Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by A (administrator) on A-PC on 20-03-2015 11:35:33 Running from C:\Users\A\Desktop Loaded Profiles: A (Available profiles: A & Gość) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Malwarebytes Corporation) C:\Programy\Malwarebytes Anti-Exploit\mbae.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Spotify Ltd) C:\Users\A\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Malwarebytes Corporation) C:\Programy\Malwarebytes Anti-Exploit\mbae-svc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2014-01-17] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Programy\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation) HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\...\Run: [Spotify Web Helper] => C:\Users\A\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-24] (Spotify Ltd) HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) BootExecute: autocheck autochk * SmartDefragBootTime.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426188065&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426188065&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {36222043-542C-49D1-8F69-702470B129EC} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {4E0E17DB-2615-4F76-AE25-BB25CD5BEC40} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-11-03] (IObit) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318 FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Programy\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-23] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-23] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\user.js [2015-03-18] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll [2012-09-26] ( ) FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\searchplugins\do-search.xml [2015-03-12] FF Extension: Evernote Web Clipper - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2015-03-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-21] FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\extensions\searchengine@gmail.com FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\extensions\fftoolbar2014@etech.com FF Extension: No Name - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\extensions\fftoolbar2014@etech.com [Not Found] Chrome: ======= CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-03-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AdvancedSystemCareService7; C:\Programy\Optymalizacja\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit) R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-07-10] (Intel(R) Corporation) [File not signed] S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2012-01-07] (Hewlett-Packard Co.) [File not signed] S3 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed] S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2012-01-07] (Macrovision Corporation) [File not signed] S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed] S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-03] (IObit) R2 MbaeSvc; C:\Programy\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation) S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2012-01-07] (Sony Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) S4 nlsX86cc; C:\Windows\system32\nlssrv32.exe [66560 2011-11-22] (Nalpeiron Ltd.) [File not signed] S3 Origin Client Service; C:\Programy\origin\OriginClientService.exe [1903472 2015-01-21] (Electronic Arts) S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2012-01-07] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-07-10] (Intel(R) Corporation) [File not signed] S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] () S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2012-01-07] (Sony Corporation) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-12] (SysTool PasSame LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-02] (Disc Soft Ltd) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2014-04-30] (EldoS Corporation) R1 ESProtectionDriver; C:\Programy\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] () S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] () [File not signed] R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-10-29] (Glarysoft Ltd) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23712 2014-09-15] (REALiX(tm)) R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [530752 2012-08-16] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24896 2012-08-16] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [589144 2012-11-15] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-11-15] (Kaspersky Lab) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-10] (Malwarebytes Corporation) S1 MLowCtl; C:\Windows\System32\DRIVERS\MLowCtl.sys [13824 2007-09-04] () [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 NETMDUSB; C:\Windows\System32\Drivers\NETMD052.sys [36679 2005-10-31] (Sony Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2000-01-01] (Vimicro Corporation) S3 IpInIp; No ImagePath U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab) S1 MpKsle7f29d17; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0744095-0A5E-44E9-9BCF-BFA1153B3893}\MpKsle7f29d17.sys [X] S3 NwlnkFlt; No ImagePath S3 NwlnkFwd; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-18 19:10 - 2015-03-18 19:10 - 00071107 _____ () C:\Users\A\Desktop\Shortcut.txt 2015-03-18 19:06 - 2015-03-18 19:10 - 00047399 _____ () C:\Users\A\Desktop\Addition.txt 2015-03-18 19:04 - 2015-03-20 11:40 - 00018255 _____ () C:\Users\A\Desktop\FRST.txt 2015-03-18 18:56 - 2015-03-20 11:35 - 00000000 ____D () C:\FRST 2015-03-18 18:54 - 2015-03-18 18:54 - 01135104 _____ (Farbar) C:\Users\A\Desktop\FRST.exe 2015-03-18 18:54 - 2015-03-18 18:54 - 00380416 _____ () C:\Users\A\Desktop\l5bkv21f.exe 2015-03-18 18:00 - 2015-03-18 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\A\Desktop\OTL.exe 2015-03-14 23:25 - 2015-03-14 23:25 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-03-12 20:23 - 2015-03-18 18:42 - 00000000 ____D () C:\Program Files\XTab 2015-03-12 20:23 - 2015-03-12 20:23 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-03-12 20:23 - 2015-03-12 20:23 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-03-12 20:20 - 2015-03-12 20:20 - 77807968 _____ (TechSmith Corporation) C:\Users\A\Downloads\snagit.exe 2015-03-12 20:19 - 2015-03-12 20:19 - 00000000 ____D () C:\Users\A\AppData\Local\PriceFountain 2015-03-12 20:18 - 2015-03-18 17:41 - 00000000 ____D () C:\Users\A\AppData\Local\FluxSoftware 2015-03-11 21:41 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 21:39 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 21:37 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 21:23 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 21:23 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 21:21 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 21:21 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 21:21 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 21:21 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 21:20 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 21:19 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 21:18 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-11 21:16 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 21:10 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 21:10 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 21:10 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 21:10 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 21:10 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 21:10 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 21:10 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 21:10 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 21:10 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 21:10 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 21:09 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 21:09 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 21:09 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 21:09 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 21:09 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 21:09 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 21:09 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 21:09 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 21:09 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 21:09 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 21:09 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 21:09 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-06 13:54 - 2015-03-06 13:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-26 17:58 - 2015-02-26 17:58 - 00707744 _____ () C:\Users\A\AppData\Local\unins000.exe 2015-02-26 17:58 - 2015-02-26 17:58 - 00011761 _____ () C:\Users\A\AppData\Local\unins000.msg 2015-02-26 17:58 - 2015-02-26 17:58 - 00003202 _____ () C:\Users\A\AppData\Local\unins000.dat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 11:39 - 2014-12-18 23:17 - 01335917 _____ () C:\Windows\WindowsUpdate.log 2015-03-20 11:37 - 2015-01-20 18:28 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-20 11:28 - 2012-04-08 12:33 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-20 11:28 - 2011-05-18 23:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-20 11:27 - 2014-06-22 13:37 - 00000000 ____D () C:\Users\A\AppData\Local\Adobe 2015-03-20 11:18 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-20 11:18 - 2006-11-02 13:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-20 11:17 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-20 11:16 - 2015-01-02 18:13 - 00004864 _____ () C:\Windows\PFRO.log 2015-03-19 07:58 - 2006-11-02 13:58 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-19 07:04 - 2014-07-11 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-03-18 17:39 - 2012-09-26 08:52 - 00000000 ____D () C:\Users\A\AppData\Local\CrashDumps 2015-03-18 17:26 - 2014-09-10 19:52 - 00000000 ____D () C:\Program Files\Opera 2015-03-14 23:26 - 2013-10-29 14:09 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-14 23:24 - 2014-07-11 17:47 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-03-14 23:24 - 2009-05-21 11:25 - 00000000 ____D () C:\Program Files\Java 2015-03-13 21:26 - 2012-12-30 00:40 - 00000000 ____D () C:\ProgramData\TEMP 2015-03-13 20:45 - 2013-10-07 08:22 - 00000000 ____D () C:\Users\A\Documents\II sem 2015-03-12 17:56 - 2014-10-31 19:10 - 07459136 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 21:41 - 2009-01-08 02:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 21:40 - 2006-11-02 11:23 - 00000269 _____ () C:\Windows\win.ini 2015-03-11 21:37 - 2013-07-12 07:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 21:26 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-03-11 21:25 - 2012-11-20 21:46 - 00000039 _____ () C:\Windows\vbaddin.ini 2015-03-11 17:26 - 2009-01-08 01:53 - 00718280 _____ () C:\Windows\system32\perfh015.dat 2015-03-11 17:26 - 2009-01-08 01:53 - 00153028 _____ () C:\Windows\system32\perfc015.dat 2015-03-11 17:26 - 2006-11-02 11:33 - 01624842 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-08 16:38 - 2014-08-28 17:22 - 00000000 ____D () C:\Users\A\Documents\przepisy 2015-03-03 14:16 - 2009-10-03 11:54 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-27 21:57 - 2012-10-03 13:44 - 00000000 ____D () C:\Users\A\Documents\Food 2015-02-27 20:29 - 2009-05-23 00:01 - 00000000 ____D () C:\Users\A\AppData\Local\Last.fm 2015-02-26 20:27 - 2014-10-26 21:40 - 00000000 ____D () C:\Users\A\Documents\pity 2015-02-26 20:25 - 2010-03-23 20:50 - 00000000 ____D () C:\Users\A\AppData\Roaming\Adobe 2015-02-22 21:21 - 2014-03-18 22:09 - 00000000 ____D () C:\Users\A\Documents\PIOTREK ==================== Files in the root of some directories ======= 2012-10-10 20:42 - 2012-10-19 17:42 - 0000132 _____ () C:\Users\A\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-04-04 20:42 - 2012-05-17 01:35 - 0000132 _____ () C:\Users\A\AppData\Roaming\Adobe PNG Format CS6 Prefs 2012-06-17 17:35 - 2012-06-17 17:35 - 0000268 ___RH () C:\Users\A\AppData\Roaming\Helper Scripts 2012-06-17 17:36 - 2012-06-17 17:36 - 0000268 ___RH () C:\Users\A\AppData\Roaming\Hip Hop 2012-06-17 17:35 - 2012-06-17 17:35 - 0000268 ___RH () C:\Users\A\AppData\Roaming\Home 2012-03-01 15:01 - 2012-03-01 15:01 - 0000022 ___SH () C:\Users\A\AppData\Roaming\Sys2662.Config.Repository.bin 2010-08-24 19:19 - 2010-08-24 19:19 - 0000022 ___SH () C:\Users\A\AppData\Roaming\Sys6925.Config Collection.sys 2009-05-21 12:27 - 2009-05-21 12:27 - 0024206 _____ () C:\Users\A\AppData\Roaming\UserTile.png 2010-03-31 22:13 - 2013-07-03 15:29 - 0000680 _____ () C:\Users\A\AppData\Local\d3d9caps.dat 2009-05-25 20:50 - 2015-01-05 23:18 - 0168960 _____ () C:\Users\A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-29 12:05 - 2012-11-29 12:05 - 0004096 ____H () C:\Users\A\AppData\Local\keyfile3.drm 2015-02-26 17:58 - 2015-02-26 17:58 - 0003202 _____ () C:\Users\A\AppData\Local\unins000.dat 2015-02-26 17:58 - 2015-02-26 17:58 - 0707744 _____ () C:\Users\A\AppData\Local\unins000.exe 2015-02-26 17:58 - 2015-02-26 17:58 - 0011761 _____ () C:\Users\A\AppData\Local\unins000.msg 2010-02-11 19:41 - 2010-03-16 10:24 - 0000088 __RSH () C:\ProgramData\9EDE8056CF.sys 2012-12-07 19:46 - 2012-12-07 19:46 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-05-21 18:04 - 2013-05-21 18:04 - 0000003 _____ () C:\ProgramData\Bluetooth.txt 2014-01-17 18:21 - 2014-01-17 18:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-05-21 17:56 - 2008-06-26 02:57 - 0090112 _____ (Intel Corporation) C:\ProgramData\HidManager.dll 2010-02-11 19:41 - 2010-03-16 10:24 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys 2012-11-21 00:10 - 2012-11-21 12:29 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2012-11-04 01:00 - 2012-11-04 01:00 - 0000000 _____ () C:\ProgramData\PKP_DLet.DAT 2013-03-17 13:43 - 2013-03-17 13:43 - 0000000 _____ () C:\ProgramData\PKP_DLev.DAT 2015-01-02 13:48 - 2015-01-02 13:48 - 0003584 _____ () C:\ProgramData\wtwLicensing.db Files to move or delete: ==================== C:\ProgramData\HidManager.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-20 11:24 ==================== End Of Log ============================