Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2014 02 Ran by OI (administrator) on EOI on 08-12-2014 17:50:22 Running from c:\ Loaded Profile: OI (Available profiles: OI & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (cFos Software GmbH) D:\Program Files\cfosspeed\spd.exe (cFos Software GmbH) D:\Program Files\cfosspeed\cfosspeed.exe (ESET) D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (COMODO) D:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (HP) C:\WINDOWS\system32\HPSIsvc.exe (Oracle Corporation) D:\Program Files\Java\jre7\bin\jqs.exe (Locktime Software) D:\Program Files\NetLimiter 2 Pro\nlsvc.exe (Locktime Software) D:\Program Files\NetLimiter 2 Pro\NLClient.exe (COMODO) D:\Program Files\COMODO\COMODO Internet Security\cis.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe (C. Ghisler & Co.) D:\Program Files\TC UP\TOTALCMD.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cFosSpeed] => D:\Program Files\cfosspeed\cFosSpeed.exe [977624 2009-10-30] (cFos Software GmbH) HKLM\...\Run: [egui] => d:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2145000 2010-04-07] (ESET) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [COMODO Internet Security] => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO) HKLM\...\Policies\Explorer: [NoLogOff] 0x01000000 HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\Policies\Explorer: [RecycleBinSize] 100 HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1 HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\Policies\Explorer: [NoRecentDocsMenu] 1 HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\Policies\Explorer: [StartMenuLogOff] 1 HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: H - H:\setup.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {038d289e-cd82-11de-a742-4d6564696130} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {03b83060-cf8b-11de-a75d-997633b1a501} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {0408b1c0-c889-11e3-a5e3-b5fb9175fa09} - E:\CojLauncher.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {143bd0f8-49b2-11df-af10-c83507f62bf2} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {200fc146-9bae-11e1-9b5b-4d6564696130} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {200fc14a-9bae-11e1-9b5b-4d6564696130} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {323c0cc0-b6a2-11e3-af41-ae5e437d59b0} - E:\Toshiba\Launcher\start.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {4caf8298-d06a-11de-a766-4d6564696130} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {8bc5d898-8d8f-11e2-a7ee-800dd052f9aa} - H:\autorun.bat HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {932550be-cf7e-11de-a759-4d6564696130} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {9bd98540-4f27-11e4-8bd4-80b4a5a18fee} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {aeb872a4-d06c-11de-a767-4d6564696130} - G:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {b99cfc88-530e-11df-af21-bd30b530669d} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {bf915bb9-8e55-11e2-a7f1-ce516a311b2b} - H:\CDSAMPLE\AUTORUN\AUTORUN.EXE HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {d369a35d-cf13-11de-a753-4d6564696130} - E:\AutoRun.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {db6dee1a-b113-11e3-941d-b9ab49e308c4} - F:\setupSNK.exe HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\MountPoints2: {efa95468-2891-11df-aec5-f2eca6eb95b6} - E:\AutoRun.exe ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.) BootExecute: autocheck autochk /r \??\E:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-823518204-1614895754-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-823518204-1614895754-839522115-1003] => : HKU\S-1-5-21-823518204-1614895754-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.yahoo.com?fr=fp-comodo HKU\S-1-5-21-823518204-1614895754-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-823518204-1614895754-839522115-1003 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-823518204-1614895754-839522115-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> d:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\PROGRA~1\SPYBOT~1\SDHelper.dll No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> d:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> d:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> d:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> d:\Program Files\FlashGet\getflash.dll (www.flashget.com) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Homepage: about:home FF Keyword.URL: hxxp://pl.search.yahoo.com/search?fr=ytff-comodo&p= FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> d:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> d:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=0.9.9 -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=1.0.0 -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=1.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc;version=0.8.6i -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\OI\Dane aplikacji\mozilla\plugins\npcoolirisplugin.dll () FF SearchPlugin: C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\searchplugins\filmweb.xml FF SearchPlugin: C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\searchplugins\userlogos.xml FF Extension: Fast Dial - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\fastdial@telega.phpnet.us [2014-09-24] FF Extension: Free Download Manager plugin - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\fdm_ffext@freedownloadmanager.org [2013-02-10] FF Extension: FlashVideoReplacer - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\flvideoreplacer@lovinglinux.megabyet.net [2012-02-24] FF Extension: MinimizeToTray revived (MinTrayR) - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\mintrayr@tn123.ath.cx [2013-02-10] FF Extension: Cooliris - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\piclens@cooliris.com [2011-12-18] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08] FF Extension: Flashblock - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-17] FF Extension: Complete YouTube Saver - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-07-31] FF Extension: DownloadHelper - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-18] FF Extension: Download Statusbar - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011-10-30] FF Extension: Web2PDF converter - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66} [2011-07-07] FF Extension: KodyRabatowe.pl - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\coupon.checker@kodyrabatowe.pl.xpi [2013-02-10] FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-02-10] FF Extension: Gmelius - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\gmailadsremover@florian.bersier.xpi [2013-02-10] FF Extension: Webmail Ad Blocker - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\gmailnoads@mywebber.com.xpi [2013-12-23] FF Extension: SmartVideo For YouTube - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\mytube@ashishmishra.in.xpi [2013-04-15] FF Extension: Video Resumer - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\videoresumer@jetpack.xpi [2013-02-10] FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-06-16] FF Extension: Screengrab (fix version) - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-11-20] FF Extension: Flagfox - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF Extension: Session Manager - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-02-10] FF Extension: FlashGot - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-12] FF Extension: NoScript - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-10] FF Extension: CoolPreviews - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013-12-04] FF Extension: Search By Image (by Google) - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2013-02-22] FF Extension: Adblock Plus - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-10] FF Extension: Disable Anti-Adblock - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2013-11-09] FF Extension: Tab Mix Plus - C:\Documents and Settings\OI\Dane aplikacji\Mozilla\Firefox\Profiles\soqf5sl8.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-10] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - d:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\OI\Dane aplikacji\IDM\idmmzcc5 FF Extension: IDM CC - C:\Documents and Settings\OI\Dane aplikacji\IDM\idmmzcc5 [2014-09-27] FF HKU\S-1-5-21-823518204-1614895754-839522115-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\OI\Dane aplikacji\IDM\idmmzcc5 FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-09-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 .EsetTrialReset; C:\WINDOWS\reset.exe [357182 2009-03-20] () [File not signed] S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.) R2 cFosSpeedS; D:\Program Files\cfosspeed\spd.exe [415960 2009-10-30] (cFos Software GmbH) R2 CmdAgent; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO) S3 cmdvirth; D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO) S3 EhttpSrv; d:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33560 2010-04-07] (ESET) R2 ekrn; d:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810120 2010-04-07] (ESET) S4 Huawei E3272; C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe [240720 2014-03-07] () S4 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; d:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation) S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] R2 nlsvc; d:\Program Files\NetLimiter 2 Pro\nlsvc.exe [516096 2007-03-21] (Locktime Software) [File not signed] S4 PLAY ONLINE. RunOuc; d:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-05-11] () S4 UserAccess7; C:\WINDOWS\system32\UAService7.exe [122880 2010-02-21] (Sony DADC Austria AG.) [File not signed] S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed] R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [279712 2012-02-12] () R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-01] (BlueStack Systems) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 cFosSpeed; C:\WINDOWS\System32\DRIVERS\cfosspeed.sys [872152 2009-10-30] (cFos Software GmbH) R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2014-04-16] (COMODO) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [607448 2014-04-16] (COMODO) R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2014-04-16] (COMODO) S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation) [File not signed] S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2004-08-03] (Microsoft Corporation) [File not signed] R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [140216 2010-04-07] (ESET) R2 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [114984 2010-04-07] (ESET) R2 enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [7552 2003-03-02] () [File not signed] S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [95872 2010-04-07] (ESET) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed] S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-05-11] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-05-11] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-05-11] (Huawei Technologies Co., Ltd.) R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [121440 2014-06-09] (Tonec Inc.) R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [104920 2014-04-16] (COMODO) S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [145920 2013-10-26] (ITE ) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2012-02-12] () S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R1 nltdi; C:\WINDOWS\System32\drivers\nltdi.sys [82200 2007-04-23] (Locktime Software) [File not signed] S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation) S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [34064 2008-05-03] (CACE Technologies) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation) [File not signed] S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-02-17] (NVIDIA Corporation) S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-02-17] (NVIDIA Corporation) R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2013-05-02] () [File not signed] S3 ParadigmVScanner; C:\WINDOWS\System32\drivers\usbscan.sys [15104 2004-08-03] (Microsoft Corporation) [File not signed] S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed] R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62336 2006-11-08] (Microsoft Corporation) [File not signed] S3 s3m; C:\WINDOWS\System32\DRIVERS\s3m.sys [166720 2001-08-17] (S3 Incorporated) R0 sfdrv01; C:\WINDOWS\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed] R0 sfhlp02; C:\WINDOWS\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] R0 sfsync02; C:\WINDOWS\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed] R0 sfvfs02; C:\WINDOWS\System32\drivers\sfvfs02.sys [66560 2005-08-24] (Protection Technology) [File not signed] R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-18] (Almico Software) S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation) [File not signed] R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation) [File not signed] R2 tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [4736 2003-04-19] () [File not signed] S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation) [File not signed] S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2012-05-11] (Huawei Technologies Co., Ltd.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 17:38 - 2014-12-08 17:38 - 00000000 _____ () C:\prefs.js 2014-12-07 19:39 - 2014-12-07 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\City Interactive 2014-12-07 16:26 - 2014-12-07 16:26 - 04184008 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe 2014-12-06 20:56 - 2014-12-06 20:56 - 00000064 _____ () C:\MB-wykryte-infekcje.txt 2014-12-06 20:30 - 2014-12-06 20:30 - 00143004 _____ () C:\kmer.txt 2014-12-06 19:48 - 2014-12-06 19:48 - 00125276 _____ () C:\OTL.Txt 2014-12-06 19:48 - 2014-12-06 19:48 - 00063812 _____ () C:\Extras.Txt 2014-12-06 19:40 - 2014-12-06 19:40 - 00108394 _____ () C:\Shortcut.txt 2014-12-06 19:39 - 2014-12-08 17:50 - 00024000 _____ () C:\FRST.txt 2014-12-06 19:39 - 2014-12-06 19:40 - 00051486 _____ () C:\Addition.txt 2014-12-06 19:37 - 2014-12-08 17:50 - 00000000 ____D () C:\FRST 2014-12-06 19:27 - 2014-12-06 19:27 - 00522360 _____ (Duplex Secure Ltd.) C:\SPTDinst-v186-x86.exe 2014-12-06 19:19 - 2014-12-06 19:19 - 00380416 _____ () C:\kmer.exe 2014-12-06 19:18 - 2014-12-06 19:18 - 00602112 _____ (OldTimer Tools) C:\OTL.exe 2014-12-06 19:17 - 2014-12-06 19:17 - 01111040 _____ (Farbar) C:\FRST.exe 2014-12-06 15:18 - 2014-12-07 17:52 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes' Anti-Malware (portable) 2014-11-29 14:32 - 2014-11-29 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\cFos 2014-11-28 22:54 - 2014-11-29 13:10 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Package Cache 2014-11-18 20:21 - 2014-11-22 22:56 - 00000685 _____ () C:\rg.txt 2014-11-10 23:08 - 2014-11-10 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Origin 2014-11-09 15:42 - 2014-12-08 17:35 - 00001320 _____ () C:\info.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 17:47 - 2007-05-25 04:58 - 00005397 _____ () C:\WINDOWS\WINCMD.INI 2014-12-08 17:44 - 2014-09-18 21:10 - 00006944 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-12-08 17:42 - 2014-10-29 18:06 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2014-12-08 17:42 - 2014-10-29 18:06 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2014-12-08 17:42 - 2007-05-24 20:29 - 02053454 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-08 17:40 - 2007-05-24 22:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-08 17:40 - 2007-05-24 22:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-08 17:40 - 2007-05-24 20:32 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT 2014-12-08 17:39 - 2007-09-28 20:12 - 00000188 __SHC () C:\Documents and Settings\Administrator\ntuser.ini 2014-12-08 17:36 - 2014-05-01 12:29 - 00032458 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-08 17:36 - 2014-05-01 11:36 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt 2014-12-08 17:36 - 2007-05-25 06:43 - 00524288 _____ () C:\WINDOWS\system32\config\NetLimit.evt 2014-12-08 17:36 - 2007-05-24 20:33 - 00000188 ___SH () C:\Documents and Settings\OI\ntuser.ini 2014-12-08 17:36 - 2007-05-24 20:33 - 00000000 ____D () C:\Documents and Settings\OI 2014-12-08 17:27 - 2007-12-06 18:50 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-12-08 17:27 - 2007-05-24 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-08 17:25 - 2008-04-26 19:55 - 00000000 ____D () C:\WINDOWS\system32\Adobe 2014-12-08 17:25 - 2007-05-25 07:53 - 00000000 ____D () C:\Documents and Settings\OI\Dane aplikacji\Macromedia 2014-12-08 17:25 - 2007-05-24 20:28 - 00000000 ____D () C:\WINDOWS\system32\Macromed 2014-12-07 21:34 - 2011-09-02 20:47 - 00000000 ____D () C:\Documents and Settings\OI\.gstreamer-0.10 2014-12-07 20:00 - 2007-05-24 22:06 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-12-07 19:40 - 2014-04-27 07:57 - 01093293 _____ () C:\WINDOWS\setupapi.log 2014-12-07 19:40 - 2007-12-26 00:10 - 00387201 ____C () C:\WINDOWS\DirectX.log 2014-12-07 19:40 - 2007-05-24 20:29 - 00000000 ____D () C:\WINDOWS\system32\DirectX 2014-12-07 17:40 - 2014-04-20 15:12 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-07 17:40 - 2014-04-20 15:12 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-06 18:37 - 2008-03-05 23:22 - 00007839 _____ () C:\WINDOWS\setupact.log 2014-12-06 15:49 - 2014-04-20 15:12 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-12-06 15:32 - 2014-04-27 15:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$ 2014-12-06 15:20 - 2014-09-27 21:25 - 00000000 ____D () C:\Documents and Settings\OI\Dane aplikacji\DMCache 2014-12-06 15:18 - 2007-05-24 22:06 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-06 15:17 - 2014-04-21 15:51 - 00000000 ____D () C:\coj 2014-12-05 22:06 - 2014-09-04 16:41 - 00013163 _____ () C:\lte.txt 2014-12-03 21:17 - 2001-07-21 23:17 - 00002284 _____ () C:\WINDOWS\system32\wpa.dbl 2014-11-30 16:08 - 2014-09-18 19:19 - 01411332 _____ () C:\WINDOWS\system32\nvdrsdb1.bin 2014-11-30 16:08 - 2014-09-18 19:19 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin 2014-11-30 16:07 - 2014-09-18 19:19 - 01411332 _____ () C:\WINDOWS\system32\nvdrsdb0.bin 2014-11-30 11:13 - 2007-05-24 22:06 - 00215264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-29 16:56 - 2014-06-21 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\2K Games 2014-11-29 16:56 - 2007-05-25 05:06 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-11-29 16:56 - 2007-05-24 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-11-29 14:50 - 2014-09-27 21:25 - 00000000 ____D () C:\Documents and Settings\OI\Dane aplikacji\IDM 2014-11-21 06:14 - 2014-04-20 15:12 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-11-17 16:24 - 2013-02-10 17:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-14 20:35 - 2009-02-17 20:42 - 00000000 ____D () C:\Documents and Settings\OI\Dane aplikacji\vlc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================