Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02 Ran by Marek (administrator) on MAREK-PC on 12-01-2015 23:32:22 Running from C:\Users\Marek\Desktop\help Loaded Profiles: Marek & Administrator & Gość (Available profiles: Marek & Administrator & Gość) Platform: Windows Vista (TM) Home Basic Service Pack 2 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Users\Marek\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2008-12-11] (Analog Devices, Inc.) HKLM\...\Run: [PrivDogService] => "C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe" HKLM\...\Run: [ComodoFSChrome] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-08] (Hewlett-Packard) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Run: [] => [X] HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Run: [Google Update] => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-15] (Google Inc.) HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Run: [Tohehx] => C:\Users\Marek\AppData\Roaming\Tohehx.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Marek\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [13120 2014-12-12] () HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {46d07572-a33a-11e0-9ac9-002481395638} - D:\AutoRun.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {46d07573-a33a-11e0-9ac9-002481395638} - D:\AutoRun.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {605c1144-a3b1-11e0-b6fc-002481395638} - E:\LaunchU3.exe -a HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {7d4306c9-a315-11e0-b554-002481395638} - D:\AutoRun.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {7d4306ed-a315-11e0-b554-002481395638} - D:\AutoRun.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {8b506334-a7f8-11e0-8f27-806e6f6e6963} - E:\AutoRun.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {947f2fd7-a573-11e0-bebf-002481395638} - D:\AutoRun.exe HKU\S-1-5-21-3384552037-1150880392-2470578842-1000\...\MountPoints2: {947f2fd9-a573-11e0-bebf-002481395638} - D:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BigTitsAtSchool 14 02 17 Anissa Kate French Exam XXX REPACK 1080p MP4-KTR.lnk ShortcutTarget: BigTitsAtSchool 14 02 17 Anissa Kate French Exam XXX REPACK 1080p MP4-KTR.lnk -> C:\Users\Marek\Desktop\GRAPH\BigTitsAtSchool 14 02 17 Anissa Kate French Exam XXX REPACK 1080p MP4-KTR.exe (No File) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com URLSearchHook: [S-1-5-21-3384552037-1150880392-2470578842-500] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-3384552037-1150880392-2470578842-501] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3384552037-1150880392-2470578842-1000 -> {A4FEDA48-202C-4982-83BA-F01E749AC1B7} URL = SearchScopes: HKU\S-1-5-21-3384552037-1150880392-2470578842-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3384552037-1150880392-2470578842-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\lz7rtyiw.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3384552037-1150880392-2470578842-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3384552037-1150880392-2470578842-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Extension: No Name - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\lz7rtyiw.default\Extensions\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack [2014-12-15] FF Extension: No Name - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\lz7rtyiw.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-10-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-25] FF Extension: No Name - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\lz7rtyiw.default\extensions\5760ec0d6ec24a119c6398f@fa137c6b34f842bd805263bee28d76.com [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www.google.pl/ CHR StartupUrls: Default -> "hxxp://poczta.o2.pl/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Users\Marek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Prezentacje Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12] CHR Extension: (Dokumenty Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12] CHR Extension: (Dysk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12] CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12] CHR Extension: (Szukaj w Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12] CHR Extension: (Arkusze Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12] CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "BFE" service could not be unlocked. <===== ATTENTION U2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2013-02-23] (Apache Software Foundation) [File not signed] U2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO) U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO) U3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-06-19] (Flexera Software, Inc.) U2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496 2011-02-23] (Hewlett-Packard Company) U2 mi-raysat_3dsmax2012_32; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [86016 2011-02-23] () [File not signed] U2 mi-raysat_3dsmax2013_32; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe [86016 2011-09-14] () [File not signed] U2 mysql; C:\xampp\mysql\bin\mysqld.exe [8151040 2013-05-16] () [File not signed] U2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2012-12-06] (Absolute Software Corp.) U2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-12] (Enigma Software Group USA, LLC.) U3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] U3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO) U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [618584 2014-12-09] (COMODO) U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2014-12-09] (COMODO) U3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-12] () U3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP) U3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP) U3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP) U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO) U1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113336 2013-07-22] (Power Software Ltd) U3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810856 2008-10-09] () U3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] U3 IpInIp; system32\DRIVERS\ipinip.sys [X] U3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] U3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U0 sr; No ImagePath U3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 23:31 - 2015-01-12 23:32 - 00000000 ____D () C:\Users\Marek\Desktop\help 2015-01-12 22:43 - 2015-01-12 22:49 - 00000000 ____D () C:\Users\Marek\Desktop\teksty 2015-01-12 22:38 - 2015-01-12 23:32 - 00000000 ____D () C:\Users\Marek\Desktop\combo 2015-01-12 22:36 - 2015-01-12 22:38 - 00033250 _____ () C:\Users\Marek\Desktop\Addition.txt 2015-01-12 22:26 - 2015-01-12 22:38 - 00031407 _____ () C:\Users\Marek\Desktop\FRST.txt 2015-01-12 22:24 - 2015-01-12 23:32 - 00000000 ____D () C:\FRST 2015-01-12 22:16 - 2015-01-12 22:16 - 00305664 _____ (Secure By Design Inc.) C:\Users\Marek\Desktop\Ninite 7Zip Installer.exe 2015-01-12 22:16 - 2015-01-12 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-01-12 22:16 - 2015-01-12 22:16 - 00000000 ____D () C:\Program Files\7-Zip 2015-01-12 19:55 - 2015-01-12 19:56 - 02191360 _____ () C:\Users\Marek\Desktop\adwcleaner_4.107.exe 2015-01-12 19:37 - 2015-01-12 19:37 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Enigma Software Group 2015-01-12 19:36 - 2015-01-12 19:37 - 00000000 ____D () C:\sh4ldr 2015-01-12 19:33 - 2015-01-12 19:33 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-11 16:34 - 2015-01-11 16:34 - 00000000 ____D () C:\ProgramData\oeddbicmfjcimgjjmffjbcgeahippekc 2015-01-11 16:29 - 2015-01-11 16:29 - 00000000 ____D () C:\ProgramData\bkoajonbmaikoaihmbpmffamkhhonjbg 2015-01-11 16:26 - 2015-01-11 16:26 - 00001859 _____ () C:\Users\Marek\Desktop\BigTitsAtSchool 14 02 17 Anissa Kate French Exam XXX REPACK 1080p MP4-KTR.lnk 2015-01-06 17:32 - 2015-01-06 19:23 - 00000000 ____D () C:\Users\Marek\Desktop\SKRZATY 2015-01-05 13:10 - 2015-01-10 15:16 - 00000000 ____D () C:\Users\Marek\Desktop\rdlp 2014-12-28 10:59 - 2014-12-28 11:01 - 00000000 ____D () C:\Users\Marek\Desktop\2014.12.05 lsm 2014-12-26 19:17 - 2014-12-26 19:25 - 00000000 ____D () C:\Users\Marek\Desktop\FOTO BUFOR 2014-12-23 00:53 - 2014-12-23 01:08 - 00000110 _____ () C:\Users\Marek\Documents\znak północy_recover.dwh 2014-12-22 21:49 - 2014-12-22 21:49 - 00000000 ____D () C:\Users\Marek\Desktop\baza tekstury i wyposażenia 2014-12-22 21:48 - 2014-12-22 21:49 - 00000000 ____D () C:\Users\Marek\Desktop\baza rośliny 2014-12-18 18:00 - 2014-12-18 23:01 - 00000000 ____D () C:\Users\Marek\Desktop\2014.12.17 WIGILIA AK 2014-12-16 01:19 - 2014-12-16 01:19 - 00044544 _____ () C:\Users\Marek\Documents\upgrade inwent ac dendro.xls 2014-12-16 01:19 - 2014-12-16 01:19 - 00033237 _____ () C:\Users\Marek\Documents\znak północy_recover.dwg 2014-12-16 01:02 - 2014-12-16 01:02 - 00000191 ____H () C:\Users\Marek\Documents\znak północy.dwl2 2014-12-16 01:02 - 2014-12-16 01:02 - 00000055 _____ () C:\Users\Marek\Documents\znak północy.dwh 2014-12-16 01:02 - 2014-12-16 01:02 - 00000041 ____H () C:\Users\Marek\Documents\znak północy.dwl 2014-12-15 18:07 - 2014-12-15 19:12 - 00000000 ____D () C:\Users\Marek\Desktop\plecak 2014-12-15 02:07 - 2014-12-15 02:18 - 00000000 ____D () C:\Users\Marek\Downloads\Supernatural S10E09 HDTV XviD-FUM[ettv] 2014-12-14 12:14 - 2014-12-14 12:14 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\com.smallblueprinter.gardenPlanner3 2014-12-13 17:07 - 2014-12-13 17:12 - 00004245 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log 2014-12-13 00:31 - 2014-12-13 16:59 - 00061053 _____ () C:\Users\Marek\Documents\znak północy.dwg 2014-12-13 00:31 - 2014-12-13 00:32 - 00075036 _____ () C:\Users\Marek\Documents\znak północy.bak ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 23:25 - 2013-06-04 20:33 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2015-01-12 23:24 - 2014-12-12 03:49 - 00839246 _____ () C:\Windows\system32\Drivers\fvstore.dat 2015-01-12 23:17 - 2012-11-25 00:54 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-12 22:53 - 2010-06-01 19:08 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384552037-1150880392-2470578842-1000UA.job 2015-01-12 22:15 - 2006-11-02 13:45 - 00006048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-12 22:15 - 2006-11-02 13:45 - 00006048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-12 21:41 - 2008-01-21 02:38 - 01413146 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 20:15 - 2010-05-25 17:23 - 00058288 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll 2015-01-12 20:15 - 2010-05-21 18:47 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe 2015-01-12 20:15 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-12 20:14 - 2008-01-21 04:02 - 00309006 _____ () C:\Windows\PFRO.log 2015-01-12 20:13 - 2010-05-21 18:51 - 00006396 _____ () C:\Windows\bthservsdp.dat 2015-01-12 20:13 - 2006-11-02 13:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-12 20:12 - 2014-04-21 09:01 - 00000000 ____D () C:\AdwCleaner 2015-01-12 19:55 - 2013-06-11 11:41 - 00000000 ____D () C:\Users\Marek\Desktop\INSTALLKI 2015-01-12 19:37 - 2010-05-21 19:57 - 00000000 ____D () C:\Users\Marek 2015-01-12 19:33 - 2014-04-01 22:38 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2015-01-12 19:33 - 2013-02-18 18:39 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-12 19:26 - 2011-06-30 15:04 - 00000000 ____D () C:\Program Files\PLAY ONLINE 2015-01-12 02:02 - 2013-09-13 14:27 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\uTorrent 2015-01-12 01:44 - 2008-01-21 07:21 - 01748674 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 01:44 - 2008-01-21 07:20 - 00813204 _____ () C:\Windows\system32\perfh015.dat 2015-01-12 01:44 - 2008-01-21 07:20 - 00180482 _____ () C:\Windows\system32\perfc015.dat 2015-01-12 01:43 - 2010-06-24 00:23 - 00081920 _____ () C:\Users\Marek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-11 22:26 - 2010-06-28 23:37 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\vlc 2015-01-11 21:08 - 2013-10-28 17:08 - 00000000 ____D () C:\Users\Marek\Desktop\GRAPH 2015-01-10 18:37 - 2014-06-06 22:52 - 00000000 ____D () C:\Users\Marek\Desktop\SEMINARIUM AK 2015-01-10 17:54 - 2010-08-31 10:49 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Winamp 2015-01-09 19:39 - 2013-06-05 11:18 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-09 05:58 - 2011-07-06 16:01 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForMarek.job 2015-01-08 17:55 - 2010-05-21 21:03 - 00000052 _____ () C:\Windows\system32\DOErrors.log 2015-01-07 00:09 - 2014-11-19 11:34 - 00000000 ____D () C:\Users\Marek\Desktop\FILMY FOTO + instrukcja 2015-01-05 23:13 - 2010-05-25 17:13 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Adobe 2015-01-02 11:48 - 2010-05-26 15:55 - 00000000 ____D () C:\Users\Marek\AppData\Local\cache 2015-01-02 10:53 - 2010-06-01 19:08 - 00001006 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384552037-1150880392-2470578842-1000Core.job 2014-12-26 19:26 - 2014-11-25 17:12 - 00000000 ____D () C:\Users\Marek\Desktop\park czuby 2014-12-26 19:26 - 2013-02-15 23:24 - 00000000 ____D () C:\Users\Marek\Desktop\do wyw 2014-12-22 23:22 - 2014-11-26 16:43 - 00000704 _____ () C:\Users\Marek\Documents\acad.err 2014-12-16 01:11 - 2013-01-18 09:58 - 00003242 _____ () C:\Users\Marek\Documents\plot.log 2014-12-15 19:20 - 2014-11-05 11:51 - 00000000 ____D () C:\Users\Marek\Desktop\Wąwozy konf 2014-12-13 17:11 - 2013-10-24 17:55 - 00000000 ____D () C:\Program Files\Java Some content of TEMP: ==================== C:\Users\Marek\AppData\Local\Temp\7za.exe C:\Users\Marek\AppData\Local\Temp\AcDeltree.exe C:\Users\Marek\AppData\Local\Temp\APNSetup.exe C:\Users\Marek\AppData\Local\Temp\AVGToolbarInstaller.exe C:\Users\Marek\AppData\Local\Temp\avguidx.dll C:\Users\Marek\AppData\Local\Temp\binkw32.dll C:\Users\Marek\AppData\Local\Temp\CommonInstaller.exe C:\Users\Marek\AppData\Local\Temp\contentDATs.exe C:\Users\Marek\AppData\Local\Temp\d2l_Install.exe C:\Users\Marek\AppData\Local\Temp\d2l_PlayD2.exe C:\Users\Marek\AppData\Local\Temp\DataCard_Setup.exe C:\Users\Marek\AppData\Local\Temp\dlLogic.exe C:\Users\Marek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplkruvh.dll C:\Users\Marek\AppData\Local\Temp\Extract.exe C:\Users\Marek\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Marek\AppData\Local\Temp\gg10_upgr_to_12096_from_11119.exe C:\Users\Marek\AppData\Local\Temp\ICReinstall_DownloadManagerSetup (1).exe C:\Users\Marek\AppData\Local\Temp\ipl9DF.tmp.exe C:\Users\Marek\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Marek\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Marek\AppData\Local\Temp\NEventMessages.dll C:\Users\Marek\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Marek\AppData\Local\Temp\nsbE269.tmp.exe C:\Users\Marek\AppData\Local\Temp\oi_{7AB6357D-0F45-48E6-A833-1C7953C0FAAA}.exe C:\Users\Marek\AppData\Local\Temp\OptChrome.exe C:\Users\Marek\AppData\Local\Temp\ResetDevice.exe C:\Users\Marek\AppData\Local\Temp\Runner2.exe C:\Users\Marek\AppData\Local\Temp\Runner4.exe C:\Users\Marek\AppData\Local\Temp\safeguard.exe C:\Users\Marek\AppData\Local\Temp\setupa2.exe C:\Users\Marek\AppData\Local\Temp\SetupAC.exe C:\Users\Marek\AppData\Local\Temp\Shortcut_SweetImSetup.exe C:\Users\Marek\AppData\Local\Temp\SHSetup.exe C:\Users\Marek\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Marek\AppData\Local\Temp\SP46003.exe C:\Users\Marek\AppData\Local\Temp\SP46881.exe C:\Users\Marek\AppData\Local\Temp\sp48071.exe C:\Users\Marek\AppData\Local\Temp\sp52110.exe C:\Users\Marek\AppData\Local\Temp\SPStub.exe C:\Users\Marek\AppData\Local\Temp\sqlite3.exe C:\Users\Marek\AppData\Local\Temp\tbDivX.dll C:\Users\Marek\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Marek\AppData\Local\Temp\ttv.exe C:\Users\Marek\AppData\Local\Temp\uninst1.exe C:\Users\Marek\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Marek\AppData\Local\Temp\utt48A.tmp.exe C:\Users\Marek\AppData\Local\Temp\vcredist_vs2005_x86.exe C:\Users\Marek\AppData\Local\Temp\wmpfirefoxplugin.exe C:\Users\Marek\AppData\Local\Temp\YontooIEClient.dll C:\Users\Marek\AppData\Local\Temp\_isC555.exe C:\Users\Marek\AppData\Local\Temp\_isDDA1.exe C:\Users\Marek\AppData\Local\Temp\Quarantine.exe C:\Users\Marek\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-12 20:22 ==================== End Of Log ============================