Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01 Ran by Kanon (administrator) on KANON-HP (04-08-2015 00:20:28) Running from C:\Users\Kanon\Desktop Loaded Profiles: Kanon (Available Profiles: Kanon) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BAVSvc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe () C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\bavhm.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe [1997296 2015-05-15] (Baidu, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-08-09] () HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [ABBYY Screenshot Reader Bonus] => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe [939272 2009-11-25] (ABBYY) HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] () HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\Run: [home] => wscript.exe //B "C:\Users\Kanon\AppData\Local\Temp\home.vbe" <===== ATTENTION HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Kanon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-08-02] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=home HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> {F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119535&babsrc=SP_ss&mntrId=B6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119535&babsrc=SP_ss&mntrId=B6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {3AA020D6-0CEA-45CD-A6EF-A391A4E2D52B} URL = https://www.google.com/search?q={searchTerms} BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03] (DigitalPersona, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03] (DigitalPersona, Inc.) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3DFF655C-5B56-4415-A35C-82EC24D235EF}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CE74BD91-7E68-4BC2-8553-DF9A153B2402}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-08-09] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-4258540652-3167376319-1349578961-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-08-09] (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-09-03] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Profile: C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-01-23] CHR Extension: (Angry Birds) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-01-23] CHR Extension: (Google Drive) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-15] CHR Extension: (SKiD Racer) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno [2013-01-23] CHR Extension: (3D Aerobatics Training) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc [2013-01-23] CHR Extension: (Highlight Keywords for Google Search) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2013-01-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kanon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit) S3 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe [2572928 2015-05-15] (Baidu, Inc.) S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.) R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe [531232 2015-05-15] (Baidu, Inc.) S4 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed] R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed] S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) [File not signed] S3 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed] S4 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) S4 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed] S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-02] (IObit) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) R2 TheScreenSnapshotService; C:\Program Files (x86)\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe [143520 2015-06-15] () S3 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdApiUtil64.sys [116936 2015-05-15] (Baidu, Inc.) R3 bdark64; C:\windows\system32\drivers\bdark64.sys [78792 2015-04-20] () U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdCameraProtect64.sys [25032 2015-05-15] (Baidu, Inc.) S3 BdSandbox; C:\windows\System32\drivers\BdSandbox.sys [232440 2015-01-08] (Baidu, Inc.) R1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [62920 2015-05-15] (Baidu, Inc.) R1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [38344 2015-05-15] (Baidu, Inc.) R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-05-15] (Baidu, Inc.) R1 Bndef; C:\windows\System32\drivers\bndef64.sys [485672 2015-05-15] (Baidu, Inc.) R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.122701.0\Bnmon64.sys [82376 2015-05-15] (Baidu, Inc.) R1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [169416 2015-05-15] (Baidu, Inc.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R0 E08AE23A; C:\Windows\System32\drivers\E08AE23A.sys [457824 2015-06-23] (Kaspersky Lab ZAO) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation) S3 X6va013; No ImagePath S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X] S3 BprotectEx; \??\C:\windows\System32\drivers\BprotectEx.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X] S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X] U3 agtiqpog; \??\C:\Users\Kanon\AppData\Local\Temp\agtiqpog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-04 00:20 - 2015-08-04 00:20 - 00020367 _____ C:\Users\Kanon\Desktop\FRST.txt 2015-08-04 00:19 - 2015-08-04 00:20 - 00017823 _____ C:\Users\Kanon\Desktop\gmer.txt 2015-08-03 12:56 - 2015-08-03 23:32 - 00000430 _____ C:\windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job 2015-08-03 12:56 - 2015-08-03 12:56 - 00003534 _____ C:\windows\System32\Tasks\ToolsUpdatePlatform_ScheduledTask 2015-08-03 12:56 - 2015-08-03 12:56 - 00000000 ____D C:\Program Files (x86)\ToolsUpdatePlatform 2015-08-03 10:57 - 2015-08-03 10:57 - 00262144 _____ C:\windows\Minidump\080315-18361-01.dmp 2015-08-02 18:33 - 2015-08-02 18:33 - 00442624 _____ C:\windows\Minidump\080215-17752-01.dmp 2015-08-02 18:32 - 2015-08-03 10:57 - 479259083 _____ C:\windows\MEMORY.DMP 2015-08-02 18:01 - 2015-08-02 18:01 - 00380416 _____ C:\Users\Kanon\Desktop\cdpkf3yg.exe 2015-08-02 17:47 - 2015-08-03 23:32 - 00000280 _____ C:\windows\setupact.log 2015-08-02 17:47 - 2015-08-02 17:47 - 00000000 _____ C:\windows\setuperr.log 2015-08-02 17:07 - 2015-08-02 17:07 - 00001448 _____ C:\Users\Kanon\Desktop\UsbFix.lnk 2015-08-02 17:02 - 2015-08-04 00:20 - 02169856 _____ (Farbar) C:\Users\Kanon\Desktop\FRST64.exe 2015-08-02 16:59 - 2015-08-02 16:59 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2015-08-02 16:57 - 2015-08-02 17:00 - 00002904 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Kanon 2015-08-02 16:43 - 2015-08-02 16:43 - 00000000 ____D C:\Users\Kanon\AppData\Local\SlimWare Utilities Inc 2015-08-02 16:39 - 2015-08-02 16:39 - 02248704 _____ C:\Users\Kanon\Desktop\AdwCleaner_www.INSTALKI.pl.exe 2015-08-02 16:37 - 2015-08-02 16:37 - 03224504 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kanon\Desktop\UsbFix_2015_8.006.exe 2015-08-02 16:34 - 2015-08-04 00:20 - 00000000 ____D C:\FRST 2015-07-27 23:18 - 2015-07-27 23:26 - 00000000 ____D C:\Users\Kanon\Desktop\Nowy folder 2015-07-27 16:37 - 2015-07-27 16:37 - 00000000 ____D C:\Users\Kanon\Desktop\ogródkowa 3 2015-07-12 13:41 - 2015-07-12 13:41 - 00000000 ____D C:\Users\Kanon\Desktop\2015 2015-07-12 13:37 - 2015-07-12 13:37 - 00000000 ____D C:\Users\Kanon\Desktop\2014 2015-07-11 15:46 - 2015-08-02 17:58 - 00000548 _____ C:\Users\Kanon\Desktop\Search.txt 2015-07-11 15:34 - 2015-08-04 00:20 - 00000000 ____D C:\Users\Kanon\Desktop\FRST-OlderVersion 2015-07-11 11:04 - 2015-08-03 23:33 - 00000000 ____D C:\Users\Kanon\AppData\Local\screenSHU 2015-07-11 11:04 - 2015-07-11 11:04 - 00001053 _____ C:\Users\Kanon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\screenSHU.lnk 2015-07-11 11:04 - 2015-07-11 11:04 - 00001023 _____ C:\Users\Kanon\Desktop\screenSHU.lnk 2015-07-11 11:04 - 2015-07-11 11:04 - 00000000 ____D C:\Program Files (x86)\screenSHU 2015-07-11 11:03 - 2015-07-11 11:04 - 08059407 _____ (screenSHU) C:\Users\Kanon\Desktop\screenSHU-setup.exe 2015-07-10 17:04 - 2015-07-11 11:06 - 00000000 ____D C:\Users\Kanon\Desktop\naprawa 2015-07-10 16:57 - 2015-08-02 17:51 - 00000000 ____D C:\AdwCleaner 2015-07-10 16:56 - 2015-07-10 16:56 - 02248704 _____ C:\Users\Kanon\Desktop\adwcleaner_4.208.exe 2015-07-10 16:48 - 2015-08-02 17:09 - 00000000 ____D C:\UsbFix 2015-07-10 11:43 - 2015-07-10 11:43 - 00000000 ____D C:\ProgramData\BavSvc_exe 2015-07-10 11:40 - 2015-07-10 11:40 - 00380416 _____ C:\Users\Kanon\Desktop\f7hp56rl.exe 2015-07-06 09:59 - 2015-08-04 00:20 - 00000646 _____ C:\windows\Tasks\{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job 2015-07-06 09:59 - 2015-08-03 23:34 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform 2015-07-06 09:59 - 2015-07-06 10:47 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\ScreenSnapshotTool 2015-07-06 09:59 - 2015-07-06 09:59 - 00003650 _____ C:\windows\System32\Tasks\{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} 2015-07-06 09:59 - 2015-07-06 09:59 - 00000000 ____D C:\Users\Public\Documents\Guid 2015-07-06 09:59 - 2015-07-06 09:59 - 00000000 ____D C:\Program Files (x86)\ScreenSnapshotTool ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-04 00:11 - 2012-12-15 22:49 - 00001046 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-03 23:41 - 2009-07-14 06:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-03 23:41 - 2009-07-14 06:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-03 23:39 - 2010-09-03 16:59 - 00740688 _____ C:\windows\system32\perfh015.dat 2015-08-03 23:39 - 2010-09-03 16:59 - 00156230 _____ C:\windows\system32\perfc015.dat 2015-08-03 23:39 - 2009-07-14 07:13 - 01670590 _____ C:\windows\system32\PerfStringBackup.INI 2015-08-03 23:34 - 2015-06-11 18:03 - 00000410 _____ C:\windows\Tasks\SlimDrivers Startup.job 2015-08-03 23:34 - 2013-08-09 15:54 - 00000000 ____D C:\Users\Kanon\AppData\Local\PMB Files 2015-08-03 23:33 - 2015-06-11 18:03 - 00002836 _____ C:\windows\System32\Tasks\SlimDrivers Startup 2015-08-03 23:33 - 2015-04-29 16:58 - 00019359 _____ C:\windows\system32\HWLook.log 2015-08-03 23:32 - 2012-12-15 22:49 - 00001042 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-03 23:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-08-03 10:57 - 2013-03-30 14:39 - 00000000 ____D C:\windows\Minidump 2015-08-03 10:44 - 2012-12-10 17:38 - 00000000 ____D C:\Users\Kanon\Documents\Basia 2015-08-03 10:30 - 2013-12-30 12:44 - 00000000 ____D C:\ProgramData\ProductData 2015-08-02 17:00 - 2015-03-04 21:32 - 00003020 _____ C:\windows\wininit.ini 2015-08-02 17:00 - 2014-06-13 08:49 - 00000000 ____D C:\Program Files (x86)\baidu 2015-08-02 17:00 - 2014-01-27 21:31 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\Baidu 2015-08-02 16:56 - 2013-12-30 12:43 - 00000000 ____D C:\ProgramData\IObit 2015-08-02 14:20 - 2014-06-30 09:14 - 01167278 _____ C:\windows\WindowsUpdate.log 2015-08-02 14:19 - 2014-11-19 15:23 - 00000000 ____D C:\Users\Kanon\Desktop\Paulina ;d 2015-07-27 22:56 - 2013-07-25 12:43 - 00000000 ____D C:\Users\Kanon\Desktop\zdj z aparatu 2015-07-27 16:57 - 2013-03-02 18:22 - 00040960 ____H C:\Users\Kanon\Desktop\photothumb.db 2015-07-15 09:38 - 2009-07-14 07:32 - 00000000 ____D C:\windows\system32\FxsTmp 2015-07-14 23:23 - 2013-06-01 20:54 - 00000000 ____D C:\Users\Kanon\AppData\Roaming\Epson 2015-07-10 20:24 - 2014-07-23 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-07-10 20:24 - 2013-08-09 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe 2015-07-10 20:24 - 2013-03-02 18:20 - 00000000 ____D C:\windows\System32\Tasks\ProtectedSearch 2015-07-10 16:59 - 2012-12-15 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-07 20:50 - 2015-05-31 09:51 - 00000000 ____D C:\Users\Kanon\Desktop\skarga stowarzyszenia ==================== Files in the root of some directories ======= 2013-03-09 23:30 - 2013-09-08 19:08 - 0010752 _____ () C:\Users\Kanon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-01 10:59 - 2013-06-01 10:59 - 0215025 _____ () C:\ProgramData\1370077131.bdinstall.bin 2013-06-01 11:00 - 2013-06-01 11:00 - 0059672 _____ () C:\ProgramData\1370077236.bdinstall.bin 2013-06-01 11:13 - 2013-06-01 11:13 - 0661845 _____ () C:\ProgramData\1370077516.bdinstall.bin 2013-10-14 09:13 - 2013-10-14 09:13 - 0489320 _____ () C:\ProgramData\1381734345.bdinstall.bin 2013-10-19 13:51 - 2013-10-19 13:51 - 0225740 _____ () C:\ProgramData\1382183432.bdinstall.bin 2014-05-25 18:44 - 2014-05-25 18:44 - 0000088 __RSH () C:\ProgramData\965614D0CF.sys 2012-12-23 20:52 - 2012-12-23 20:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2014-11-29 19:37 - 2014-11-29 19:37 - 2141763 _____ () C:\ProgramData\GH-H4-125.7z 2014-05-25 18:44 - 2014-05-25 18:44 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Kanon\AppData\Local\Temp\bresst.exe C:\Users\Kanon\AppData\Local\Temp\Quarantine.exe C:\Users\Kanon\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-02 19:02 ==================== End of log ============================