Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by R7 biuro (administrator) on R7biuro on 04-06-2014 13:02:26 Running from C:\Users\R7 biuro\Desktop\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\Tor\tor.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (OldTimer Tools) C:\Users\R7 biuro\Desktop\Downloads\OTL.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Config.Msi\1f2ea5.rbf (Microsoft Corporation) C:\Users\R7 biuro\AppData\Local\Temp\ose00000.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: {8428cfc0-4a7b-11e2-87a3-00a0c6000000} - E:\HPLauncher.exe HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: {8428cfd3-4a7b-11e2-87a3-00a0c6000000} - I:\SETUP.EXE HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: {93783d46-da7b-11e3-8c3f-dc0ea1aa814f} - F:\AutoRun.exe HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: {b1d9d07e-033a-11e2-9136-dc0ea1aa814f} - E:\MicroLauncher.exe HKU\S-1-5-21-4128592131-3967665229-3376849950-1001\...\MountPoints2: {b1d9d1cf-033a-11e2-9136-dc0ea1aa814f} - E:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com SearchScopes: HKCU - {C8AA8733-E2A8-4A24-B310-E080F4A82AA2} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0F8DFCDE-7068-4FDF-BF8A-D83F1B4589A2&apn_sauid=F2C7074C-06FB-4172-9C22-7262644CFA38 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default FF Homepage: https://poczta.nazwa.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Personas Plus - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\personas@christopher.beard [2013-10-25] FF Extension: Pink-bee - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\pink-bee@loic.com [2013-11-22] FF Extension: No Name - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\staged [2013-10-25] FF Extension: Personas Plus - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\personas@christopher.beard.xpi [2013-10-25] FF Extension: Pink-bee - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\pink-bee@loic.com.xpi [2012-10-04] FF Extension: Silvermel and Charamel XT - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\silvermelxt@pardal.de.xpi [2012-10-04] FF Extension: Charamel - C:\Users\R7 biuro\AppData\Roaming\Mozilla\Firefox\Profiles\efgn2uhy.default\Extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi [2012-10-04] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03] Chrome: ======= CHR HomePage: CHR Extension: (Dokumenty Google) - C:\Users\R7 biuro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04] CHR Extension: (Google Wallet) - C:\Users\R7 biuro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04] ==================== Services (Whitelisted) ================= R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation) R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-10] () S2 fmd; C:\Program Files\FileMedicAV\bin\fmd.exe [X] ==================== Drivers (Whitelisted) ==================== R1 FmAvMFD; C:\Windows\System32\DRIVERS\fmavmfd.sys [25200 2012-11-28] (FileMedic Sp. z o.o.) S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] U4 WMCoreService; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\FRST 2014-06-04 12:47 - 2014-06-04 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-04 12:47 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-04 12:47 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-04 12:47 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-04 12:47 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-04 12:46 - 2014-06-04 12:47 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-04 12:43 - 2014-06-04 12:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-04 12:43 - 2014-06-04 12:43 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-06-04 12:24 - 2014-06-04 12:24 - 00000824 _____ () C:\Windows\PFRO.log 2014-06-04 12:24 - 2014-06-04 12:24 - 00000056 _____ () C:\Windows\setupact.log 2014-06-04 12:24 - 2014-06-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-04 12:11 - 2014-06-04 12:11 - 00029566 _____ () C:\Users\R7 biuro\Documents\cc_20140604_121141.reg 2014-06-04 12:02 - 2014-06-04 12:02 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-04 12:02 - 2014-06-04 12:02 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-06-04 12:02 - 2014-06-04 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-04 12:02 - 2014-06-04 12:02 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-04 11:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-04 11:54 - 2014-06-04 11:54 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-04 11:54 - 2014-06-04 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-04 11:53 - 2014-06-04 12:58 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-04 11:53 - 2014-06-04 12:25 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-04 11:53 - 2014-06-04 11:53 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-04 11:53 - 2014-06-04 11:53 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-04 11:52 - 2014-06-04 11:53 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\Deployment 2014-06-04 11:52 - 2014-06-04 11:52 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\Apps\2.0 2014-06-04 11:48 - 2014-06-04 12:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-04 11:48 - 2014-06-04 11:48 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-04 11:48 - 2014-06-04 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-04 11:48 - 2014-06-04 11:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-04 11:48 - 2014-06-04 11:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-04 11:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-04 11:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-04 11:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-04 11:33 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-06-04 11:33 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-06-04 11:33 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-06-04 11:33 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-06-04 11:33 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-06-04 11:33 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-06-04 11:33 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-06-04 11:33 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-06-04 11:33 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-06-04 11:33 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-06-04 11:33 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-06-04 11:23 - 2014-06-04 11:24 - 00000000 ____D () C:\Windows\pss 2014-06-04 11:22 - 2014-06-04 11:22 - 00001081 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\VS Revo Group 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-06-04 11:22 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2014-06-03 11:13 - 2014-06-03 11:13 - 06103040 _____ () C:\Program Files (x86)\GUTA94A.tmp 2014-06-03 11:13 - 2014-06-03 11:13 - 00000000 ____D () C:\Program Files (x86)\GUMA91A.tmp 2014-05-22 10:40 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-22 10:40 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-22 10:40 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-22 10:40 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-22 10:40 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-22 10:40 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-20 10:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-20 10:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-20 10:44 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-20 10:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-13 10:59 - 2014-05-13 10:59 - 00001099 _____ () C:\Users\Public\Desktop\Broadband to go.lnk 2014-05-13 10:59 - 2014-05-13 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadband to go 2014-05-13 10:59 - 2009-02-17 20:40 - 00132608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-05-13 10:59 - 2008-12-30 11:59 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-05-13 10:59 - 2008-12-13 11:28 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-05-13 10:59 - 2008-04-14 09:36 - 00691712 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2014-05-13 10:59 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-05-13 10:58 - 2014-05-13 10:59 - 00000000 ____D () C:\Program Files (x86)\Broadband to go 2014-05-06 16:50 - 2014-05-22 16:02 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\FRST 2014-06-04 13:02 - 2012-10-26 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-04 13:02 - 2012-09-20 10:46 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\Temp 2014-06-04 13:02 - 2012-04-17 05:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-06-04 13:02 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\ShellNew 2014-06-04 13:01 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-06-04 13:00 - 2012-09-20 04:58 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-06-04 13:00 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini 2014-06-04 12:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-06-04 12:58 - 2014-06-04 11:53 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-04 12:58 - 2014-02-27 09:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-04 12:47 - 2014-06-04 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-04 12:47 - 2014-06-04 12:46 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-04 12:47 - 2013-02-11 17:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-04 12:44 - 2012-04-17 05:40 - 01833565 _____ () C:\Windows\WindowsUpdate.log 2014-06-04 12:43 - 2014-06-04 12:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-04 12:43 - 2014-06-04 12:43 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-06-04 12:42 - 2012-03-28 07:40 - 00000000 ____D () C:\ProgramData\Adobe 2014-06-04 12:42 - 2012-03-28 07:40 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-06-04 12:33 - 2012-03-28 07:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2014-06-04 12:33 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-04 12:33 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-04 12:32 - 2012-03-28 06:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-04 12:29 - 2012-09-26 15:46 - 00000000 ____D () C:\Program Files (x86)\HP 2014-06-04 12:28 - 2012-09-26 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-06-04 12:27 - 2014-02-27 09:34 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-04 12:25 - 2014-06-04 11:53 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-04 12:24 - 2014-06-04 12:24 - 00000824 _____ () C:\Windows\PFRO.log 2014-06-04 12:24 - 2014-06-04 12:24 - 00000056 _____ () C:\Windows\setupact.log 2014-06-04 12:24 - 2014-06-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-04 12:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-04 12:23 - 2012-09-20 04:58 - 00000000 ____D () C:\Users\R7 biuro\AppData\Roaming\SoftGrid Client 2014-06-04 12:23 - 2012-03-28 07:38 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker 2014-06-04 12:18 - 2012-03-28 06:54 - 00000000 ____D () C:\Program Files (x86)\Acer Games 2014-06-04 12:17 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-04 12:16 - 2012-03-28 06:53 - 00000000 ____D () C:\ProgramData\WildTangent 2014-06-04 12:11 - 2014-06-04 12:11 - 00029566 _____ () C:\Users\R7 biuro\Documents\cc_20140604_121141.reg 2014-06-04 12:08 - 2013-02-12 13:01 - 00000000 ____D () C:\Windows\Minidump 2014-06-04 12:08 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-06-04 12:02 - 2014-06-04 12:02 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-04 12:02 - 2014-06-04 12:02 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-06-04 12:02 - 2014-06-04 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-04 12:02 - 2014-06-04 12:02 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-04 12:01 - 2014-06-04 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-04 11:58 - 2009-07-14 06:45 - 00420680 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-04 11:57 - 2012-03-28 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2014-06-04 11:57 - 2012-03-28 07:22 - 00000000 ____D () C:\Program Files (x86)\Acer 2014-06-04 11:54 - 2014-06-04 11:54 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-04 11:54 - 2014-06-04 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-04 11:54 - 2012-09-20 05:13 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\Google 2014-06-04 11:54 - 2012-09-20 05:13 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-04 11:53 - 2014-06-04 11:53 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-04 11:53 - 2014-06-04 11:53 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-04 11:53 - 2014-06-04 11:52 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\Deployment 2014-06-04 11:52 - 2014-06-04 11:52 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\Apps\2.0 2014-06-04 11:48 - 2014-06-04 11:48 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-04 11:48 - 2014-06-04 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-04 11:48 - 2014-06-04 11:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-04 11:48 - 2014-06-04 11:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-04 11:45 - 2012-09-20 10:47 - 00109680 _____ () C:\Users\R7 biuro\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 11:41 - 2012-03-28 07:43 - 00000000 ____D () C:\ProgramData\BackupManager 2014-06-04 11:26 - 2012-09-20 05:13 - 00000000 ____D () C:\Program Files\Google 2014-06-04 11:24 - 2014-06-04 11:23 - 00000000 ____D () C:\Windows\pss 2014-06-04 11:24 - 2012-11-28 15:44 - 00000000 ____D () C:\Program Files\FileMedicAV 2014-06-04 11:24 - 2012-09-20 04:50 - 00000000 ___RD () C:\Users\R7 biuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-04 11:22 - 2014-06-04 11:22 - 00001081 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\VS Revo Group 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-06-04 11:22 - 2014-06-04 11:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-06-04 11:19 - 2012-09-20 05:13 - 00000000 ____D () C:\ProgramData\Google 2014-06-04 11:14 - 2012-11-28 15:44 - 00000000 ____D () C:\ProgramData\FileMedic 2014-06-04 11:01 - 2014-05-03 19:59 - 00000000 ____D () C:\Users\R7 biuro\AppData\Roaming\DropboxMaster 2014-06-04 11:01 - 2012-11-26 10:08 - 00000000 ___RD () C:\Users\R7 biuro\Dropbox 2014-06-04 11:01 - 2012-11-26 10:07 - 00000000 ____D () C:\Users\R7 biuro\AppData\Roaming\Dropbox 2014-06-04 10:57 - 2014-05-04 16:35 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-06-04 10:53 - 2014-05-04 16:35 - 00000000 ____D () C:\Users\R7 biuro\Documents\Anti-Malware 2014-06-03 11:15 - 2012-11-28 10:09 - 00001980 _____ () C:\Windows\wininit.ini 2014-06-03 11:15 - 2012-11-26 10:07 - 00000000 ____D () C:\Users\R7 biuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-06-03 11:13 - 2014-06-03 11:13 - 06103040 _____ () C:\Program Files (x86)\GUTA94A.tmp 2014-06-03 11:13 - 2014-06-03 11:13 - 00000000 ____D () C:\Program Files (x86)\GUMA91A.tmp 2014-05-29 10:35 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-22 16:15 - 2012-09-20 04:50 - 00000000 ___RD () C:\Users\R7 biuro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-22 16:02 - 2014-05-06 16:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-20 17:08 - 2012-04-17 06:29 - 00741140 _____ () C:\Windows\system32\perfh015.dat 2014-05-20 17:08 - 2012-04-17 06:29 - 00156424 _____ () C:\Windows\system32\perfc015.dat 2014-05-20 17:08 - 2009-07-14 07:13 - 01672142 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-20 16:12 - 2012-09-27 11:43 - 00000000 ____D () C:\Users\R7 biuro\Documents\Moje skanowanie 2014-05-20 14:00 - 2014-02-27 09:34 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-20 14:00 - 2012-03-28 07:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-20 14:00 - 2012-03-28 07:46 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 10:59 - 2014-05-13 10:59 - 00001099 _____ () C:\Users\Public\Desktop\Broadband to go.lnk 2014-05-13 10:59 - 2014-05-13 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadband to go 2014-05-13 10:59 - 2014-05-13 10:58 - 00000000 ____D () C:\Program Files (x86)\Broadband to go 2014-05-12 07:26 - 2014-06-04 11:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-04 11:48 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-04 11:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-09 08:14 - 2014-05-20 10:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-20 10:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-07 15:02 - 2014-06-04 12:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-07 14:59 - 2014-06-04 12:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-07 14:59 - 2014-06-04 12:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-07 14:58 - 2014-06-04 12:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-06 14:26 - 2012-09-20 10:47 - 00000000 ____D () C:\Users\R7 biuro\AppData\Local\VirtualStore 2014-05-06 06:40 - 2014-05-22 10:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-22 10:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-22 10:40 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-22 10:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-22 10:40 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-22 10:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\R7 biuro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdnzwmm.dll C:\Users\R7 biuro\AppData\Local\Temp\DseShExt-x64.dll C:\Users\R7 biuro\AppData\Local\Temp\DseShExt-x86.dll C:\Users\R7 biuro\AppData\Local\Temp\ose00000.exe C:\Users\R7 biuro\AppData\Local\Temp\Quarantine.exe C:\Users\R7 biuro\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\R7 biuro\AppData\Local\Temp\SDShelEx-x64.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-14 12:50 ==================== End Of Log ============================