000000 ____D () C:\Users\Dorota\Desktop\Angry Birds All Games Collection [English][PC][ACTUALIZADOS][P2P][WwW.GamesTorrents.CoM] Some content of TEMP: ==================== C:\Users\Dorota\AppData\Local\Temp\ai6j3mzb.dll C:\Users\Dorota\AppData\Local\Temp\down.11516.EzDownloader_setup.exe C:\Users\Dorota\AppData\Local\Temp\down.11516.OptimizerProInstaller.exe C:\Users\Dorota\AppData\Local\Temp\down.11516.web_assistant_v2.exe C:\Users\Dorota\AppData\Local\Temp\gg10.upgr.exe C:\Users\Dorota\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Dorota\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Dorota\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\wininit.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-22 13:57 ==================== End Of Log ============================