Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016 Ran by michal!! (administrator) on MICHAL-PC (31-05-2016 12:09:19) Running from C:\Users\michal!!\Desktop\@@PEN Loaded Profiles: michal!! (Available Profiles: michal!!) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Windows\System32\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dell Inc.) C:\Windows\System32\WLTRAY.EXE (IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Spotify Ltd) C:\Users\michal!!\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Panasonic Corporation) C:\Program Files (x86)\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe (Creative Technology Ltd.) C:\Windows\OEM02Mon.exe (CyberLink Corp.) C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\psqltray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [271872 2008-07-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3725312 2008-05-19] (Dell Inc.) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Fingerprint Reader Suite\launcher.exe [67088 2007-04-17] (UPEK Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-07-17] (IDT, Inc.) HKLM-x32\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe HKLM-x32\...\Run: [DELL Webcam Manager] => C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.) HKLM-x32\...\Run: [PCMService] => C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2010-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-1919287987-587404221-3270057354-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1919287987-587404221-3270057354-1000\...\Run: [Spotify Web Helper] => C:\Users\michal!!\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-04] (Spotify Ltd) HKU\S-1-5-21-1919287987-587404221-3270057354-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8432640 2008-01-21] (Microsoft Corporation) Lsa: [Notification Packages] scecli psqlpwd ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-09-10] (UPEK Inc.) ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-09-10] (UPEK Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2008-08-27] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2008-08-27] ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk [2011-05-25] ShortcutTarget: VideoCam Suite 2.0.lnk -> C:\Program Files (x86)\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe (Panasonic Corporation) Startup: C:\Users\michal!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-01-31] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.41.20.254 Tcpip\..\Interfaces\{5B499E40-3E82-4DC3-A61B-96432B940F8D}: [DhcpNameServer] 10.41.20.254 Tcpip\..\Interfaces\{D4205123-8A7A-4CC0-A8B4-D9DC3A34B5A9}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1919287987-587404221-3270057354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1919287987-587404221-3270057354-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1919287987-587404221-3270057354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23] (Adobe Systems Incorporated) BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11] (Skype Technologies S.A.) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-02-16] (Oracle Corporation) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11] (Skype Technologies S.A.) FireFox: ======== FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-09-06] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-02-16] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-31] [not signed] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-05-31] Chrome: ======= CHR HomePage: Default -> hxxp://google.pl/ CHR Profile: C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18] CHR Extension: (Dokumenty Google) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18] CHR Extension: (Dysk Google) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Google Search) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Arkusze Google) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18] CHR Extension: (Dokumenty Google offline) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\michal!!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation) R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-07] (Kaspersky Lab ZAO) R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2016-02-16] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) [File not signed] R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe [122880 2008-07-17] (IDT, Inc.) R2 Themes; C:\Windows\system32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation) [File not signed] R2 Themes; C:\Windows\SysWOW64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) [File not signed] S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2705920 2008-05-19] (Dell Inc.) [File not signed] S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.v64 [34648 2016-03-21] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) S1 Beep; no ImagePath R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-02-16] (Huawei Technologies Co., Ltd.) S4 iaNvStor; C:\Windows\system32\drivers\ianvstor.sys [409112 2008-07-17] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-07] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-07] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-31] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-31] (AO Kaspersky Lab) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-07] (AO Kaspersky Lab) R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [91320 2015-06-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266496 2008-08-06] (Creative Technology Ltd.) R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2008-08-06] (EyePower Games Pte. Ltd.) R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\Dell\MediaDirect\000.fcl [32240 2007-09-07] (Cyberlink Corp.) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] R4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-31 11:48 - 2016-05-31 11:48 - 00002265 _____ C:\Users\michal!!\Desktop\Bezpieczne pieniądze.lnk 2016-05-31 11:47 - 2016-05-31 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2016-05-31 11:47 - 2016-05-31 11:46 - 00002049 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2016-05-31 11:39 - 2016-05-31 11:46 - 00000000 ____D C:\Windows\LastGood 2016-05-31 11:36 - 2016-05-31 11:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-05-31 11:36 - 2016-05-31 11:36 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-05-31 11:34 - 2016-05-31 12:04 - 00943536 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-05-31 11:34 - 2015-12-07 19:54 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-05-31 11:34 - 2015-12-07 19:54 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-05-31 11:02 - 2016-05-31 11:05 - 00181612 _____ C:\TDSSKiller.3.1.0.9_31.05.2016_11.02.25_log.txt 2016-05-31 10:40 - 2016-05-31 10:26 - 162692312 _____ (Kaspersky Lab) C:\Users\michal!!\Desktop\kis16.0.0.614pl-pl.exe 2016-05-31 10:40 - 2016-05-31 10:12 - 00602112 _____ (OldTimer Tools) C:\Users\michal!!\Desktop\OTL.exe 2016-05-31 10:39 - 2016-05-31 10:39 - 00000732 _____ C:\Users\michal!!\AppData\Local\d3d9caps64.dat 2016-05-31 10:24 - 2016-05-31 10:24 - 00018078 _____ C:\ComboFix.txt 2016-05-30 19:50 - 2016-05-31 12:09 - 00000000 ____D C:\FRST 2016-05-30 19:44 - 2016-05-31 12:09 - 00000000 ____D C:\Users\michal!!\Desktop\@@PEN 2016-05-30 19:44 - 2016-05-30 19:46 - 00000000 ____D C:\AdwCleaner 2016-05-30 19:17 - 2016-05-30 19:16 - 05659526 ____R (Swearware) C:\Users\michal!!\Desktop\ComboFix.exe 2016-05-30 19:17 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2016-05-30 19:17 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2016-05-30 19:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-05-30 19:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-05-30 19:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-05-30 19:17 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2016-05-30 19:17 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2016-05-30 19:17 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2016-05-30 19:12 - 2016-05-31 10:24 - 00000000 ____D C:\Qoobox 2016-05-30 19:11 - 2016-05-30 19:11 - 00001012 _____ C:\Users\michal!!\Desktop\AIDA64 Extreme.lnk 2016-05-30 19:11 - 2016-05-30 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2016-05-30 19:11 - 2016-05-30 19:11 - 00000000 ____D C:\Program Files (x86)\FinalWire 2016-05-30 18:59 - 2016-05-31 10:11 - 00000000 ____D C:\Windows\erdnt 2016-05-30 18:48 - 2016-05-30 18:49 - 00274888 _____ C:\Windows\Minidump\Mini053016-01.dmp 2016-05-27 16:26 - 2016-05-27 16:26 - 00000000 ____D C:\found.004 2016-05-18 00:32 - 2016-05-18 00:33 - 00274888 _____ C:\Windows\Minidump\Mini051816-01.dmp 2016-05-13 22:37 - 2016-05-13 22:38 - 00000000 ____D C:\ProgramData\HandSetService 2016-05-13 22:37 - 2016-05-13 22:37 - 00000832 _____ C:\Users\Public\Desktop\HiSuite.lnk 2016-05-13 22:37 - 2016-05-13 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite 2016-05-13 22:37 - 2016-05-13 22:37 - 00000000 ____D C:\ProgramData\HiSuiteOuc 2016-05-13 22:37 - 2016-02-16 11:04 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys 2016-05-13 22:37 - 2016-02-16 11:04 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys 2016-05-13 22:37 - 2016-02-16 11:04 - 00126592 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys 2016-05-13 22:37 - 2016-02-16 11:04 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys 2016-05-13 22:37 - 2016-02-16 11:04 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2016-05-13 22:37 - 2016-02-16 11:04 - 00018816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys 2016-05-12 02:31 - 2016-03-10 19:07 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-12 02:31 - 2016-03-10 18:43 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-12 02:25 - 2016-04-09 23:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-12 02:25 - 2016-04-09 22:48 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-12 02:25 - 2016-04-09 22:01 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-12 02:25 - 2016-04-09 21:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-12 02:24 - 2016-04-09 23:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-12 02:24 - 2016-04-09 22:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-12 02:23 - 2016-04-09 22:19 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-12 02:20 - 2016-04-09 23:39 - 04692200 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-12 02:20 - 2016-04-09 22:53 - 00901352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-12 02:20 - 2016-04-09 22:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 18:40 - 2016-04-23 19:33 - 17974784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 18:40 - 2016-04-23 19:30 - 10888192 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 18:40 - 2016-04-23 19:30 - 02265600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 18:40 - 2016-04-23 19:30 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 18:40 - 2016-04-23 19:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 18:40 - 2016-04-23 19:29 - 02129920 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 18:40 - 2016-04-23 19:29 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 18:40 - 2016-04-23 19:29 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-05-11 18:40 - 2016-04-23 19:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-05-11 18:40 - 2016-04-23 19:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-05-11 18:40 - 2016-04-23 19:03 - 12858880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 18:40 - 2016-04-23 19:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 18:40 - 2016-04-23 19:01 - 09729536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 18:40 - 2016-04-23 19:00 - 01831424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 18:40 - 2016-04-23 19:00 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 18:40 - 2016-04-23 19:00 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 18:40 - 2016-04-23 19:00 - 01089024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 18:40 - 2016-04-23 19:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-05-11 18:40 - 2016-04-23 19:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 18:40 - 2016-04-23 18:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 18:40 - 2016-04-23 18:59 - 01789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-05-11 18:40 - 2016-04-23 18:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-05-11 18:40 - 2016-04-23 18:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-31 12:12 - 2015-06-18 17:41 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-31 12:04 - 2015-06-11 19:32 - 00049240 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-05-31 12:04 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys 2016-05-31 11:47 - 2015-01-05 00:46 - 00000000 ____D C:\Users\Guest 2016-05-31 11:47 - 2015-01-05 00:46 - 00000000 ____D C:\Users\Administrator 2016-05-31 11:46 - 2011-01-30 23:59 - 00000000 ____D C:\Users\michal!! 2016-05-31 11:46 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf 2016-05-31 11:39 - 2006-11-02 15:33 - 00000000 ____D C:\Windows 2016-05-31 11:34 - 2006-11-02 14:46 - 00006580 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-31 11:31 - 2011-01-30 23:05 - 00207320 _____ C:\ProgramData\nvModes.001 2016-05-31 11:30 - 2015-06-18 17:41 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-31 11:29 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-31 11:29 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-31 11:29 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-31 11:06 - 2013-04-09 13:39 - 00507614 _____ C:\Windows\ntbtlog.txt 2016-05-31 11:06 - 2012-06-05 20:29 - 00008268 _____ C:\Users\michal!!\AppData\Local\d3d9caps.dat 2016-05-31 10:14 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini 2016-05-31 10:11 - 2008-08-26 20:31 - 00008524 _____ C:\Windows\bthservsdp.dat 2016-05-31 10:11 - 2006-11-02 17:42 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-30 19:46 - 2015-06-25 11:12 - 00000000 ____D C:\Windows\system32\log 2016-05-30 19:46 - 2011-01-31 00:36 - 00000729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-05-30 19:46 - 2011-01-31 00:36 - 00000717 _____ C:\Users\Public\Desktop\Opera.lnk 2016-05-30 19:46 - 2011-01-31 00:01 - 00000917 _____ C:\Users\michal!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-30 19:46 - 2011-01-31 00:01 - 00000917 _____ C:\Users\michal!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-05-30 18:48 - 2011-02-21 13:36 - 00000000 ____D C:\Windows\Minidump 2016-05-30 18:47 - 2016-04-14 23:27 - 507505727 _____ C:\Windows\MEMORY.DMP 2016-05-30 18:15 - 2011-03-07 00:45 - 00000000 ____D C:\Users\michal!!\AppData\Roaming\vlc 2016-05-30 16:47 - 2016-04-19 11:22 - 00000000 ____D C:\Users\michal!!\Desktop\aga 2016-05-13 22:38 - 2016-02-12 16:26 - 00000000 ____D C:\Users\michal!!\AppData\Local\HiSuite 2016-05-13 22:37 - 2016-02-12 16:25 - 00000000 ____D C:\Program Files (x86)\HiSuite 2016-05-12 17:57 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache 2016-05-12 17:22 - 2006-11-02 17:21 - 00366704 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-12 17:18 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-12 02:31 - 2015-01-01 21:40 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-05-10 23:07 - 2015-06-18 17:41 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 23:07 - 2015-06-18 17:41 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-08 12:35 - 2011-01-30 19:52 - 00207320 _____ C:\ProgramData\nvModes.dat 2016-05-07 14:12 - 2011-03-09 16:14 - 00000000 ____D C:\Users\michal!!\AppData\Roaming\dvdcss 2016-05-05 00:56 - 2011-01-31 17:02 - 00175616 _____ C:\Users\michal!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Files in the root of some directories ======= 2015-07-22 07:51 - 2015-08-21 11:26 - 0449736 _____ (TODO: <公司名>) C:\Program Files (x86)\SSFK.exe 2011-01-31 00:01 - 2011-01-31 00:44 - 0001834 _____ () C:\Users\michal!!\AppData\Roaming\install.dat 2013-12-16 13:53 - 2014-12-28 23:36 - 0000114 _____ () C:\Users\michal!!\AppData\Roaming\wklnhst.dat 2012-06-05 20:29 - 2016-05-31 11:06 - 0008268 _____ () C:\Users\michal!!\AppData\Local\d3d9caps.dat 2016-05-31 10:39 - 2016-05-31 10:39 - 0000732 _____ () C:\Users\michal!!\AppData\Local\d3d9caps64.dat 2011-01-31 17:02 - 2016-05-05 00:56 - 0175616 _____ () C:\Users\michal!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-03 22:09 - 2012-11-03 22:09 - 0438736 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistMSI309D.txt 2011-01-31 00:11 - 2011-01-31 00:12 - 0429554 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistMSI4E8A.txt 2015-02-28 00:44 - 2015-02-28 00:44 - 0594170 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistMSI5BAA.txt 2015-02-28 00:47 - 2015-02-28 00:47 - 0364862 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistMSI5DEF.txt 2015-02-28 00:47 - 2015-02-28 00:47 - 0355090 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistMSI5DFF.txt 2011-01-31 01:09 - 2011-01-31 01:09 - 0426606 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistMSI7B12.txt 2012-11-03 22:09 - 2012-11-03 22:09 - 0011474 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistUI309D.txt 2011-01-31 00:11 - 2011-01-31 00:12 - 0017590 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistUI4E8A.txt 2015-02-28 00:44 - 2015-02-28 00:44 - 0015110 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistUI5BAA.txt 2015-02-28 00:47 - 2015-02-28 00:47 - 0011482 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistUI5DEF.txt 2015-02-28 00:47 - 2015-02-28 00:47 - 0011386 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistUI5DFF.txt 2011-01-31 01:09 - 2011-01-31 01:09 - 0011626 _____ () C:\Users\michal!!\AppData\Local\dd_vcredistUI7B12.txt 2015-01-05 00:47 - 2015-01-05 01:14 - 0000003 _____ () C:\Users\michal!!\AppData\Local\proxy.log 2015-11-02 08:18 - 2015-11-02 08:18 - 0000000 _____ () C:\Users\michal!!\AppData\Local\{DE4FD04C-C01F-4B73-9342-EA9B034EC7F6} 2011-02-21 13:07 - 2011-02-21 13:07 - 0000048 ____H () C:\ProgramData\ezsidmv.dat 2011-01-30 23:05 - 2016-05-31 11:31 - 0207320 _____ () C:\ProgramData\nvModes.001 2011-01-30 19:52 - 2016-05-08 12:35 - 0207320 _____ () C:\ProgramData\nvModes.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-31 11:35 ==================== End of FRST.txt ============================