Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 Ran by Monika (administrator) on MONIKA-PC on 12-10-2014 21:37:44 Running from C:\Users\Monika\Downloads Loaded Profile: Monika (Available profiles: Monika) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Vimicro) C:\Program Files\USB Camera2\VM332_STI.EXE (LENOVO) C:\Program Files\Lenovo\Lenovo CAPOSD\CAPOSD.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [879208 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [Dolby Home Theater v4] => C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM\...\Run: [332BigDog] => C:\Program Files\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM\...\Run: [CAPOSD] => c:\Program Files\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [7992320 2012-02-21] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [5931008 2012-02-21] (Lenovo(beijing) Limited) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5138080 2009-12-11] (Acronis) HKLM\...\Run: [UsBuga Acronis Scheduler2] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [362176 2009-12-11] (Acronis) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-1264134706-63761012-746677018-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) HKU\S-1-5-21-1264134706-63761012-746677018-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl-PL BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 217.113.224.36 217.113.224.134 Tcpip\..\Interfaces\{0D88A9DC-8C60-481B-A8F3-00EEFC8BA9F7}: [NameServer] 193.41.112.18 193.41.112.14 Tcpip\..\Interfaces\{403310FB-47A5-494A-A85D-8557554B7DBD}: [NameServer] 193.41.112.18 193.41.112.14 FireFox: ======== FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.pl/ CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Profile: C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-15] CHR Extension: (Google Drive) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-15] CHR Extension: (YouTube) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-15] CHR Extension: (Adblock Plus) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-20] CHR Extension: (Google Search) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-15] CHR Extension: (Skype Click to Call) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-12] CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661216 2009-12-11] (Acronis) R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2014-01-08] (Acronis) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-01-28] (Intel Corporation) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-01-12] (Macrovision Europe Ltd.) [File not signed] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] () R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) S3 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2014-01-15] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [24672 2011-12-15] (Lenovo Corporation) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3237888 2013-10-21] (Qualcomm Atheros Communications, Inc.) S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [67584 2011-11-30] (Intel Corporation) [File not signed] S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2014-01-15] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2014-01-15] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [195072 2014-01-15] (Huawei Technologies Co., Ltd.) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation) R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [27936 2013-12-19] (NVIDIA Corporation) R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation) S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [232040 2011-10-24] (Realtek Semiconductor Corp.) R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2014-01-08] (Acronis) R3 vm332avs; C:\Windows\System32\Drivers\vm332avs.sys [930000 2011-12-15] (Vimicro Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 21:37 - 2014-10-12 21:37 - 00015670 _____ () C:\Users\Monika\Downloads\FRST.txt 2014-10-12 21:35 - 2014-10-12 21:35 - 00000149 _____ () C:\Users\Monika\Desktop\fixlist.txt 2014-10-12 21:27 - 2014-10-12 21:21 - 00002089 _____ () C:\Users\Monika\Desktop\AdwCleaner[S1].txt 2014-10-12 21:27 - 2014-10-12 21:20 - 00002071 _____ () C:\Users\Monika\Desktop\AdwCleaner[R1].txt 2014-10-12 21:26 - 2014-10-12 21:25 - 00022920 _____ () C:\Users\Monika\Desktop\FRST.txt 2014-10-12 21:14 - 2014-10-12 21:15 - 01976320 _____ () C:\Users\Monika\Downloads\adwcleaner_4.000.exe 2014-10-12 21:10 - 2014-10-12 21:22 - 00000112 _____ () C:\Windows\setupact.log 2014-10-12 21:10 - 2014-10-12 21:21 - 00008090 _____ () C:\Windows\PFRO.log 2014-10-12 21:10 - 2014-10-12 21:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-12 19:53 - 2014-10-12 21:37 - 00000000 ____D () C:\FRST 2014-10-12 19:52 - 2014-10-12 19:52 - 01101824 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe 2014-10-12 19:52 - 2014-10-12 19:52 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Downloads\OTL.exe 2014-10-12 19:52 - 2014-10-12 19:52 - 00380416 _____ () C:\Users\Monika\Downloads\kmrymwbv.exe 2014-10-12 19:42 - 2014-10-12 19:42 - 00000000 ____D () C:\Windows\Sun 2014-10-12 19:42 - 2014-10-12 19:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-12 19:42 - 2014-10-12 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-12 19:42 - 2014-10-12 19:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-12 19:42 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-12 19:41 - 2014-10-12 19:42 - 00004150 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-10-12 18:45 - 2014-10-12 19:00 - 00000000 ____D () C:\Users\Monika\Desktop\wazne 2014-10-12 14:06 - 2014-10-12 14:06 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ___RD () C:\Program Files\Skype 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\Monika\AppData\Local\Skype 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-10-12 14:02 - 2014-10-12 14:02 - 36036200 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\SkypeSetupFull.exe 2014-10-02 13:18 - 2014-10-12 19:37 - 00000000 ____D () C:\Windows\Minidump 2014-10-01 20:56 - 2014-10-12 21:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-09-17 19:24 - 2014-10-12 21:25 - 00126743 _____ () C:\Windows\WindowsUpdate.log 2014-09-13 20:08 - 2014-09-13 20:08 - 00144550 _____ () C:\Users\Monika\Downloads\520_fix (2).zip 2014-09-13 20:07 - 2014-09-13 20:07 - 00144550 _____ () C:\Users\Monika\Downloads\520_fix.zip 2014-09-13 20:07 - 2014-09-13 20:07 - 00144550 _____ () C:\Users\Monika\Downloads\520_fix (1).zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 21:29 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-12 21:29 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-12 21:28 - 2014-01-17 21:05 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype 2014-10-12 21:26 - 2011-04-12 07:08 - 00687828 _____ () C:\Windows\system32\perfh015.dat 2014-10-12 21:26 - 2011-04-12 07:08 - 00131382 _____ () C:\Windows\system32\perfc015.dat 2014-10-12 21:26 - 2010-11-20 23:01 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-12 21:22 - 2014-01-15 20:45 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-12 21:22 - 2014-01-08 19:24 - 00000816 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-10-12 21:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-12 21:21 - 2014-01-08 17:36 - 00000000 ____D () C:\Users\Monika 2014-10-12 21:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2014-10-12 20:42 - 2014-01-15 20:45 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-12 19:44 - 2014-01-12 15:48 - 00000000 ____D () C:\Program Files\Adobe 2014-10-12 19:44 - 2014-01-12 15:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-10-12 19:43 - 2014-01-21 21:52 - 00000000 ____D () C:\Users\Monika\AppData\Local\Adobe 2014-10-12 19:42 - 2014-05-29 18:14 - 00000000 ____D () C:\Program Files\Java 2014-10-12 15:05 - 2014-01-08 19:24 - 00000818 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-10-12 14:06 - 2014-01-17 21:04 - 00000000 ____D () C:\ProgramData\Skype 2014-10-09 23:44 - 2009-07-14 04:04 - 00000529 _____ () C:\Windows\win.ini 2014-09-26 20:44 - 2014-01-15 20:59 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-15 09:06 - 2014-01-12 21:28 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Monika\AppData\Local\Temp\Quarantine.exe C:\Users\Monika\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-09 20:01 ==================== End Of Log ============================