Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 01 Ran by Admin (administrator) on R-720 on 29-04-2014 15:26:34 Running from C:\Users\Admin\Desktop\Diagnostyka\FRST Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Safe Mode (minimal) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup HKLM\...\Run: [Nokia FastStart] => C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2376992 2009-02-26] (Nokia) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1311312 2010-06-26] (Logitech, Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [Copy Handler] => [X] HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [NSU_agent] => C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-26] (AVAST Software) HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\439a1389-41ae-44b8-a4df-3bed8068c53a.exe /check [181136 2014-04-29] (AVAST Software) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2631689147-4000948806-3686541712-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-21] (Google Inc.) HKU\S-1-5-21-2631689147-4000948806-3686541712-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-16] () HKU\S-1-5-21-2631689147-4000948806-3686541712-1000\...\Run: [] => [X] HKU\S-1-5-21-2631689147-4000948806-3686541712-1000\...\MountPoints2: {20f4e3a1-0e95-11df-a8cd-0c6076dcebb6} - F:\setup.exe HKU\S-1-5-21-2631689147-4000948806-3686541712-1000\...\MountPoints2: {bb6378cb-c67c-11e1-b9c6-0c6076dcebb6} - G:\NokiaPCIA_Autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ URLSearchHook: HKCU - (No Name) - {5c81f57f-3cf7-4785-b4ef-11ace31aec4f} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - {614C7A8F-AE70-4A3D-BC76-05E194768672} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - {7E4E3281-DF2A-4CE6-8CBB-14DDEE358EA7} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYPL&apn_uid=6C0554D1-0F58-4BEE-BE84-B75413F5D40D&apn_sauid=5FDCE095-D4B0-4B23-A099-C9C3A6AD6766& BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No File BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {5C81F57F-3CF7-4785-B4EF-11ACE31AEC4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\upywb4bo.default FF SelectedSearchEngine: Google FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @ganymede/WORDS,version=1.0 - C:\Program Files\Ganymede\Plugins\WORDS\NPWORDS.dll (Ganymede Technologies) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPWORDS.dll (Ganymede Technologies) FF Extension: PrivDog - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\upywb4bo.default\Extensions\PrivDog@AdTrustMedia.com [2014-04-03] FF Extension: WebSite Recommendation - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\upywb4bo.default\Extensions\WebSiteRecommendation@weliketheweb.com [2014-03-21] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\upywb4bo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] FF Extension: QuickDrag - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\upywb4bo.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2011-05-05] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-30] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-03-30] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-25] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09] Chrome: ======= CHR HomePage: hxxp://www.google.pl/ CHR RestoreOnStartup: "sync": { "suppress_start" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (National Instruments LabVIEW 8.0 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll No File CHR Plugin: (National Instruments LabVIEW 8.2 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-23] CHR Extension: (Szukaj w Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-23] CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (AT_DJTiesto) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip [2011-04-07] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-23] ========================== Services (Whitelisted) ================= S2 .EsetTrialReset; C:\Windows\system32\regedt32.exe [9216 2009-07-14] (Microsoft Corporation) S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759072 2008-10-09] (ABBYY (BIT Software)) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software) S2 CCFLIC0; C:\Program Files\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe [58928 2007-03-01] (GE Fanuc Automation) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO) S2 iLicenseSvc; C:\Windows\Intellution\iLicenseSvc.exe [471115 2006-09-27] (GE Fanuc Automation Americas, Inc.) S2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-14] (Microsoft Corporation) S2 yksvc; C:\Windows\System32\yk62x86.dll [364544 2009-09-28] (Marvell) S3 Proficy Driver Runtime; C:\Program Files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe [X] ==================== Drivers (Whitelisted) ==================== S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-26] () R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-26] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-26] (AVAST Software) S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-26] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-26] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-26] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2014-04-26] (AVAST Software) S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-26] () S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO) S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.) S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.) S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-03-18] (Logitech, Inc.) S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.) S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) S3 se45bus; C:\Windows\System32\DRIVERS\se45bus.sys [61536 2006-11-30] (MCCI) S3 se45mdfl; C:\Windows\System32\DRIVERS\se45mdfl.sys [9360 2006-11-30] (MCCI) S3 se45mdm; C:\Windows\System32\DRIVERS\se45mdm.sys [97088 2006-11-30] (MCCI) S3 se45mgmt; C:\Windows\System32\DRIVERS\se45mgmt.sys [88624 2006-11-30] (MCCI) S3 se45nd5; C:\Windows\System32\DRIVERS\se45nd5.sys [18704 2006-11-30] (MCCI) S3 se45obex; C:\Windows\System32\DRIVERS\se45obex.sys [86432 2006-11-30] (MCCI) S3 se45unic; C:\Windows\System32\DRIVERS\se45unic.sys [90800 2006-11-30] (MCCI) S1 VD_FileDisk; C:\Windows\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo) S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U2 BHDrvx86; S3 fgddrpob; \??\C:\Users\Admin\AppData\Local\Temp\fgddrpob.sys [X] S4 sptd; System32\Drivers\sptd.sys [X] U3 mbr; \??\C:\Users\Admin\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-29 15:24 - 2014-04-29 15:25 - 00015989 _____ () C:\Users\Admin\Desktop\dds.txt 2014-04-29 15:24 - 2014-04-29 15:25 - 00011477 _____ () C:\Users\Admin\Desktop\attach.txt 2014-04-28 20:23 - 2014-04-28 20:23 - 00380416 _____ () C:\Users\Admin\Desktop\enicjnm2.exe 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 _____ () C:\Users\Admin\Desktop\Shortcut.txt 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-28 20:07 - 2006-11-01 13:06 - 00162616 _____ (Sysinternals - www.sysinternals.com) C:\Windows\RegDelNull.exe 2014-04-28 20:07 - 2006-07-28 08:32 - 00007005 _____ () C:\Windows\Eula.txt 2014-04-28 20:06 - 2014-04-28 20:05 - 00044335 _____ () C:\Users\Admin\Desktop\Regdelnull.zip 2014-04-28 20:02 - 2014-04-28 20:02 - 00065232 _____ (Malwarebytes) C:\Users\Admin\Desktop\regassassin-setup-1.03.exe 2014-04-28 19:35 - 2014-04-28 19:35 - 00000340 _____ () C:\Windows\PFRO.log 2014-04-28 19:33 - 2014-04-28 19:33 - 00522360 _____ (Duplex Secure Ltd.) C:\Users\Admin\Desktop\SPTDinst-v186-x86.exe 2014-04-28 19:21 - 2014-04-28 19:21 - 01049600 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-26 14:08 - 2014-04-29 15:26 - 00000000 ____D () C:\FRST 2014-04-26 13:50 - 2014-04-29 14:38 - 00000448 _____ () C:\Windows\setupact.log 2014-04-26 13:50 - 2014-04-26 13:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-26 13:40 - 2014-04-29 15:05 - 00000000 ____D () C:\Users\Admin\Desktop\Diagnostyka 2014-04-26 12:23 - 2014-04-26 12:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software 2014-04-26 12:14 - 2014-04-26 12:14 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-26 12:14 - 2014-04-26 12:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-26 12:14 - 2014-04-26 12:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-19 12:43 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-19 12:43 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-19 12:43 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-19 12:43 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-19 12:43 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-19 12:43 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-19 12:43 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-19 12:43 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-19 12:43 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-19 12:43 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-19 12:43 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-19 12:43 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-19 12:42 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-19 12:42 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-19 12:42 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-19 12:42 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-19 12:42 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-19 12:42 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-19 12:42 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-19 12:42 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-19 12:42 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-19 12:42 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-19 12:42 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-19 12:42 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-19 12:42 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-19 12:42 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-17 00:11 - 2014-04-17 00:11 - 00000000 ____D () C:\Users\Admin\.hades 2014-04-16 20:02 - 2014-04-16 20:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-16 20:02 - 2014-04-16 20:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-09 15:53 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 15:53 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 15:53 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 15:53 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 15:53 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 15:53 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-02 19:01 - 2014-04-02 19:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\AdTrustMedia 2014-04-02 19:00 - 2014-04-02 19:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Comodo 2014-04-02 18:59 - 2014-04-02 18:59 - 00000000 ____D () C:\ProgramData\Adtrustmedia 2014-04-02 18:58 - 2014-04-02 18:58 - 00000000 ____D () C:\ProgramData\Shared Space 2014-04-02 18:58 - 2014-04-02 18:58 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-04-02 18:57 - 2014-03-25 21:22 - 00284888 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll 2014-04-02 18:57 - 2014-03-25 21:22 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll 2014-03-30 19:38 - 2014-03-30 19:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-04-29 15:26 - 2014-04-26 14:08 - 00000000 ____D () C:\FRST 2014-04-29 15:25 - 2014-04-29 15:24 - 00015989 _____ () C:\Users\Admin\Desktop\dds.txt 2014-04-29 15:25 - 2014-04-29 15:24 - 00011477 _____ () C:\Users\Admin\Desktop\attach.txt 2014-04-29 15:21 - 2012-03-19 21:01 - 01090560 ___SH () C:\Users\Admin\Desktop\Thumbs.db 2014-04-29 15:13 - 2010-01-30 15:32 - 01497754 _____ () C:\Windows\WindowsUpdate.log 2014-04-29 15:12 - 2013-02-16 20:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\PMB Files 2014-04-29 15:06 - 2010-02-21 18:01 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631689147-4000948806-3686541712-1000UA.job 2014-04-29 15:05 - 2014-04-26 13:40 - 00000000 ____D () C:\Users\Admin\Desktop\Diagnostyka 2014-04-29 14:52 - 2010-11-22 23:01 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-29 14:45 - 2009-07-14 06:34 - 00011152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-29 14:45 - 2009-07-14 06:34 - 00011152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-29 14:38 - 2014-04-26 13:50 - 00000448 _____ () C:\Windows\setupact.log 2014-04-29 14:38 - 2010-12-30 21:56 - 08405015 _____ () C:\Windows\TempFile 2014-04-29 14:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-29 07:35 - 2010-11-22 23:01 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 20:38 - 2010-01-30 15:55 - 01694038 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-28 20:38 - 2009-09-30 05:25 - 00748836 _____ () C:\Windows\system32\perfh015.dat 2014-04-28 20:38 - 2009-09-30 05:25 - 00159508 _____ () C:\Windows\system32\perfc015.dat 2014-04-28 20:23 - 2014-04-28 20:23 - 00380416 _____ () C:\Users\Admin\Desktop\enicjnm2.exe 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 _____ () C:\Users\Admin\Desktop\Shortcut.txt 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 _____ () C:\Users\Admin\Desktop\Addition.txt 2014-04-28 20:05 - 2014-04-28 20:06 - 00044335 _____ () C:\Users\Admin\Desktop\Regdelnull.zip 2014-04-28 20:02 - 2014-04-28 20:02 - 00065232 _____ (Malwarebytes) C:\Users\Admin\Desktop\regassassin-setup-1.03.exe 2014-04-28 19:35 - 2014-04-28 19:35 - 00000340 _____ () C:\Windows\PFRO.log 2014-04-28 19:33 - 2014-04-28 19:33 - 00522360 _____ (Duplex Secure Ltd.) C:\Users\Admin\Desktop\SPTDinst-v186-x86.exe 2014-04-28 19:21 - 2014-04-28 19:21 - 01049600 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2014-04-26 14:41 - 2010-03-28 12:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2014-04-26 13:52 - 2009-11-13 21:41 - 00000000 ___RD () C:\Users\Admin\Desktop\Programy 2014-04-26 13:50 - 2014-04-26 13:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-26 13:50 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-26 12:23 - 2014-04-26 12:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software 2014-04-26 12:14 - 2014-04-26 12:14 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-26 12:14 - 2014-04-26 12:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-26 12:14 - 2014-04-26 12:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-26 12:14 - 2013-03-05 11:31 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-26 12:14 - 2013-03-05 11:31 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-26 12:14 - 2012-10-25 18:50 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-26 12:14 - 2012-10-25 18:50 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-26 12:14 - 2012-10-25 18:50 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-26 12:14 - 2012-10-25 18:50 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-26 12:14 - 2012-10-25 18:49 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-26 12:11 - 2012-10-25 18:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-26 12:10 - 2009-07-14 04:04 - 00002577 _____ () C:\Windows\system32\config.nt 2014-04-26 09:32 - 2013-02-16 20:19 - 00000000 ____D () C:\ProgramData\PMB Files 2014-04-25 22:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\config\Journal 2014-04-24 18:50 - 2013-08-10 20:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader 0.9 2014-04-24 16:18 - 2010-02-21 18:01 - 00001006 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631689147-4000948806-3686541712-1000Core.job 2014-04-23 21:16 - 2012-02-20 18:05 - 00000000 ____D () C:\Users\Admin\Desktop\Praca Ania 2014-04-19 14:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-19 13:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-04-17 00:11 - 2014-04-17 00:11 - 00000000 ____D () C:\Users\Admin\.hades 2014-04-17 00:11 - 2010-01-30 15:45 - 00000000 ____D () C:\Users\Admin 2014-04-16 23:12 - 2012-10-05 01:32 - 00607168 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys 2014-04-16 23:12 - 2012-10-05 01:32 - 00092656 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2014-04-16 23:12 - 2012-10-05 01:32 - 00043728 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2014-04-16 23:12 - 2012-10-05 01:32 - 00020072 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2014-04-16 20:02 - 2014-04-16 20:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-16 20:02 - 2014-04-16 20:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-16 20:02 - 2010-02-28 15:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-04-14 18:42 - 2014-03-12 21:39 - 00000000 ____D () C:\Users\Admin\Desktop\Lampa Fazer 2014-04-14 12:39 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-10 11:15 - 2010-01-30 15:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 11:11 - 2013-07-15 11:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 10:56 - 2010-01-31 13:14 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-02 19:01 - 2014-04-02 19:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\AdTrustMedia 2014-04-02 19:00 - 2014-04-02 19:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Comodo 2014-04-02 18:59 - 2014-04-02 18:59 - 00000000 ____D () C:\ProgramData\Adtrustmedia 2014-04-02 18:58 - 2014-04-02 18:58 - 00000000 ____D () C:\ProgramData\Shared Space 2014-04-02 18:58 - 2014-04-02 18:58 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-04-01 11:28 - 2012-05-04 22:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 22:04 - 2013-11-27 18:21 - 00000000 ____D () C:\Users\Admin\Desktop\Ubezpieczenie OC 2014-03-31 17:24 - 2013-10-08 10:59 - 00000000 ___RD () C:\Users\Admin\Desktop\Dokumenty budowa 2014-03-31 09:35 - 2010-02-01 17:44 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-30 19:38 - 2014-03-30 19:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 14:12 ==================== End Of Log ============================