Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01 Ran by Andrzej Piekarski (administrator) on EDGE on 04-09-2013 10:13:45 Running from F:\piekar Windows 7 Professional (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\Avast\AvastSvc.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 4900 Series\ezprint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe ( ) C:\Windows\system32\lxdrcoms.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe () C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (AVAST Software) C:\Program Files\Avast\AvastUI.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe (Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-07-02] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated) HKLM\...\Run: [lxdrmon.exe] - C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe [676520 2008-09-10] () HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 4900 Series\ezprint.exe [131752 2008-09-10] (Lexmark International Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [SJelite3Launch] - C:\Users\Andrzej Piekarski\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe [180224 2010-06-28] () HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-02-01] (Nokia) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.) MountPoints2: {568a2cc3-8e63-11e1-a841-806e6f6e6963} - Q:\LenovoQDrive.exe MountPoints2: {985fe59b-d714-11e1-99f9-60eb6945a0e6} - F:\NokiaPCIA_Autorun.exe HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129320 2010-07-20] (Lenovo Group Limited) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKU\Default\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [900944 2010-06-12] (Microsoft Corporation) HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] () HKU\Default User\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [900944 2010-06-12] (Microsoft Corporation) HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] () Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Andrzej Piekarski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series (sieć).lnk ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series (sieć).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {8159B641-48E1-4714-B3C9-EC441FA2FD8E} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox; SearchScopes: HKCU - {89B55515-8372-49A5-AD72-90839A874530} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Chrome In-App Payments service) - C:\Users\ANDRZE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S2 lxdrCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdrserv.exe [33960 2008-05-16] (Lexmark International, Inc.) R2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1040552 2008-05-16] ( ) R2 MSSQL$INSERTGT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor) R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-07-20] () S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x] S2 regi; \??\C:\Windows\system32\drivers\regi.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 20:44 - 2013-09-03 20:45 - 00000000 ____D C:\AdwCleaner 2013-09-02 15:05 - 2013-09-02 15:05 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======= 2013-09-04 10:12 - 2010-09-18 20:11 - 00748202 _____ C:\Windows\system32\perfh015.dat 2013-09-04 10:12 - 2010-09-18 20:11 - 00154002 _____ C:\Windows\system32\perfc015.dat 2013-09-04 10:12 - 2009-07-14 07:13 - 01689790 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-04 10:11 - 2012-07-04 12:11 - 00004152 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-04 10:11 - 2012-06-24 19:02 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-04 10:11 - 2012-06-03 22:47 - 00000000 ____D C:\Users\Andrzej Piekarski\AppData\Roaming\Skype 2013-09-04 10:11 - 2012-05-18 08:34 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-04 10:11 - 2012-05-06 21:04 - 00000280 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2013-09-04 10:10 - 2012-06-24 19:02 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-04 10:10 - 2010-09-18 11:17 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2013-09-04 10:10 - 2010-09-18 11:16 - 00000332 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2013-09-03 20:49 - 2013-09-03 20:49 - 00077824 ____N C:\Windows\KMSEmulator.exe 2013-09-03 20:49 - 2012-04-27 10:01 - 00041004 _____ C:\Windows\AutoKMS.log 2013-09-03 20:49 - 2012-04-27 09:54 - 00000224 _____ C:\Windows\Tasks\AutoKMS.job 2013-09-03 20:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 20:46 - 2010-09-18 10:41 - 00094132 _____ C:\Windows\PFRO.log 2013-09-03 20:46 - 2009-07-14 06:51 - 00072462 _____ C:\Windows\setupact.log 2013-09-03 20:45 - 2013-09-03 20:44 - 00000000 ____D C:\AdwCleaner 2013-09-03 20:45 - 2010-09-18 10:26 - 01914271 _____ C:\Windows\WindowsUpdate.log 2013-09-03 20:39 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-03 20:39 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-03 20:30 - 2012-04-25 01:23 - 00000000 ___RD C:\Users\Andrzej Piekarski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-02 15:05 - 2013-09-02 15:05 - 00000000 ____D C:\FRST 2013-09-01 18:45 - 2012-04-27 09:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-26 21:18 - 2013-03-06 17:58 - 00000000 ____D C:\Program Files\Google 2013-08-26 21:18 - 2012-06-24 19:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-22 10:05 - 2012-06-24 19:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-21 10:18 - 2012-05-18 08:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 10:18 - 2012-05-18 08:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 10:18 - 2012-05-18 08:34 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 11:13 - 2012-06-20 11:33 - 00002270 _____ C:\Users\Andrzej 2013-08-20 11:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-19 21:01 - 2012-04-25 10:18 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-19 21:00 - 2012-06-24 19:01 - 00000000 ____D C:\Users\ANDRZE~1\AppData\Local\Google 2013-08-19 09:53 - 2013-07-29 21:40 - 00000000 ____D C:\Windows\system32\MRT 2013-08-19 09:53 - 2012-04-25 10:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\ANDRZE~1\AppData\Local\Temp\NEventMessages.dll C:\Users\ANDRZE~1\AppData\Local\Temp\NOSEventMessages.dll C:\Users\ANDRZE~1\AppData\Local\Temp\Quarantine.exe C:\Users\ANDRZE~1\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-27 09:57 ==================== End Of Log ============================