Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Mako (administrator) on MAKO-PC on 13-06-2015 22:37:22 Running from C:\Users\Mako\Downloads Loaded Profiles: Mako (Available Profiles: Mako) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 7 (Default browser: Opera) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Opera Software) C:\Program Files\Opera\30.0.1835.59\opera_autoupdate.exe (Farbar) C:\Users\Mako\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE [2701880 2008-07-21] (Conexant) HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: H - H:\AutoRun.exe HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: {39617091-11a9-11e5-b0ec-001eec9c4d5e} - H:\AutoRunCardDetector.exe HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: {3d9e10a7-0d3c-11e5-b449-001eec9c4d5e} - H:\AutoRun.exe HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: {3d9e10ab-0d3c-11e5-b449-001eec9c4d5e} - H:\AutoRun.exe HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: {d90053ed-0bba-11e5-bc6c-001eec9c4d5e} - H:\AutoRun.exe HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: {d9005423-0bba-11e5-bc6c-001eec9c4d5e} - H:\AutoRun.exe HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\...\MountPoints2: {dd3f4a5f-0d08-11e5-822e-001eec9c4d5e} - H:\AutoRun.exe ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\buShell.dll [2015-03-20] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\buShell.dll [2015-03-20] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\buShell.dll [2015-03-20] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) Toolbar: HKU\S-1-5-21-2932149468-3538548085-1955584924-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.0.110\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.0.110\coFFPlgn [2015-06-13] Chrome: ======= CHR Profile: C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-12] CHR Extension: (Google Drive) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-12] CHR Extension: (YouTube) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-12] CHR Extension: (Google Search) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-12] CHR Extension: (Norton Identity Safe) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-12] CHR Extension: (Google Wallet) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12] CHR Extension: (Gmail) - C:\Users\Mako\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\Exts\Chrome.crx [2015-06-09] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation) S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 NSBU; C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\NSBU.exe [282528 2015-04-01] (Symantec Corporation) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-06-08] (Enigma Software Group USA, LLC.) S2 szserver; C:\Program Files\STOPzilla!\SZServer.exe [57136 2014-10-20] (iS3, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx86; C:\Program Files\Norton Security with Backup\NortonData\22.0.0.110\Definitions\BASHDefs\20150602.001\BHDrvx86.sys [1172696 2015-06-01] (Symantec Corporation) S1 ccSet_NSBU; C:\Windows\system32\drivers\NSBU\1602000.01F\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [380720 2015-06-07] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [113456 2015-06-07] (Symantec Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-06-08] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-06-08] () S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] () S1 IDSVix86; C:\Program Files\Norton Security with Backup\NortonData\22.0.0.110\Definitions\IPSDefs\20150612.001\IDSvix86.sys [514776 2015-06-05] (Symantec Corporation) S0 is3srv; C:\Windows\System32\drivers\is3srv.sys [61328 2014-10-20] (iS3 Inc.) S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-13] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150612.016\NAVENG.SYS [95704 2015-06-07] (Symantec Corporation) S3 NAVEX15; C:\Program Files\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150612.016\NAVEX15.SYS [1636696 2015-06-07] (Symantec Corporation) S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2014-10-20] (GFI Software) S3 SRTSP; C:\Windows\System32\Drivers\NSBU\1602000.01F\SRTSP.SYS [702168 2015-03-27] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NSBU\1602000.01F\SRTSPX.SYS [36056 2014-09-09] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NSBU\1602000.01F\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NSBU\1602000.01F\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-06-07] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NSBU\1602000.01F\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation) S1 SYMTDIv; C:\Windows\System32\Drivers\NSBU\1602000.01F\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation) R0 szkg5; C:\Windows\System32\DRIVERS\szkg.sys [61328 2014-10-20] (iS3 Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S0 szkgfs; system32\drivers\szkgfs.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 22:11 - 2015-06-13 22:11 - 00050216 _____ C:\Users\Mako\Desktop\FRST.txt 2015-06-13 22:10 - 2015-06-13 22:10 - 00020877 _____ C:\Users\Mako\Desktop\Addition.txt 2015-06-13 22:10 - 2015-06-13 22:10 - 00020762 _____ C:\Users\Mako\Desktop\Shortcut.txt 2015-06-13 22:07 - 2015-06-13 22:07 - 00020877 _____ C:\Users\Mako\Downloads\Addition.txt 2015-06-13 22:07 - 2015-06-13 22:07 - 00020762 _____ C:\Users\Mako\Downloads\Shortcut.txt 2015-06-13 22:06 - 2015-06-13 22:37 - 00010483 _____ C:\Users\Mako\Downloads\FRST.txt 2015-06-13 22:06 - 2015-06-13 22:37 - 00000000 ____D C:\FRST 2015-06-13 21:57 - 2015-06-13 21:57 - 00011820 _____ C:\Users\Mako\Desktop\scgm.log 2015-06-13 21:36 - 2015-06-13 21:36 - 00380416 _____ C:\Users\Mako\Downloads\1fdqjtkk.exe 2015-06-13 21:36 - 2015-06-13 21:36 - 00371057 _____ C:\Users\Mako\Downloads\gm.zip 2015-06-13 21:36 - 2015-06-13 21:36 - 00370943 _____ C:\Users\Mako\Downloads\gmer.zip 2015-06-13 21:17 - 2015-06-13 21:17 - 00380416 _____ C:\Users\Mako\Downloads\xw90cqf2.exe 2015-06-13 21:14 - 2015-06-13 21:14 - 01148416 _____ (Farbar) C:\Users\Mako\Downloads\FRST (1).exe 2015-06-13 21:13 - 2015-06-13 21:13 - 01148416 _____ (Farbar) C:\Users\Mako\Downloads\FRST.exe 2015-06-13 21:08 - 2015-06-13 21:08 - 00532136 _____ (Duplex Secure Ltd) C:\Users\Mako\Downloads\SPTDinst-v187-x86.exe 2015-06-13 20:59 - 2015-06-13 20:59 - 00013087 _____ C:\Users\Mako\Desktop\MBRCheck_06.13.15_20.59.27.txt 2015-06-13 20:58 - 2015-06-13 20:58 - 00080384 _____ C:\Users\Mako\Downloads\MBRCheck.exe 2015-06-13 20:52 - 2015-06-13 20:53 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mako\Downloads\tdsskiller.exe 2015-06-13 00:16 - 2015-06-13 00:16 - 00000000 ____D C:\Program Files\CONEXANT 2015-06-12 23:51 - 2015-06-13 00:06 - 143133912 _____ (Lenovo Group Limited ) C:\Users\Mako\Downloads\52au11ww.exe 2015-06-12 23:21 - 2015-06-12 23:21 - 02174395 _____ C:\Users\Mako\Downloads\3mov.wmv 2015-06-12 23:20 - 2015-06-12 23:20 - 02166387 _____ C:\Users\Mako\Downloads\2mov.wmv 2015-06-12 23:15 - 2015-06-13 22:34 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-12 23:15 - 2015-06-13 22:31 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-12 23:15 - 2015-06-13 00:08 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-12 23:15 - 2015-06-12 23:16 - 00000000 ____D C:\Users\Mako\AppData\Local\Google 2015-06-12 23:15 - 2015-06-12 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-12 23:14 - 2015-06-13 22:27 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-06-12 23:14 - 2015-06-12 23:15 - 00000000 ____D C:\Program Files\Google 2015-06-12 23:12 - 2015-06-12 23:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-12 23:12 - 2015-06-12 23:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-12 23:12 - 2015-06-12 23:12 - 00000000 ____D C:\Windows\system32\Macromed 2015-06-12 23:03 - 2015-06-13 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-06-12 23:03 - 2015-06-12 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-06-12 23:03 - 2015-06-12 23:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2015-06-12 22:55 - 2015-06-12 23:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-12 22:53 - 2015-06-12 23:02 - 00000000 ____D C:\Users\Mako\Desktop\mbar 2015-06-12 22:51 - 2015-06-12 22:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mako\Downloads\mbar-1.09.1.1004.exe 2015-06-12 22:50 - 2015-06-12 22:50 - 03020968 _____ (Malwarebytes ) C:\Users\Mako\Downloads\mbae-setup-1.06.1.1019.exe 2015-06-12 22:48 - 2015-06-12 22:50 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mako\Downloads\spybot-2.4.exe 2015-06-11 23:36 - 2015-06-12 23:33 - 00000392 _____ C:\Windows\Tasks\SpyHunter4.job 2015-06-10 00:40 - 2015-06-10 00:40 - 00068243 _____ C:\Users\Mako\Downloads\player_embed (1).swf 2015-06-10 00:39 - 2015-06-10 00:39 - 00068243 _____ C:\Users\Mako\Downloads\player_embed.swf 2015-06-09 02:24 - 2015-06-11 23:24 - 00000000 ____D C:\Users\Mako\AppData\Local\CrashDumps 2015-06-09 02:21 - 2015-06-12 23:16 - 00000000 ____D C:\Users\Mako\AppData\Local\Adobe 2015-06-08 10:13 - 2015-06-08 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager 2015-06-08 10:11 - 2015-06-08 10:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-06-08 10:11 - 2015-06-08 10:11 - 00000000 ____D C:\Users\Mako\AppData\Roaming\InstallShield 2015-06-08 10:11 - 2009-02-11 17:11 - 00329752 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys 2015-06-08 10:01 - 2015-06-08 10:02 - 22495416 _____ (Lenovo Group Limited ) C:\Users\Mako\Downloads\52ah01ww.exe 2015-06-08 03:10 - 2015-06-08 03:10 - 00001075 _____ C:\Users\Mako\Desktop\SpyHunter.lnk 2015-06-08 03:10 - 2015-06-08 03:10 - 00000000 ____D C:\Users\Mako\AppData\Roaming\Enigma Software Group 2015-06-08 03:09 - 2015-06-08 03:10 - 00000000 ____D C:\sh4ldr 2015-06-08 03:07 - 2015-06-08 03:07 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2015-06-08 03:06 - 2015-06-08 03:06 - 00000000 ____D C:\Program Files\Enigma Software Group 2015-06-08 02:57 - 2015-06-08 02:57 - 00003094 _____ C:\Users\Mako\Downloads\hijackthis.log 2015-06-08 02:55 - 2015-06-08 02:55 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Mako\Downloads\SpyHunter-Installer.exe 2015-06-08 02:52 - 2015-06-08 02:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mako\Downloads\HijackThis.exe 2015-06-08 01:13 - 2015-06-08 01:13 - 00000000 ____D C:\Users\Mako\AppData\Roaming\Macromedia 2015-06-08 01:13 - 2015-06-08 01:13 - 00000000 ____D C:\Users\Mako\AppData\Roaming\Adobe 2015-06-08 01:10 - 2014-10-20 10:53 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys 2015-06-08 01:07 - 2015-06-13 22:34 - 00000000 ____D C:\ProgramData\STOPzilla! 2015-06-08 01:07 - 2015-06-08 01:17 - 00000000 ____D C:\Program Files\STOPzilla! 2015-06-08 01:07 - 2015-06-08 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla 2015-06-08 01:07 - 2014-10-20 10:53 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE 2015-06-08 01:07 - 2014-10-20 10:53 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys 2015-06-08 00:43 - 2015-06-08 00:43 - 00016088 _____ C:\Windows\system32\results.xml 2015-06-08 00:39 - 2006-11-10 08:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll 2015-06-08 00:35 - 2015-06-08 00:35 - 00687776 _____ (iS3, Inc.) C:\Users\Mako\Downloads\STOPzilla_Setup.exe 2015-06-08 00:19 - 2015-06-08 00:20 - 39797560 _____ (Lenovo Group Limited ) C:\Users\Mako\Downloads\66ux03ww.exe 2015-06-08 00:17 - 2015-06-08 00:17 - 00070512 ____H C:\Windows\system32\mlfcache.dat 2015-06-08 00:14 - 2015-06-08 00:15 - 00000000 ____D C:\NPE 2015-06-08 00:12 - 2015-06-08 00:17 - 00000000 ____D C:\Users\Mako\AppData\Local\NPE 2015-06-07 23:06 - 2015-06-08 10:12 - 00000000 ____D C:\Program Files\Intel 2015-06-07 23:06 - 2015-06-08 00:37 - 00000000 ____D C:\Intel 2015-06-07 23:06 - 2008-02-22 13:06 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2015-06-07 23:04 - 2015-06-07 23:04 - 02061592 _____ (Lenovo Group Limited ) C:\Users\Mako\Downloads\52ch04ww.exe 2015-06-07 22:52 - 2015-06-09 23:03 - 00002246 _____ C:\Users\Public\Desktop\Norton Security with Backup.lnk 2015-06-07 22:52 - 2015-06-07 23:54 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2015-06-07 22:52 - 2015-06-07 22:52 - 00094424 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2015-06-07 22:52 - 2015-06-07 22:52 - 00008186 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT 2015-06-07 22:51 - 2015-06-09 23:04 - 00000000 ____D C:\Windows\system32\Drivers\NSBU 2015-06-07 22:51 - 2015-06-09 23:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup 2015-06-07 22:51 - 2015-06-08 00:12 - 00000000 ____D C:\ProgramData\Norton 2015-06-07 22:51 - 2015-06-07 22:51 - 00000000 ____D C:\Program Files\Norton Security with Backup 2015-06-07 21:58 - 2015-06-07 22:04 - 121919856 ____N (Symantec Corporation) C:\Users\Mako\Downloads\NSBU-TW-22.0.0-PL.exe 2015-06-07 14:08 - 2015-06-07 14:09 - 02509792 _____ (Lenovo Group Limited ) C:\Users\Mako\Downloads\6get18ww.exe 2015-06-07 13:57 - 2015-06-07 13:57 - 00000803 _____ C:\Users\Public\Desktop\Opera.lnk 2015-06-07 13:57 - 2015-06-07 13:57 - 00000803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-07 13:57 - 2015-06-07 13:57 - 00000000 ____D C:\Users\Mako\AppData\Roaming\Opera Software 2015-06-07 13:57 - 2015-06-07 13:57 - 00000000 ____D C:\Users\Mako\AppData\Local\Opera Software 2015-06-07 13:50 - 2015-06-13 19:58 - 00000000 ____D C:\Program Files\Opera 2015-06-06 01:57 - 2015-06-13 22:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-06 01:56 - 2015-06-06 01:56 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-06 01:56 - 2015-06-06 01:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-06 01:56 - 2015-06-06 01:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-06 01:56 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-06 01:56 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-06 01:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-06 01:32 - 2015-06-08 01:43 - 00000000 ____D C:\Windows\Minidump 2015-06-06 00:30 - 2015-06-13 02:06 - 00000420 ____H C:\Windows\Tasks\User_Feed_Synchronization-{6A78A5BC-249F-4A49-82BA-ED5C9B7C8189}.job 2015-06-06 00:21 - 2015-06-06 00:21 - 00000000 ____D C:\Users\Mako\AppData\Local\WindowsUpdate 2015-06-05 21:46 - 2015-06-05 21:46 - 00000840 _____ C:\Users\Public\Desktop\PLAY ONLINE.lnk 2015-06-05 21:46 - 2015-06-05 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2015-06-05 21:46 - 2008-03-17 11:57 - 00103680 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2015-06-05 21:46 - 2008-03-17 11:05 - 00101632 ____R (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2015-06-05 21:46 - 2008-03-16 14:47 - 00872192 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2015-06-05 21:46 - 2008-01-22 15:10 - 00100864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2015-06-05 21:46 - 2007-08-09 04:06 - 00023424 ____R (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2015-06-05 21:44 - 2015-06-06 01:34 - 00000000 ____D C:\Program Files\PLAY ONLINE 2015-06-05 20:36 - 2015-06-05 19:41 - 00000000 ____D C:\Windows\Panther 2015-06-05 20:35 - 2015-06-05 20:35 - 00008192 ___RS C:\BOOTSECT.BAK 2015-06-05 20:35 - 2008-01-21 04:34 - 00333203 __RSH C:\bootmgr 2015-06-05 19:47 - 2015-06-13 21:48 - 00000680 _____ C:\Users\Mako\AppData\Local\d3d9caps.dat 2015-06-05 19:47 - 2015-06-13 00:16 - 00000000 ____D C:\Users\Mako 2015-06-05 19:47 - 2015-06-12 23:20 - 00000944 _____ C:\Users\Mako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-06-05 19:47 - 2015-06-08 02:57 - 00000000 ____D C:\Users\Mako\AppData\Local\VirtualStore 2015-06-05 19:47 - 2015-06-05 19:47 - 00048600 _____ C:\Users\Mako\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-05 19:47 - 2015-06-05 19:47 - 00000949 _____ C:\Users\Mako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-05 19:47 - 2015-06-05 19:47 - 00000915 _____ C:\Users\Mako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-06-05 19:47 - 2015-06-05 19:47 - 00000020 ___SH C:\Users\Mako\ntuser.ini 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Ustawienia lokalne 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Szablony 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Moje dokumenty 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Menu Start 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Documents\Moje wideo 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Documents\Moje obrazy 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Documents\Moja muzyka 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\Dane aplikacji 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\AppData\Local\Historia 2015-06-05 19:47 - 2015-06-05 19:47 - 00000000 _SHDL C:\Users\Mako\AppData\Local\Dane aplikacji 2015-06-05 19:47 - 2008-01-21 04:56 - 00000000 ___RD C:\Users\Mako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-05 19:47 - 2008-01-21 04:56 - 00000000 ___RD C:\Users\Mako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Public\Documents\Moje wideo 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Public\Documents\Moje obrazy 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Public\Documents\Moja muzyka 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Ustawienia lokalne 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Szablony 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Moje dokumenty 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Menu Start 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Documents\Moje wideo 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Documents\Moje obrazy 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Documents\Moja muzyka 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\Dane aplikacji 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historia 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dane aplikacji 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default User\Documents\Moje wideo 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default User\Documents\Moje obrazy 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default User\Documents\Moja muzyka 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historia 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dane aplikacji 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Ulubione 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Szablony 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Pulpit 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Menu Start 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Dokumenty 2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 _SHDL C:\ProgramData\Dane aplikacji 2015-06-05 19:41 - 2015-06-05 19:41 - 00000604 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk 2015-06-05 19:38 - 2015-06-05 19:41 - 00001355 _____ C:\Windows\TSSysprep.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 22:34 - 2006-11-02 14:58 - 00014224 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-13 22:34 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-13 22:33 - 2006-11-02 14:45 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-13 22:33 - 2006-11-02 14:45 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-13 22:31 - 2008-01-21 03:38 - 00656045 _____ C:\Windows\WindowsUpdate.log 2015-06-13 22:29 - 2008-01-21 08:21 - 01469036 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-13 22:29 - 2008-01-21 08:20 - 00662112 _____ C:\Windows\system32\perfh015.dat 2015-06-13 22:29 - 2008-01-21 08:20 - 00126908 _____ C:\Windows\system32\perfc015.dat 2015-06-13 10:33 - 2008-01-21 05:02 - 00007054 _____ C:\Windows\PFRO.log 2015-06-06 02:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\NDF 2015-06-05 21:45 - 2006-11-02 14:35 - 00000000 ____D C:\Windows\system32\restore 2015-06-05 20:35 - 2006-11-02 14:41 - 00041984 ____H C:\Windows\system32\config\BCD-Template.LOG 2015-06-05 20:35 - 2006-11-02 14:35 - 00262144 _____ C:\Windows\system32\config\BCD-Template 2015-06-05 19:46 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2015-06-05 19:45 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2015-06-05 19:45 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Windows NT 2015-06-05 19:41 - 2006-11-02 14:49 - 00078260 _____ C:\Windows\setupact.log 2015-06-05 19:38 - 2006-11-02 14:45 - 00003257 _____ C:\Windows\DtcInstall.log 2015-06-05 19:38 - 2006-11-02 14:44 - 00229024 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2015-06-05 19:47 - 2015-06-13 21:48 - 0000680 _____ () C:\Users\Mako\AppData\Local\d3d9caps.dat Some files in TEMP: ==================== C:\Users\Mako\AppData\Local\Temp\UCI32A30.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 22:24 ==================== End of log ============================