Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by BCOOL (administrator) on BCOOL-KOMPUTER on 16-05-2014 12:58:30 Running from C:\Users\BCOOL\Desktop\Testy Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DataCardService\HWDeviceService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (OldTimer Tools) C:\Users\BCOOL\Desktop\Testy\OTL.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-25] (Creative Technology Ltd) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-29] (Google Inc.) HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\MountPoints2: {2afd779c-db6c-11e3-93ac-b8ac6f56db80} - F:\AutoRun.exe HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\MountPoints2: {5eebb42d-f481-11e2-8c77-b8ac6f56db80} - F:\AutoRun.exe HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\MountPoints2: {5eebb465-f481-11e2-8c77-b8ac6f56db80} - F:\AutoRun.exe HKU\S-1-5-21-2687357822-3326142187-1778711074-1000\...\MountPoints2: {603facc1-4478-11e3-b4a5-b8ac6f56db80} - G:\LGAutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - B41DEC8ABA3B49179A802C5BB3A40F79 URL = http://www.delta-search.com/?q={searchTerms}&affID=119649&babsrc=SP_ss&mntrId=5611f8ee000000000000f07bcb1001e1 SearchScopes: HKCU - {5BB7AE73-6880-4897-B10A-56A547BEDB7A} URL = SearchScopes: HKCU - {F40534FA-5051-49AB-A59B-D8E340F3E368} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=C6C3CF60-B410-4111-9578-4CBFEED673B3&apn_sauid=B6E07424-9BB5-4A52-83CC-91C992B85C9C BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No File BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/bph/SignActivX.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{0685FAAC-77F5-4704-99C3-86DE5E5152C2}: [NameServer]193.41.112.18 193.41.112.14 Tcpip\..\Interfaces\{B6B39464-16D6-45A8-9202-517C3BCC2AFF}: [NameServer]193.41.112.14 193.41.112.18 FireFox: ======== FF ProfilePath: C:\Users\BCOOL\AppData\Roaming\Mozilla\Firefox\Profiles\700ezx4g.default FF NewTab: about:newtab FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/firefox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Speed Links - C:\Users\BCOOL\AppData\Roaming\Mozilla\Firefox\Profiles\700ezx4g.default\Extensions\ff@speedlinks.com [2013-11-13] FF Extension: BPH Sign Plugin - C:\Users\BCOOL\AppData\Roaming\Mozilla\Firefox\Profiles\700ezx4g.default\Extensions\SignPlugin@bph.pl [2013-02-03] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-28] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-14] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-14] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (SpeedLinks) - C:\Users\BCOOL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgadamablafjjibemejidcnjmlpbhaob [2013-10-19] CHR Extension: (Skype Click to Call) - C:\Users\BCOOL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-28] CHR Extension: (Google Wallet) - C:\Users\BCOOL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02] ==================== Services (Whitelisted) ================= R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-04] () R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-03-17] (Glarysoft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 12:56 - 2014-05-16 12:58 - 00000000 ____D () C:\FRST 2014-05-16 12:42 - 2014-05-16 12:58 - 00000000 ____D () C:\Users\BCOOL\Desktop\Testy 2014-05-16 11:28 - 2014-05-16 11:28 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-05-14 15:43 - 2014-05-14 15:43 - 00001049 _____ () C:\Users\Public\Desktop\PLAY ONLINE.lnk 2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\PLAY ONLINE 2014-05-14 15:27 - 2014-05-14 15:30 - 00000000 ____D () C:\AdwCleaner 2014-05-14 15:12 - 2014-05-14 15:23 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-05-13 15:16 - 2014-05-16 12:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-13 15:15 - 2014-05-13 15:15 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-13 15:15 - 2014-05-13 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-13 15:15 - 2014-05-13 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-13 15:15 - 2014-05-13 15:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-13 15:15 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-13 15:15 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-13 15:15 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-12 13:50 - 2014-05-16 11:27 - 00000000 ____D () C:\Aqq 2014-05-04 19:43 - 2014-05-04 19:43 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-03 22:52 - 2014-04-29 18:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 22:52 - 2014-04-29 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 22:52 - 2014-04-29 16:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 22:52 - 2014-04-29 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-22 10:03 - 2014-04-22 10:03 - 02956800 _____ () C:\Users\BCOOL\Downloads\tacybylismy.pps ==================== One Month Modified Files and Folders ======= 2014-05-16 12:58 - 2014-05-16 12:56 - 00000000 ____D () C:\FRST 2014-05-16 12:58 - 2014-05-16 12:42 - 00000000 ____D () C:\Users\BCOOL\Desktop\Testy 2014-05-16 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-05-16 12:49 - 2014-05-13 15:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 12:46 - 2009-08-14 04:50 - 00740688 _____ () C:\Windows\system32\perfh015.dat 2014-05-16 12:46 - 2009-08-14 04:50 - 00156230 _____ () C:\Windows\system32\perfc015.dat 2014-05-16 12:46 - 2009-07-14 07:13 - 01670590 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 12:46 - 2009-07-14 06:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-16 12:46 - 2009-07-14 06:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-16 12:38 - 2010-03-13 20:44 - 01796663 _____ () C:\Windows\WindowsUpdate.log 2014-05-16 12:34 - 2012-11-26 18:36 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-16 12:18 - 2014-03-29 12:00 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job 2014-05-16 12:18 - 2010-07-05 19:14 - 00000000 ____D () C:\Users\BCOOL\AppData\Roaming\Skype 2014-05-16 12:17 - 2014-04-03 18:36 - 00000000 ____D () C:\PIT Format 2013 2014-05-16 12:17 - 2010-06-29 20:03 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-16 12:15 - 2014-03-29 12:15 - 00007008 _____ () C:\Windows\setupact.log 2014-05-16 12:15 - 2012-10-04 18:11 - 00196608 _____ () C:\Windows\system32\Ikeext.etl 2014-05-16 12:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-16 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-16 11:28 - 2014-05-16 11:28 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-05-16 11:28 - 2010-03-14 02:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-16 11:28 - 2010-01-17 00:29 - 00000000 ____D () C:\DELL 2014-05-16 11:27 - 2014-05-12 13:50 - 00000000 ____D () C:\Aqq 2014-05-16 11:09 - 2010-06-29 20:03 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-14 15:43 - 2014-05-14 15:43 - 00001049 _____ () C:\Users\Public\Desktop\PLAY ONLINE.lnk 2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\PLAY ONLINE 2014-05-14 15:32 - 2014-03-29 17:01 - 00269372 _____ () C:\Windows\PFRO.log 2014-05-14 15:30 - 2014-05-14 15:27 - 00000000 ____D () C:\AdwCleaner 2014-05-14 15:23 - 2014-05-14 15:12 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-05-14 15:09 - 2010-06-30 20:25 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-05-13 15:15 - 2014-05-13 15:15 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-13 15:15 - 2014-05-13 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-13 15:15 - 2014-05-13 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-13 15:15 - 2014-05-13 15:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-13 14:56 - 2012-07-10 13:35 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-13 13:02 - 2014-03-29 18:20 - 00000000 ____D () C:\Users\BCOOL\AppData\Roaming\IrfanView 2014-05-13 13:02 - 2011-05-14 18:13 - 00000000 ____D () C:\ProgramData\HP 2014-05-13 13:02 - 2010-06-28 19:06 - 00000000 ____D () C:\Users\BCOOL 2014-05-13 13:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-05-13 12:38 - 2014-03-29 12:00 - 00000000 ____D () C:\Users\BCOOL\AppData\Roaming\DiskDefrag 2014-05-05 08:32 - 2014-03-29 11:59 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4 2014-05-04 21:47 - 2010-06-29 18:50 - 00000000 ____D () C:\Bridge Base Online 2014-05-04 19:43 - 2014-05-04 19:43 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-29 20:34 - 2012-11-26 18:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 20:34 - 2012-11-26 18:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 20:34 - 2012-11-26 18:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 18:00 - 2014-05-03 22:52 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 17:24 - 2014-05-03 22:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 16:47 - 2014-05-03 22:52 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 16:14 - 2014-05-03 22:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-25 16:12 - 2010-09-30 17:30 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-22 10:03 - 2014-04-22 10:03 - 02956800 _____ () C:\Users\BCOOL\Downloads\tacybylismy.pps 2014-04-18 10:48 - 2011-07-06 18:48 - 00000000 ____D () C:\Users\BCOOL\Documents\Moje skanowanie 2014-04-16 13:19 - 2010-09-24 19:39 - 00000000 ____D () C:\Users\BCOOL\AppData\Roaming\Gmail Notifier Some content of TEMP: ==================== C:\Users\BCOOL\AppData\Local\Temp\nsfEC67.exe C:\Users\BCOOL\AppData\Local\Temp\nsw2752.exe C:\Users\BCOOL\AppData\Local\Temp\nszBDF5.exe C:\Users\BCOOL\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-13 16:51 ==================== End Of Log ============================