Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014 Ran by CONSTANSGC (administrator) on CONSTANSGC-PC on 18-09-2014 17:28:08 Running from C:\Users\CONSTANSGC\Desktop Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (COMODO) C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: H - H:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {3537ee49-4d12-11e2-854f-001b38c54d76} - G:\Setup.exe HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {38f5a474-8988-11e1-bf77-001b38c54d76} - G:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {38f5a47a-8988-11e1-bf77-001b38c54d76} - G:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {38f5a488-8988-11e1-bf77-001b38c54d76} - G:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {3a63dbee-b898-11e1-a719-001b38c54d76} - G:\Setup.exe HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {3f79360e-f6f6-11e2-b46a-001e101f859f} - G:\AutoRun.exe HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {3f79361c-f6f6-11e2-b46a-001b38faa751} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {40c3c753-f7bd-11e2-9ae8-806e6f6e6963} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {6a4e7ff4-8948-11e1-947e-001b38c54d76} - G:\AutoRun.exe HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {6a4e8009-8948-11e1-947e-001b38c54d76} - G:\AutoRun.exe HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {e2da90fa-898e-11e1-add2-001b38c54d76} - G:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-1175997802-332614115-1566058861-1006\...\MountPoints2: {f58d9eec-7455-11e3-ade8-001b38faa751} - G:\iStudio.exe AppInit_DLLs: C:\Windows\system32\guard32.dll => C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO) Startup: C:\Users\CONSTANSGC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://multifelicja.allianz.pl/prodFelicja/LogujOperatora BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\CONSTANSGC\AppData\Roaming\Mozilla\Firefox\Profiles\4qmf6659.default FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Free Memory - C:\Users\CONSTANSGC\AppData\Roaming\Mozilla\Firefox\Profiles\4qmf6659.default\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2014-02-12] FF Extension: Password Exporter - C:\Users\CONSTANSGC\AppData\Roaming\Mozilla\Firefox\Profiles\4qmf6659.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-05-17] FF Extension: Adblock Plus - C:\Users\CONSTANSGC\AppData\Roaming\Mozilla\Firefox\Profiles\4qmf6659.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-11] ========================== Services (Whitelisted) ================= R2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1052472 2011-11-23] (COMODO) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO) S2 CoreScanner; C:\Program Files\Motorola Scanner\Common\CoreScanner.exe [217088 2011-06-13] (Motorola Solutions, Inc.) [File not signed] S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-06-05] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 lxddCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.) S2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.) S2 MSSQL$TITUSPLUSSQL; c:\Program Files\Microsoft SQL Server\MSSQL10_50.TITUSPLUSSQL\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed] S2 rsmdriverproviderservice; C:\Program Files\Motorola Scanner\Common\RSMDriverProviderService.exe [61440 2011-06-13] (Motorola Solutions, Inc.) [File not signed] S2 ScnSrvc; C:\Program Files\Motorola Scanner\Common\ScannerService.exe [176128 2011-06-13] (Motorola Solutions, Inc.) [File not signed] S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S4 SQLAgent$TITUSPLUSSQL; c:\Program Files\Microsoft SQL Server\MSSQL10_50.TITUSPLUSSQL\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation) S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed] S2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-07-14] (Vodafone) [File not signed] ==================== Drivers (Whitelisted) ==================== R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [42264 2012-11-08] (COMODO) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [159232 2007-02-22] (Conexant Systems Inc.) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [710144 2009-03-03] (Ralink Technology Corp.) S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [88704 2008-05-07] (Philips Applied Technologies) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed] S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation) S3 SPC1030; C:\Windows\System32\DRIVERS\spc1030.sys [3035776 2008-06-11] () R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software) U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [33512 2014-09-18] () R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [80000 2010-09-01] (Vodafone) S3 vodafone_zte_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys [67968 2011-05-20] (Vodafone) S3 vodafone_zte_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys [32768 2011-05-20] (Vodafone) S3 vodafone_zte_cpo; C:\Windows\System32\DRIVERS\vodafone_zte_cpo.sys [9984 2011-05-20] (Vodafone) S3 vodafone_zte_ecm_enum; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys [47488 2011-05-20] (Vodafone) S3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [47488 2011-05-20] (Vodafone) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] U4 eabfiltr; S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] U3 awddafod; \??\C:\Users\CONSTA~1\AppData\Local\Temp\awddafod.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4 C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\System32\DRIVERS\athrusb.sys 465293FD9F2E31A18C5B64A7A578D601 C:\Windows\System32\DRIVERS\b57nd60x.sys 8E287EB3A52FD30C999482C576F4A61B C:\Windows\System32\DRIVERS\bcmwl6.sys CF6A67C90951E3E763D2135DEDE44B85 C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys B1564976D98E91FC764D5DC28A0297DA C:\Windows\System32\DRIVERS\bridge.sys B1564976D98E91FC764D5DC28A0297DA C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BthEnum.sys A820438255F37AB8BAA2BD59753A8D81 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys B8C3D9DDF85FD197C3E5F849FEF71144 C:\Windows\System32\Drivers\BTHport.sys 4A74BBB2B6761789F42A6613479BDB1D C:\Windows\System32\Drivers\BTHUSB.sys 1A407F9B707A06F55AA150F9AA072B09 C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56 C:\Windows\System32\DRIVERS\cmderd.sys CCF9B580E0A8D4EB9A1378B6728AFD86 C:\Windows\System32\DRIVERS\cmdguard.sys 623C7421D76860837CE0643950A117E7 C:\Windows\System32\DRIVERS\cmdhlp.sys 5A6ED5F670CD80EC338A94A8A08EC7F1 C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8 C:\Windows\System32\drivers\CHDRT32.sys B6E7991E3D6146C04C85CD31AF22A381 C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA C:\Windows\System32\DRIVERS\e100b325.sys 5C940A174DFB2C42B9F6BA6EDC2BAA0B C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 57C171EA22F0A7F068FCB0CAEDD1E8E7 C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 61A973F60E94A551BA7B15F3460444FB C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8 C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0 C:\Windows\System32\DRIVERS\cpqbttn.sys 93AEE3434935FC2F805FEFD8DC5ED1B4 C:\Windows\System32\drivers\CHDART.sys 07EEE11D6E2B78122E17DB3878B4C687 C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HpqKbFiltr.sys 1210960FF8928950D2A786895B0C424A C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785 C:\Windows\System32\DRIVERS\HSX_DPV.sys 1882827F41DEE51C70E24C567C35BFB5 C:\Windows\System32\DRIVERS\HSXHWAZL.sys A44DDF3BA83E4664BF4DE9220097578C C:\Windows\System32\drivers\HTTP.sys ABBC72793F1C588B1A7DB0CAC69A4FE8 C:\Windows\System32\DRIVERS\ew_jubusenum.sys 2AEB89AEAC08ECD23FC0DA3EB4330A29 C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\System32\DRIVERS\igdkmd32.sys BBACE0293B73BF8C7CB591F2D06F26FA C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdkmd32.sys BBACE0293B73BF8C7CB591F2D06F26FA C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\inspect.sys CE3034F551E06F7A290DA4D8DF29246E C:\Windows\System32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7 C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\System32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7 C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\System32\DRIVERS\netr28u.sys C64E8EF4C6322B09B6EE570A8BA41E26 C:\Windows\System32\DRIVERS\NETw4v32.sys 25ACCCFC33DD448B9D3037C5E439E830 C:\Windows\System32\DRIVERS\NETw5v32.sys 8DE67BD902095A13329FD82C85A1FA09 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\ccdcmb.sys F6C40E0A565EE3CE5AEEB325E10054F2 C:\Windows\System32\drivers\ccdcmbo.sys 2A394E9E1FA3565E4B2FEA470FFE4D6B C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pccsmcfd.sys F451DCACBAA67F3307305EBD4A39EA07 C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\System32\DRIVERS\pciide.sys 3B1901E401473E03EB8C874271E50C26 C:\Windows\System32\DRIVERS\pcmcia.sys 3BB2244F343B610C29C98035504C9B75 C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\phaudlwr.sys 427E58B9357FBA0FDCEC08F3930A7325 C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\System32\Drivers\PxHelp20.sys FEFFCFDC528764A04C8ED63D5FA6E711 C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\DRIVERS\rfcomm.sys 7EC90C316177BA3F1BCE92005264B447 C:\Windows\System32\DRIVERS\RsFx0103.sys FD692C6FFADE58F7C4C3C3C9A0EC35BD C:\Windows\System32\DRIVERS\RsFx0151.sys 66A54BF20084400A7DD5E3B69E008799 C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 4339A2585708C7D9B0C0CE5AAD3DD6FF C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys 51CF56AA8BCC241F134B420B8F850406 C:\Windows\system32\drivers\sffp_mmc.sys 96DED8B20C734AC41641CE275250E55D C:\Windows\system32\drivers\sffp_sd.sys 8B08CAB1267B2C377883FC9E56981F90 C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\System32\DRIVERS\spc1030.sys 475E98DB84E481B96EA6789F34F98879 C:\Windows\System32\speedfan.sys DC8D2952FB6FFBAEC67BD1B93A34DF11 C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys F5D926807BD9BC0AF68F9376144DE425 C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\drivers\tpm.sys 6D9AD3534A9CF7E4B86C6EAE8BC335F6 C:\WINDOWS\System32\drivers\TrueSight.sys 446118FFFF5576434393AE4551A5CA74 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\DRIVERS\usbser_lowerflt.sys 47F5F9D837D80FFD5882A14DB9DA0A67 C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62 C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2 C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888 C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5 C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169 C:\Windows\System32\drivers\usbser.sys 8E6C378A885D6FFDA8F05E8D27B95C0E C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys E44F0D17BE0908B58DCC99CCB99C6C32 C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F C:\Windows\System32\DRIVERS\usb8023x.sys 228F444F9AF0D3B9ECA9FC3F4FEB12F2 C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys 381BA57C1EE2AB1BAFCB4A6035CC305F C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys 3AD0D0044A4F2AD80F368BB9293FFEE5 C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys A9E5CA3B571820EDD23683E14C7E6913 C:\Windows\System32\DRIVERS\vodafone_zte_cpo.sys ECE758F4838DF809E116CFD401D503A4 C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys 565B78A7CA79B32369B9E734C653DE36 C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys 565B78A7CA79B32369B9E734C653DE36 C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wimfltr.sys F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 C:\Windows\System32\DRIVERS\HSX_CNXT.sys E096FFB754F1E45AE1BDDAC1275AE2C5 C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\System32\DRIVERS\xaudio.sys 19E7C173B6242AD7521E537AE54768BF ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-09-18 17:28 - 2014-09-18 17:28 - 00032468 _____ () C:\Users\CONSTANSGC\Desktop\FRST.txt 2014-09-18 17:28 - 2014-09-18 17:28 - 00000000 ____D () C:\FRST 2014-09-18 17:27 - 2014-09-18 17:27 - 01080320 _____ (Farbar) C:\Users\CONSTANSGC\Desktop\FRST.exe 2014-09-18 17:24 - 2014-09-18 17:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\CONSTANSGC\Desktop\mbar-1.07.0.1012.exe 2014-09-18 17:10 - 2014-09-18 17:10 - 00127058 _____ () C:\Users\CONSTANSGC\Desktop\otl nowe.txt 2014-09-18 16:58 - 2014-09-18 16:58 - 00000813 _____ () C:\Users\CONSTANSGC\Desktop\log gmer.log 2014-09-18 16:54 - 2014-09-18 16:54 - 00000000 ____D () C:\Users\CONSTANSGC\Desktop\gmer 2014-09-18 16:28 - 2014-09-18 16:38 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-18 16:27 - 2014-09-18 16:28 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-18 16:26 - 2014-09-18 16:27 - 00003474 _____ () C:\Users\CONSTANSGC\Desktop\Rkill.txt 2014-09-18 16:26 - 2014-09-18 16:26 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CONSTANSGC\Desktop\rkill.exe 2014-09-18 16:25 - 2014-09-18 16:26 - 04877400 _____ () C:\Users\CONSTANSGC\Desktop\RogueKiller.exe 2014-09-18 16:23 - 2014-09-18 16:23 - 00370943 _____ () C:\Users\CONSTANSGC\Desktop\gmer.zip 2014-09-18 16:04 - 2014-09-18 16:04 - 00096574 _____ () C:\Users\CONSTANSGC\Desktop\skan otlee.txt 2014-09-18 16:01 - 2014-09-18 17:06 - 00127058 _____ () C:\Users\CONSTANSGC\Desktop\OTL.Txt 2014-09-18 16:01 - 2014-09-18 16:01 - 00048866 _____ () C:\Users\CONSTANSGC\Desktop\Extras.Txt 2014-09-18 15:39 - 2014-09-18 15:39 - 00000314 _____ () C:\Windows\PFRO.log 2014-09-18 15:24 - 2014-09-18 15:24 - 00382736 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-18 15:21 - 2014-09-18 15:21 - 00001612 _____ () C:\Users\CONSTANSGC\Desktop\JRT.txt 2014-09-18 15:10 - 2014-09-18 15:10 - 00000000 ____D () C:\Windows\ERUNT 2014-09-18 15:08 - 2014-09-18 15:08 - 01016830 _____ (Thisisu) C:\Users\CONSTANSGC\Desktop\JRT.exe 2014-09-18 15:05 - 2014-09-18 15:05 - 00602112 _____ (OldTimer Tools) C:\Users\CONSTANSGC\Desktop\OTL.exe 2014-09-18 14:42 - 2014-09-18 15:38 - 00000000 ____D () C:\AdwCleaner 2014-09-18 14:41 - 2014-09-18 14:42 - 01373475 _____ () C:\Users\CONSTANSGC\Desktop\adwcleaner_3.310.exe 2014-09-18 14:33 - 2014-09-18 14:33 - 00103744 _____ () C:\Users\CONSTANSGC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-18 14:33 - 2014-09-18 14:33 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-18 14:33 - 2014-09-18 14:33 - 00000000 _____ () C:\Windows\setupact.log 2014-09-12 22:45 - 2014-09-18 14:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-27 17:05 - 2014-08-27 17:05 - 00599040 _____ () C:\Users\CONSTANSGC\Desktop\NZOZ NATURALNIE-INTER POLSKA-obow pryw+nfz i ochr prawna.xls 2014-08-26 23:39 - 2014-08-26 23:39 - 00177852 _____ () C:\Users\CONSTANSGC\Desktop\MOŚ KRYSTIAN-FIAT.aspx 2014-08-26 14:52 - 2014-08-26 14:52 - 00100864 _____ () C:\Users\CONSTANSGC\Desktop\CIECIURA JAROSŁAW popr.xls 2014-08-26 12:30 - 2014-08-26 12:30 - 00031701 _____ () C:\Users\CONSTANSGC\Desktop\ANKIETA AMBU wzór PZU.xlsx 2014-08-26 12:24 - 2014-08-26 12:24 - 00109056 _____ () C:\Users\CONSTANSGC\Desktop\PZU-ANKIETA AMBU-NZOZ JAROSŁAW CIECIURA-OST.xls 2014-08-26 11:50 - 2014-08-26 12:10 - 00109056 _____ () C:\Users\CONSTANSGC\Desktop\PZU-ANKIETA AMBU-NZOZ JAROSŁAW CIECIURA.xls 2014-08-26 10:17 - 2014-08-26 10:17 - 00028160 _____ () C:\Users\CONSTANSGC\Desktop\SZKOŁA PODSTAWOWA NR. 5 W BYTOMIU-1 SZKODOWOŚĆ CONCORDIA.xls ==================== One Month Modified Files and Folders ======= 2014-09-18 17:28 - 2014-09-18 17:28 - 00032468 _____ () C:\Users\CONSTANSGC\Desktop\FRST.txt 2014-09-18 17:28 - 2014-09-18 17:28 - 00000000 ____D () C:\FRST 2014-09-18 17:27 - 2014-09-18 17:27 - 01080320 _____ (Farbar) C:\Users\CONSTANSGC\Desktop\FRST.exe 2014-09-18 17:27 - 2014-09-18 17:24 - 14349744 _____ (Malwarebytes Corp.) C:\Users\CONSTANSGC\Desktop\mbar-1.07.0.1012.exe 2014-09-18 17:10 - 2014-09-18 17:10 - 00127058 _____ () C:\Users\CONSTANSGC\Desktop\otl nowe.txt 2014-09-18 17:06 - 2014-09-18 16:01 - 00127058 _____ () C:\Users\CONSTANSGC\Desktop\OTL.Txt 2014-09-18 16:58 - 2014-09-18 16:58 - 00000813 _____ () C:\Users\CONSTANSGC\Desktop\log gmer.log 2014-09-18 16:54 - 2014-09-18 16:54 - 00000000 ____D () C:\Users\CONSTANSGC\Desktop\gmer 2014-09-18 16:46 - 2012-03-11 20:14 - 01066300 _____ () C:\Windows\WindowsUpdate.log 2014-09-18 16:43 - 2012-05-16 13:16 - 00000106 _____ () C:\Windows\system32\symbscnr.log 2014-09-18 16:43 - 2012-05-16 13:16 - 00000000 _____ () C:\Windows\system32\symbscnrsvc.log 2014-09-18 16:43 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-18 16:43 - 2006-11-02 14:45 - 00004688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-18 16:43 - 2006-11-02 14:45 - 00004688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-18 16:42 - 2012-03-11 20:40 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2014-09-18 16:42 - 2006-11-02 14:58 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-18 16:41 - 2013-06-11 14:39 - 00000000 ___RD () C:\Users\CONSTANSGC\Dropbox 2014-09-18 16:41 - 2007-01-09 11:24 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-09-18 16:39 - 2012-03-11 20:25 - 00000000 ____D () C:\Users\CONSTANSGC\AppData\Local\VirtualStore 2014-09-18 16:38 - 2014-09-18 16:28 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-18 16:37 - 2013-06-11 14:35 - 00000000 ____D () C:\Users\CONSTANSGC\AppData\Roaming\Dropbox 2014-09-18 16:35 - 2012-05-16 13:16 - 00000106 _____ () C:\Windows\system32\symbscnr.log.bak 2014-09-18 16:28 - 2014-09-18 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-18 16:27 - 2014-09-18 16:26 - 00003474 _____ () C:\Users\CONSTANSGC\Desktop\Rkill.txt 2014-09-18 16:26 - 2014-09-18 16:26 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CONSTANSGC\Desktop\rkill.exe 2014-09-18 16:26 - 2014-09-18 16:25 - 04877400 _____ () C:\Users\CONSTANSGC\Desktop\RogueKiller.exe 2014-09-18 16:23 - 2014-09-18 16:23 - 00370943 _____ () C:\Users\CONSTANSGC\Desktop\gmer.zip 2014-09-18 16:21 - 2013-07-05 10:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-18 16:04 - 2014-09-18 16:04 - 00096574 _____ () C:\Users\CONSTANSGC\Desktop\skan otlee.txt 2014-09-18 16:01 - 2014-09-18 16:01 - 00048866 _____ () C:\Users\CONSTANSGC\Desktop\Extras.Txt 2014-09-18 15:39 - 2014-09-18 15:39 - 00000314 _____ () C:\Windows\PFRO.log 2014-09-18 15:38 - 2014-09-18 14:42 - 00000000 ____D () C:\AdwCleaner 2014-09-18 15:24 - 2014-09-18 15:24 - 00382736 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-18 15:21 - 2014-09-18 15:21 - 00001612 _____ () C:\Users\CONSTANSGC\Desktop\JRT.txt 2014-09-18 15:10 - 2014-09-18 15:10 - 00000000 ____D () C:\Windows\ERUNT 2014-09-18 15:08 - 2014-09-18 15:08 - 01016830 _____ (Thisisu) C:\Users\CONSTANSGC\Desktop\JRT.exe 2014-09-18 15:06 - 2012-03-11 20:27 - 00000000 ____D () C:\Users\CONSTANSGC\AppData\Local\Deployment 2014-09-18 15:05 - 2014-09-18 15:05 - 00602112 _____ (OldTimer Tools) C:\Users\CONSTANSGC\Desktop\OTL.exe 2014-09-18 14:57 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2014-09-18 14:42 - 2014-09-18 14:41 - 01373475 _____ () C:\Users\CONSTANSGC\Desktop\adwcleaner_3.310.exe 2014-09-18 14:33 - 2014-09-18 14:33 - 00103744 _____ () C:\Users\CONSTANSGC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-18 14:33 - 2014-09-18 14:33 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-18 14:33 - 2014-09-18 14:33 - 00000000 _____ () C:\Windows\setupact.log 2014-09-18 14:33 - 2014-07-02 22:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-18 14:26 - 2014-09-12 22:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 14:26 - 2014-04-01 04:04 - 00000000 ____D () C:\Users\CONSTANSGC\AppData\Roaming\hpqLog 2014-09-18 14:26 - 2012-08-28 17:39 - 00000000 ____D () C:\Users\CONSTANSGC\AppData\Roaming\TeamViewer 2014-09-18 14:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-09-18 11:09 - 2013-06-11 14:37 - 00000000 ____D () C:\Users\CONSTANSGC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-16 16:29 - 2013-10-15 13:24 - 00000000 ____D () C:\SS_AGENT 2014-09-16 14:56 - 2006-12-05 07:19 - 00919384 _____ () C:\Windows\system32\perfh015.dat 2014-09-16 14:56 - 2006-12-05 07:19 - 00233380 _____ () C:\Windows\system32\perfc015.dat 2014-09-16 14:56 - 2006-11-02 12:33 - 02193866 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-13 22:20 - 2012-06-21 18:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-12 12:08 - 2013-06-12 13:12 - 00000000 ____D () C:\Users\CONSTANSGC\Desktop\oferty, kalkulacje, wnioski 2014-08-30 10:52 - 2013-08-31 17:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-08-27 17:05 - 2014-08-27 17:05 - 00599040 _____ () C:\Users\CONSTANSGC\Desktop\NZOZ NATURALNIE-INTER POLSKA-obow pryw+nfz i ochr prawna.xls 2014-08-26 23:39 - 2014-08-26 23:39 - 00177852 _____ () C:\Users\CONSTANSGC\Desktop\MOŚ KRYSTIAN-FIAT.aspx 2014-08-26 14:52 - 2014-08-26 14:52 - 00100864 _____ () C:\Users\CONSTANSGC\Desktop\CIECIURA JAROSŁAW popr.xls 2014-08-26 12:30 - 2014-08-26 12:30 - 00031701 _____ () C:\Users\CONSTANSGC\Desktop\ANKIETA AMBU wzór PZU.xlsx 2014-08-26 12:24 - 2014-08-26 12:24 - 00109056 _____ () C:\Users\CONSTANSGC\Desktop\PZU-ANKIETA AMBU-NZOZ JAROSŁAW CIECIURA-OST.xls 2014-08-26 12:10 - 2014-08-26 11:50 - 00109056 _____ () C:\Users\CONSTANSGC\Desktop\PZU-ANKIETA AMBU-NZOZ JAROSŁAW CIECIURA.xls 2014-08-26 10:17 - 2014-08-26 10:17 - 00028160 _____ () C:\Users\CONSTANSGC\Desktop\SZKOŁA PODSTAWOWA NR. 5 W BYTOMIU-1 SZKODOWOŚĆ CONCORDIA.xls 2014-08-19 21:32 - 2013-06-04 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive Some content of TEMP: ==================== C:\Users\CONSTANSGC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptrkv2b.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Menedľer rozruchu systemu Windows --------------------------------- Identyfikator {bootmgr} device partition=C: description Windows Boot Manager locale pl-PL inherit {globalsettings} default {current} resumeobject {b4a72669-9fca-11db-b8ff-0002a55e6116} displayorder {current} toolsdisplayorder {memdiag} timeout 30 resume No Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {572bcd55-ffa7-11d9-aae0-0007e994107d} device ramdisk=[E:]\sources\winre.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description Windows Recovery Environment osdevice ramdisk=[E:]\sources\winre.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes ems Yes Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {current} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale pl-PL inherit {bootloadersettings} recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {b4a72669-9fca-11db-b8ff-0002a55e6116} nx OptIn numproc 2 detecthal No usefirmwarepcisettings No Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {b4a72669-9fca-11db-b8ff-0002a55e6116} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Moduˆ testujĄcy pami©† systemu Windows -------------------------------------- Identyfikator {memdiag} device partition=C: path \boot\memtest.exe description Diagnostyka pami©ci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes Ustawienia usˆug EMS -------------------- Identyfikator {emssettings} bootems Yes Ustawienia debugera ------------------- Identyfikator {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Uszkodzenia pami©ci RAM ----------------------- Identyfikator {badmemory} Ustawienia globalne ------------------- Identyfikator {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Ustawienia moduˆu ˆadujĄcego rozruchu ------------------------------------- Identyfikator {bootloadersettings} inherit {globalsettings} Ustawienia moduˆu ˆadujĄcego wznawiania --------------------------------------- Identyfikator {resumeloadersettings} inherit {globalsettings} Opcje instalacji urzĄdzenia Ramdisk ----------------------------------- Identyfikator {ramdiskoptions} description Ramdisk Options ramdisksdidevice partition=E: ramdisksdipath \boot\boot.sdi LastRegBack: 2014-09-18 17:03 ==================== End Of Log ============================