Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Ziom Forever (administrator) on ZIOMFOREVER-PC on 13-10-2013 12:59:56 Running from C:\Users\Ziom Forever\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe () C:\ProgramData\DatacardService\DCService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Symantec Corporation) C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\ccSvcHst.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Symantec Corporation) C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\ccSvcHst.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe () C:\Windows\SMINST\BLService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Corel) C:\Program Files\Common Files\Corel\Standby\Standby.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Microsoft Corporation) C:\Windows\System32\vdsldr.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.) HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [699456 2008-03-12] (DigitalPersona, Inc.) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [663552 2007-03-12] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2007-01-26] (Brother Industries, Ltd.) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Standby] - c:\Program Files\Common Files\Corel\Standby\Standby.exe [105632 2010-04-14] (Corel) HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2009-01-12] (CyberLink Corp.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [googletalk] - C:\Users\Ziom Forever\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) MountPoints2: F - F:\CDSTART.EXE MountPoints2: {168360e1-843b-11e0-8d6f-002186c8d53c} - G:\AutoRun.exe MountPoints2: {168360e3-843b-11e0-8d6f-002186c8d53c} - G:\AutoRun.exe MountPoints2: {80e7b9c5-67d6-11e2-a2c2-002186c8d53c} - G:\AutoRun.exe MountPoints2: {80e7b9c8-67d6-11e2-a2c2-002186c8d53c} - G:\AutoRun.exe MountPoints2: {8f7bff2b-aaad-11e2-864c-002186c8d53c} - G:\AutoRun.exe MountPoints2: {8f7bff64-aaad-11e2-864c-001e101f82a7} - G:\AutoRun.exe MountPoints2: {9558f3c0-3264-11e3-8bba-806e6f6e6963} - F:\AOESETUP.EXE /autorun MountPoints2: {99397434-3ca9-11de-9e67-002186c8d53c} - F:\AOESETUP.EXE /autorun MountPoints2: {9fd5724a-0615-11e0-9f77-002186c8d53c} - G:\AutoRun.exe MountPoints2: {c9f02e45-657c-11e1-ae81-002186c8d53c} - G:\Startme.exe MountPoints2: {f23a2722-fd41-11de-ae09-002186c8d53c} - G:\AutoRun.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Lsa: [Notification Packages] scecli DPPWDFLT ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU -AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 FireFox: ======== FF ProfilePath: C:\Users\Ziom Forever\AppData\Roaming\Mozilla\Firefox\Profiles\vvqrkeqd.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ziom Forever\AppData\Roaming\Mozilla\Firefox\Profiles\vvqrkeqd.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: DownloadHelper - C:\Users\Ziom Forever\AppData\Roaming\Mozilla\Firefox\Profiles\vvqrkeqd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Users\Ziom Forever\AppData\Roaming\Mozilla\Firefox\Profiles\vvqrkeqd.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF Chrome: ======= CHR HomePage: hxxp://www.gazeta.pl/0,0.html?p=128 CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\Exts\Chrome.crx ========================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [73728 2008-02-12] (Andrea Electronics Corporation) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) R2 NIS; C:\Program Files\Norton Internet Security 2013\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation) R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2009-01-12] () R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2009-01-12] () R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.) S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-24] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation) R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation) S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131011.001\IDSvix86.sys [392792 2013-10-09] (Symantec Corporation) R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131012.006\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131012.006\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation) R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7346176 2011-10-31] (Intel Corporation) S3 SER120; C:\Windows\System32\DRIVERS\SER120.sys [32910 2005-03-22] (USB Com port.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-10-11] (Duplex Secure Ltd.) S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-05] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation) R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files\HP\QuickPlay\000.fcl [87536 2009-01-12] (CyberLink Corp.) U1 eabfiltr; U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [101504 2010-03-20] (Huawei Technologies Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 usbbus; system32\DRIVERS\lgusbbus.sys [x] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x] U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-13 12:59 - 2013-10-13 12:59 - 00000000 ____D C:\FRST 2013-10-13 12:55 - 2013-10-13 12:55 - 00000666 _____ C:\Users\Ziom Forever\Desktop\defogger_disable.log 2013-10-13 12:55 - 2013-10-13 12:55 - 00000176 _____ C:\Users\Ziom Forever\defogger_reenable 2013-10-13 12:54 - 2013-10-13 12:54 - 00050477 _____ C:\Users\Ziom Forever\Desktop\Defogger.exe 2013-10-13 12:52 - 2013-10-13 12:52 - 01087213 _____ (Farbar) C:\Users\Ziom Forever\Desktop\FRST.exe 2013-10-11 13:26 - 2013-10-11 13:25 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-10-11 13:26 - 2013-10-11 13:25 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-11 13:26 - 2013-10-11 13:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-11 13:23 - 2013-10-11 13:26 - 00000000 ____D C:\ProgramData\Oracle 2013-10-11 12:50 - 2013-10-11 12:50 - 00000000 ____D C:\Windows\ERUNT 2013-10-11 12:01 - 2013-10-11 12:01 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2013-10-11 11:52 - 2013-10-11 11:52 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-11 11:52 - 2013-10-11 11:52 - 00000000 ____D C:\Users\Ziom Forever\AppData\Roaming\Malwarebytes 2013-10-11 11:52 - 2013-10-11 11:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-11 11:52 - 2013-10-11 11:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-11 11:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-09 18:22 - 2013-10-10 00:22 - 17750408 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2013-09-30 23:15 - 2013-09-30 23:15 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-13 13:00 - 2008-09-27 01:10 - 01374809 _____ C:\Windows\WindowsUpdate.log 2013-10-13 12:59 - 2013-10-13 12:59 - 00000000 ____D C:\FRST 2013-10-13 12:58 - 2010-09-29 15:15 - 00001537 _____ C:\ProgramData\hpqp.ini 2013-10-13 12:57 - 2013-07-17 12:22 - 00000326 _____ C:\Windows\Tasks\Kvkzm.job 2013-10-13 12:57 - 2008-09-27 01:43 - 00085724 _____ C:\ProgramData\nvModes.dat 2013-10-13 12:57 - 2008-09-27 01:43 - 00085724 _____ C:\ProgramData\nvModes.001 2013-10-13 12:57 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-13 12:57 - 2006-11-02 14:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-13 12:57 - 2006-11-02 14:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-13 12:55 - 2013-10-13 12:55 - 00000666 _____ C:\Users\Ziom Forever\Desktop\defogger_disable.log 2013-10-13 12:55 - 2013-10-13 12:55 - 00000176 _____ C:\Users\Ziom Forever\defogger_reenable 2013-10-13 12:55 - 2009-02-16 13:54 - 00000000 ____D C:\Users\Ziom Forever 2013-10-13 12:55 - 2008-09-27 01:10 - 00004132 _____ C:\Windows\bthservsdp.dat 2013-10-13 12:55 - 2006-11-02 15:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-13 12:54 - 2013-10-13 12:54 - 00050477 _____ C:\Users\Ziom Forever\Desktop\Defogger.exe 2013-10-13 12:52 - 2013-10-13 12:52 - 01087213 _____ (Farbar) C:\Users\Ziom Forever\Desktop\FRST.exe 2013-10-13 12:22 - 2012-04-12 19:55 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-13 10:39 - 2013-04-29 20:32 - 00000000 ____D C:\Users\Ziom Forever\Documents\FIFA 13 2013-10-11 19:40 - 2010-09-09 21:54 - 00000000 ____D C:\Users\Ziom Forever\AppData\Roaming\ipla 2013-10-11 13:51 - 2009-05-09 16:55 - 00000000 ____D C:\Users\Ziom Forever\AppData\Roaming\DAEMON Tools Lite 2013-10-11 13:26 - 2013-10-11 13:23 - 00000000 ____D C:\ProgramData\Oracle 2013-10-11 13:26 - 2008-07-03 01:02 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-11 13:25 - 2013-10-11 13:26 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-10-11 13:25 - 2013-10-11 13:26 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-11 13:25 - 2013-10-11 13:26 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-11 13:25 - 2012-04-05 21:08 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-10-11 13:25 - 2012-04-05 21:08 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-11 13:25 - 2012-04-05 21:08 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-11 13:25 - 2008-07-03 01:02 - 00000000 ____D C:\Program Files\Java 2013-10-11 13:08 - 2009-05-09 16:59 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2013-10-11 13:08 - 2008-07-03 09:27 - 00672140 _____ C:\Windows\system32\perfh015.dat 2013-10-11 13:08 - 2008-07-03 09:27 - 00130516 _____ C:\Windows\system32\perfc015.dat 2013-10-11 13:08 - 2006-11-02 12:33 - 01495264 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-11 13:02 - 2008-07-03 09:28 - 00000000 ____D C:\Windows\panther 2013-10-11 13:02 - 2008-01-21 04:47 - 00966664 _____ C:\Windows\PFRO.log 2013-10-11 12:50 - 2013-10-11 12:50 - 00000000 ____D C:\Windows\ERUNT 2013-10-11 12:01 - 2013-10-11 12:01 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2013-10-11 12:01 - 2009-05-09 16:55 - 00466008 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2013-10-11 11:52 - 2013-10-11 11:52 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-11 11:52 - 2013-10-11 11:52 - 00000000 ____D C:\Users\Ziom Forever\AppData\Roaming\Malwarebytes 2013-10-11 11:52 - 2013-10-11 11:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-11 11:52 - 2013-10-11 11:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-11 11:38 - 2010-09-08 21:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-10 13:27 - 2010-09-30 06:46 - 00000021 _____ C:\ProgramData\hpqp.txt 2013-10-10 10:38 - 2009-02-16 13:58 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-10 10:37 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-10 00:22 - 2013-10-09 18:22 - 17750408 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2013-10-09 21:02 - 2009-02-23 21:28 - 00000000 ____D C:\Users\Ziom Forever\AppData\Roaming\Skype 2013-10-09 17:22 - 2012-04-12 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-09 17:22 - 2011-09-01 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-02 09:37 - 2013-08-26 21:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-09-30 23:15 - 2013-09-30 23:15 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-30 13:32 - 2009-03-26 23:03 - 00000000 ____D C:\Users\Ziom Forever\Documents\Martyna prywatne 2013-09-26 23:18 - 2012-10-14 17:06 - 00000000 ____D C:\Users\Ziom Forever\Desktop\AWF 2013-09-21 15:00 - 2009-02-28 15:33 - 00000052 _____ C:\Windows\system32\DOErrors.log 2013-09-20 15:19 - 2009-03-07 22:57 - 00008268 _____ C:\Users\Ziom Forever\AppData\Local\d3d9caps.dat 2013-09-16 19:21 - 2010-09-09 21:54 - 00000000 ____D C:\ProgramData\ipla Files to move or delete: ==================== C:\ProgramData\DVD.exe C:\ProgramData\Games.exe C:\ProgramData\Karaoke.exe C:\ProgramData\MobileTV.exe C:\ProgramData\MPV.exe Some content of TEMP: ==================== C:\Users\Ziom Forever\AppData\Local\Temp\AskSLib.dll C:\Users\Ziom Forever\AppData\Local\Temp\Bejeweled2DeluxeSetup11137.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew18ac01.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew1cf7d6.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew3ed47d.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew3f7029.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew4d6455.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew5687ed.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew5caf97.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew7a6f1e.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew90923c.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonew9e3520.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonewa7626e.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonewc411f4.exe C:\Users\Ziom Forever\AppData\Local\Temp\cacaonewd17037.exe C:\Users\Ziom Forever\AppData\Local\Temp\contentDATs.exe C:\Users\Ziom Forever\AppData\Local\Temp\DataCard_Setup.exe C:\Users\Ziom Forever\AppData\Local\Temp\easy_shutdown_scheduler.exe C:\Users\Ziom Forever\AppData\Local\Temp\FreemakeVideoConverter_3.1.2.0.exe C:\Users\Ziom Forever\AppData\Local\Temp\Free_Lunch_Design.exe C:\Users\Ziom Forever\AppData\Local\Temp\gg10.upgr.exe C:\Users\Ziom Forever\AppData\Local\Temp\gtalkwmp1.dll C:\Users\Ziom Forever\AppData\Local\Temp\HPQSi.exe C:\Users\Ziom Forever\AppData\Local\Temp\icytower14.exe C:\Users\Ziom Forever\AppData\Local\Temp\InstallAX.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl1630.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl1FB0.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl2606.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl2B18.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl3D7C.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl3E3B.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl42E8.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl4541.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl53D9.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl5BAF.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl5BBF.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl6C1A.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl75AB.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl7CC8.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl8738.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl888.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\ipl94FE.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplA524.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplA7BB.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplAC6D.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplAF71.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplB7EF.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplCF92.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplD263.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplD43F.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplD99B.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplDC3A.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplE04.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplE56F.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplE723.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplEBF.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\iplF5F.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\nowegg.upgr.exe C:\Users\Ziom Forever\AppData\Local\Temp\Quarantine.exe C:\Users\Ziom Forever\AppData\Local\Temp\ResetDevice.exe C:\Users\Ziom Forever\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Ziom Forever\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Ziom Forever\AppData\Local\Temp\SkypeSetup.exe C:\Users\Ziom Forever\AppData\Local\Temp\t.dll C:\Users\Ziom Forever\AppData\Local\Temp\utt2013.tmp.exe C:\Users\Ziom Forever\AppData\Local\Temp\wmfdist.exe C:\Users\Ziom Forever\AppData\Local\Temp\_is35FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-13 13:02 ==================== End Of Log ============================