Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02 ([color=red]ATTENTION: ====> FRST version is 97 days old and could be outdated[/color]) Ran by Vicky (administrator) on INSPIRON on 04-06-2014 01:52:16 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE (NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE (Microsoft Corporation) C:\WINDOWS\SYSTEM32\WLANEXT.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corp.) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (SoftThinks - Dell) C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (SoftThinks - Dell) C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE (Intel Corporation) C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\PROGRAM FILES\DELLTPAD\APOINT.EXE (Dell Inc.) C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE (Microsoft Corporation) C:\WINDOWS\SYSTEM32\STIKYNOT.EXE (Microsoft Corporation) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE (Creative Technology Ltd) C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE (Renesas Electronics Corporation) C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Sun Microsystems, Inc.) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE (APN) C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE () C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE () C:\USERS\VICKY\APPDATA\LOCAL\TEMP\_MEI39322\BIN\WINLOGON.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVSHADOW.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWEBGRD.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\MEDIASRV.EXE (Alps Electric Co., Ltd.) C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE (Alps Electric Co., Ltd.) C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE (Alps Electric Co., Ltd.) C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVCENTER.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE (Nero AG) C:\PROGRAM FILES (X86)\NERO\UPDATE\NASVC.EXE (NVIDIA Corporation) C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATUS\DAEMONU.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE (OldTimer Tools) F:\OTL.EXE (Farbar) F:\FRST64_WWW.INSTALKI.PL.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.) HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-22] (NVIDIA Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation) HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-30] () HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.) HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-30] () HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-15] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\Run: [ALLUpdate] - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2995712 2013-07-19] (ALLPlayer Group Ltd.) HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\Run: [HEXelon MAX] - "C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe" /auto HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\Run: [RESTART_STICKY_NOTES] - C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\Run: [pwo7] - C:\Users\Vicky\AppData\Roaming\pwo7\svchost.exe [8164139 2014-06-03] () HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\MountPoints2: {84bdcd5c-065e-11e2-94ce-ac728955c296} - F:\LaunchU3.exe -a HKU\S-1-5-21-767868679-2717527556-2569949838-1001\...\MountPoints2: {9f5891b1-f3a4-11e2-9c19-ac728955c296} - F:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation) Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-767868679-2717527556-2569949838-1000\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=136 URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940 FF DefaultSearchEngine: Wikipedia (pl) FF SearchEngineOrder.1: Ask Search FF SelectedSearchEngine: Wikipedia (pl) FF Homepage: hxxp://www.realmadrid.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\searchplugins\ask-search.xml FF SearchPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\searchplugins\babylon.xml FF Extension: Iplex to ALLPlayer - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\Extensions\IplextoALL@ALLPlayer.org [2013-08-13] FF Extension: Block site - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-10] FF Extension: Iplex to ALLPlayer - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\Extensions\IplextoALL@ALLPlayer.org.xpi [2013-01-06] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF Extension: Adblock Plus - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\wzkajayf.default-1347978085940\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-18] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-15] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-15] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-15] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148664 2012-06-21] (Crawler.com) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-21] (Avira Operations GmbH & Co. KG) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2012-08-26] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-04 00:29 - 2014-06-04 01:52 - 00000000 ____D () C:\FRST 2014-06-03 21:29 - 2014-06-04 01:45 - 00000000 ___HD () C:\Users\Vicky\AppData\Roaming\pwo7 2014-05-28 19:14 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-28 19:14 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-28 19:14 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-28 19:13 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-28 19:13 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-28 19:13 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-24 18:27 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-24 18:27 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-24 18:27 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-24 18:27 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-24 18:27 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-24 18:27 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-24 18:27 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-24 18:27 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-24 18:27 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-24 18:26 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-24 18:26 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-24 18:26 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-24 18:26 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-24 18:26 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-24 18:26 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-24 18:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-24 18:26 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-24 18:26 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-24 18:26 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-24 18:26 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-24 18:26 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-24 18:26 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-24 18:26 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-24 18:26 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-24 18:26 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-24 18:26 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-24 18:26 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-24 18:26 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-24 18:26 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-24 18:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-24 18:26 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-24 18:12 - 2014-05-24 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-24 18:03 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-24 18:03 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-24 17:28 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-24 17:28 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-07 22:35 - 2014-05-25 08:32 - 00000000 ___SD () C:\windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-04 01:52 - 2014-06-04 00:29 - 00000000 ____D () C:\FRST 2014-06-04 01:45 - 2014-06-03 21:29 - 00000000 ___HD () C:\Users\Vicky\AppData\Roaming\pwo7 2014-06-04 01:39 - 2012-10-03 16:10 - 00000000 ____D () C:\Program Files (x86)\English Translator 3 2014-06-04 01:30 - 2013-03-11 19:13 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-04 01:27 - 2011-08-27 19:20 - 01237785 _____ () C:\windows\WindowsUpdate.log 2014-06-04 01:23 - 2009-07-14 06:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-04 01:23 - 2009-07-14 06:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-04 01:15 - 2011-08-27 20:41 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-06-04 01:15 - 2011-08-27 20:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-06-04 01:15 - 2011-08-27 20:30 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-06-04 01:14 - 2014-02-24 12:13 - 00009036 _____ () C:\windows\setupact.log 2014-06-04 01:14 - 2011-08-27 19:47 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-04 01:14 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-03 22:30 - 2012-08-22 16:11 - 00000000 ____D () C:\Users\Vicky 2014-06-03 22:29 - 2012-08-26 20:06 - 00000000 ____D () C:\ProgramData\Spyware Terminator 2014-06-03 22:21 - 2011-08-27 22:12 - 00740672 _____ () C:\windows\system32\perfh015.dat 2014-06-03 22:21 - 2011-08-27 22:12 - 00156214 _____ () C:\windows\system32\perfc015.dat 2014-06-03 22:21 - 2009-07-14 07:13 - 01670518 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-02 14:19 - 2013-06-01 17:29 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask 2014-05-28 11:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-27 10:03 - 2013-07-15 13:37 - 00000000 ____D () C:\windows\system32\MRT 2014-05-27 10:01 - 2012-09-09 17:44 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-25 08:35 - 2012-08-22 16:15 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-25 08:35 - 2012-08-22 16:15 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-25 08:34 - 2012-08-22 16:43 - 00000640 __RSH () C:\Users\Vicky\ntuser.pol 2014-05-25 08:32 - 2014-05-07 22:35 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-24 19:06 - 2013-03-11 19:13 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-24 19:05 - 2013-03-11 19:13 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-24 19:05 - 2013-03-11 19:13 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-24 18:22 - 2012-08-22 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-24 18:12 - 2014-05-24 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-18 17:53 - 2012-08-30 18:15 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-05-18 12:32 - 2012-08-23 18:43 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-09 08:14 - 2014-05-24 17:28 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-24 17:28 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-06 18:46 - 2014-03-11 20:27 - 00000000 ____D () C:\Users\Vicky\AppData\Local\CTSounds 2014-05-06 06:40 - 2014-05-28 19:14 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-28 19:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-28 19:13 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-28 19:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-28 19:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-28 19:14 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Vicky\AppData\Local\Temp\avgnt.exe C:\Users\Vicky\AppData\Local\Temp\DeskMetrics.dll C:\Users\Vicky\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-24 18:27] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-02 15:46 ==================== End Of Log ============================