Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01 Ran by User (administrator) on USER-KOMPUTER on 28-04-2015 10:38:12 Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVU13524 Loaded Profiles: User (Available profiles: User) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Windows\System32\AsusService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKU\S-1-5-21-4279898861-2467177311-1154902151-1000\...\MountPoints2: {01682835-98a1-11e2-9275-5404a641aa75} - E:\AutoRun.exe HKU\S-1-5-21-4279898861-2467177311-1154902151-1000\...\MountPoints2: {45f2c441-989f-11e2-a9f3-5404a641aa75} - E:\AutoRun.exe HKU\S-1-5-21-4279898861-2467177311-1154902151-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\AsusScreensaver.scr ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll [2010-09-02] () ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll [2010-09-02] () ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-4279898861-2467177311-1154902151-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKU\S-1-5-21-4279898861-2467177311-1154902151-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com HKU\S-1-5-21-4279898861-2467177311-1154902151-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4279898861-2467177311-1154902151-1000 -> {24575B95-B8F3-4032-8332-4B7A68C856C7} URL = https://www.google.com/search?q={searchTerms} BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.) ShellExecuteHooks: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dayms53h.default-1364074164934 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll No File FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-20] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-20] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5314yh2y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-23] FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-30] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (KMPlayer Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj [2015-04-24] CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-24] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-24] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-24] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24] CHR HKLM\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Users\User\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.2.0.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] () S2 KMService; C:\windows\system32\srvany.exe [8192 2013-03-23] () [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-13] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X] S3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [X] S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [X] S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X] S2 sftlist; "C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe" [X] S3 sftvsa; "C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe" [X] S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X] S2 Update BatBrowse; "C:\Program Files\BatBrowse\updateBatBrowse.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R2 eamon; C:\windows\System32\DRIVERS\eamon.sys [39944 2008-08-18] (ESET) R1 easdrv; C:\windows\System32\DRIVERS\easdrv.sys [53256 2008-08-18] (ESET) R1 epfwtdir; C:\windows\System32\DRIVERS\epfwtdir.sys [34312 2008-08-18] () R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R1 tmactmon; C:\windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.) R1 tmcomm; C:\windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.) R1 tmevtmgr; C:\windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.) R2 tmtdi; C:\windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X] S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 10:37 - 2015-04-28 10:38 - 00000000 ____D () C:\FRST 2015-04-28 10:34 - 2015-04-28 10:34 - 00015096 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2015-04-28 10:27 - 2015-04-28 10:32 - 00000000 ____D () C:\AdwCleaner 2015-04-28 10:03 - 2015-04-28 10:03 - 00013168 _____ () C:\Users\User\Desktop\OTL — skrót.lnk 2015-04-28 10:02 - 2015-04-28 10:02 - 00087750 _____ () C:\Users\User\Desktop\OTL.Txt 2015-04-28 10:02 - 2015-04-28 10:02 - 00041474 _____ () C:\Users\User\Desktop\Extras.Txt 2015-04-28 10:01 - 2015-04-28 10:01 - 00041474 _____ () C:\Users\User\Downloads\Extras.Txt 2015-04-28 09:59 - 2015-04-28 09:59 - 00087750 _____ () C:\Users\User\Downloads\OTL.Txt 2015-04-28 09:50 - 2015-04-28 09:50 - 00575488 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL_3.2.17.3.exe 2015-04-24 18:07 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-04-24 18:07 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-04-24 18:07 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-04-24 18:07 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2015-04-24 18:07 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2015-04-24 18:07 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys 2015-04-24 18:07 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll 2015-04-24 18:06 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-04-24 18:06 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-04-24 18:06 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-04-24 18:06 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-04-24 18:06 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-04-24 18:06 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-04-24 18:06 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-04-24 18:06 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-04-24 18:06 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-04-24 18:06 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-04-24 18:06 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-04-24 18:06 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-04-24 18:06 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-04-24 18:06 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-04-24 18:06 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-04-24 18:06 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-04-24 18:05 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-04-24 18:05 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-04-24 18:05 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-04-24 18:05 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-04-24 18:05 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-04-24 18:05 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-04-24 18:05 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-04-24 18:05 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-04-24 18:05 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-04-24 18:05 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-04-24 18:05 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2015-04-24 18:05 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-04-24 18:05 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-04-24 18:05 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2015-04-24 18:05 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2015-04-24 18:05 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2015-04-24 18:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-04-24 18:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2015-04-24 18:01 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys 2015-04-24 10:11 - 2015-04-24 10:11 - 00000000 ____D () C:\Program Files\Common Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 10:36 - 2002-01-01 16:08 - 01220216 _____ () C:\windows\WindowsUpdate.log 2015-04-28 10:33 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-28 10:33 - 2009-07-14 06:39 - 00078573 _____ () C:\windows\setupact.log 2015-04-28 10:05 - 2012-08-19 16:18 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-28 09:37 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-28 09:37 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-24 19:17 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-04-24 19:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\pl-PL 2015-04-24 18:30 - 2013-10-16 16:46 - 00000000 ____D () C:\windows\system32\MRT 2015-04-24 18:19 - 2012-06-02 18:47 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-04-24 18:17 - 2011-02-16 19:14 - 00710002 _____ () C:\windows\system32\perfh015.dat 2015-04-24 18:17 - 2011-02-16 19:14 - 00139162 _____ () C:\windows\system32\perfc015.dat 2015-04-24 18:17 - 2009-07-27 12:11 - 01602574 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-24 14:49 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2015-04-24 14:08 - 2011-04-30 03:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-04-24 14:05 - 2011-04-30 03:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-04-24 11:06 - 2012-08-19 16:18 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2015-04-24 11:06 - 2012-08-19 16:18 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2015-04-24 10:52 - 2014-05-24 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\OpenFM 2015-04-24 10:11 - 2013-11-12 20:10 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-24 10:09 - 2014-12-20 00:27 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2015-04-24 10:08 - 2013-11-12 20:08 - 00000000 ____D () C:\Program Files\Java ==================== Files in the root of some directories ======= 2013-10-16 21:02 - 2014-06-04 21:07 - 0000172 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2013-10-16 21:02 - 2013-10-16 21:02 - 0000006 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT 2015-01-03 12:38 - 2015-01-03 12:38 - 0000000 ____H () C:\Users\User\AppData\Local\BITE407.tmp 2015-01-03 12:38 - 2015-01-03 12:38 - 0000000 _____ () C:\Users\User\AppData\Local\{3D77C750-B0B7-4B68-A05D-445E56DC22D8} 2015-01-03 12:20 - 2015-01-03 12:20 - 0000000 _____ () C:\Users\User\AppData\Local\{F9FE6E17-6449-4BAD-AC77-5C798D8F51B5} 2015-01-03 12:38 - 2015-01-03 12:38 - 0000000 _____ () C:\Users\User\AppData\Local\{FB7EE531-6E44-4C43-BAE0-AD8DAFB0C2B4} 2011-04-30 03:17 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\APNSetup.exe C:\Users\User\AppData\Local\Temp\DataCard_Setup.exe C:\Users\User\AppData\Local\Temp\ggdrive-menu.exe C:\Users\User\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\User\AppData\Local\Temp\htmlayout.dll C:\Users\User\AppData\Local\Temp\installstats.exe C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\KMP_3.7.0.113.exe C:\Users\User\AppData\Local\Temp\KMP_3.8.0.120.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\ResetDevice.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 11:27 ==================== End Of Log ============================