Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Martuś (administrator) on MARTUS-PC on 05-02-2014 15:34:21
Running from E:\Downloads
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Polish
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Kingsoft Corporation) E:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
() C:\Users\Martuś\AppData\Local\fst_pl_31\upfst_pl_31.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
() C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\fst_pl_19\fst_pl_19.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Update\GoogleUpdate.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Kingsoft Corporation) E:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-07-13] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-02-19] (Toshiba)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [Toshiba TEMPO] - C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-04-01] ()
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [kxesc] - E:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1217712 2012-12-29] (Kingsoft Corporation)
HKLM\...\Run: [fst_pl_31] - [X]
HKLM\...\Run: [fst_pl_19] - C:\Program Files\fst_pl_19\fst_pl_19.exe [11671024 2013-12-18] ()
HKLM\...\RunOnce: [upfst_pl_31.exe] - C:\Users\Martuś\AppData\Local\fst_pl_31\upfst_pl_31.exe -runonce [3153904 2014-01-02] ()
HKU\.DEFAULT\...\RunOnce: [] - C:\Windows\system32\OSK.exe [182272 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\Run: [TOSCDSPD] - TOSCDSPD.EXE
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\Run: [Google Update] - C:\Users\Martuś\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-09] (Google Inc.)
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {2c9bb19b-1404-11e0-96e8-00037ab6e403} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {5c949cff-e33c-11dd-83b5-001b38b4ff6c} - K:\setup.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {615ced03-e59c-11e0-a0fe-00037ab6e403} - f2kmj.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {9412c554-8cf2-11de-9584-00037ab6e403} - D:\AUTORUN.EXE
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {ac6b1f9b-3bf2-11e0-a65e-00037ab6e403} - K:\Startme.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {bc91a88b-03b7-11e2-b4ee-00037ab6e403} - J:\f2kmj.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {c55479db-7ff9-11de-b6e1-00037ab6e403} - D:\setup.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {c770a6af-0faf-11dd-befe-001b38b4ff6c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {c770a6b3-0faf-11dd-befe-001b38b4ff6c} - H:\USBNB.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {d30347f0-6234-11e2-b1c4-00037ab6e403} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fOtEN.exE
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {f2371ef6-f860-11de-9df9-00037ab6e403} - I:\Setup.exe
HKU\S-1-5-21-3485203417-2420686941-307345420-1000\...\MountPoints2: {f49e504d-d6c3-11e0-b15e-00037ab6e403} - J:\f2kmj.exe
Startup: C:\Users\Martuś\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {AE098360-0BC7-4916-905A-1E2A85C02928} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKCU - {AE098360-0BC7-4916-905A-1E2A85C02928} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: MyTools Class - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files\MyTools\MyTools.dll (MyTools)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.172.186.4 213.172.186.5

Chrome: 
=======
CHR Extension: (Facebook szybkie linki) - C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2014-02-01]
CHR Extension: (Sprawdzanie poczty Google) - C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2011-02-28]
CHR Extension: (Discount Dragon) - C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikdaiaidiiiogaidkkekcmokcgcdeac [2014-01-18]
CHR Extension: (Google Wallet) - C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Martuś\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-01]
CHR HKLM\...\Chrome\Extension: [cnkbppmdgdfccoihhajoeflficbpgcnm] - C:\Program Files\MyTools\MyTools.crx [2011-12-26]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR StartMenuInternet: Google Chrome - C:\Users\Martuś\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2007-12-12] (The Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1531989 2007-12-12] (The Firebird Project)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-05-21] (Flexera Software, Inc.)
R2 Harmonogram automatycznej usługi LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 kxescore; E:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2012-12-29] (Kingsoft Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S3 AresChatServer; C:\Program Files\Ares\chatServer.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [27240 2012-12-29] (Kingsoft Corporation)
R1 KDHacker; E:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2012-12-29] (Kingsoft Corporation)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [151896 2012-12-29] (Kingsoft Corporation)
R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [82264 2012-12-29] (Kingsoft Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-12-17] ()
S3 USBCM; C:\Windows\System32\DRIVERS\Sacm2A.sys [15429 2004-06-10] ( )
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
U3 ac7169u1; C:\Windows\system32\Drivers\ac7169u1.sys [0 ] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 jbridgep; \??\C:\Users\MARTU~1\AppData\Local\Temp\jbridgep.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
S3 vaxscsi; \SystemRoot\System32\Drivers\vaxscsi.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 15:33 - 2014-02-05 15:34 - 00000000 ____D () C:\FRST
2014-02-04 08:09 - 2014-02-04 08:09 - 00000150 _____ () C:\Windows\system32\kisknl.log
2014-02-02 16:04 - 2014-02-02 16:04 - 00000000 ____D () C:\Users\Martuś\AppData\Local\fst_pl_19
2014-02-02 16:04 - 2014-02-02 16:04 - 00000000 ____D () C:\Program Files\fst_pl_19
2014-02-02 11:54 - 2014-02-02 11:55 - 00138784 _____ () C:\Windows\Minidump\Mini020214-01.dmp
2014-02-02 10:37 - 2014-02-02 10:37 - 00000000 ____D () C:\Program Files\Anvisoft
2014-02-01 19:48 - 2014-02-02 11:11 - 00000000 ____D () C:\AdwCleaner
2014-01-18 10:11 - 2014-02-05 15:08 - 00000334 _____ () C:\Windows\Tasks\bench-sys.job
2014-01-18 10:11 - 2014-02-05 14:08 - 00000334 _____ () C:\Windows\Tasks\bench-S-1-5-21-3485203417-2420686941-307345420-1000.job
2014-01-18 10:11 - 2014-01-18 10:11 - 00000266 __RSH () C:\ProgramData\ntuser.pol
2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D () C:\Users\Martuś\AppData\Local\Discount Dragon
2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D () C:\Program Files\predm
2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D () C:\Program Files\Bench
2014-01-18 09:46 - 2014-01-18 09:46 - 00000000 ____D () C:\Program Files\Microsoft Reader
2014-01-18 09:46 - 2003-06-05 17:15 - 00057436 _____ (Microsoft Corporation) C:\Windows\DASShp.dll
2014-01-18 09:18 - 2014-01-18 09:18 - 00000000 ____D () C:\Users\Martuś\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-18 09:17 - 2014-02-05 14:07 - 00000000 ____D () C:\Users\Martuś\AppData\Local\fst_pl_31
2014-01-18 09:17 - 2014-01-18 10:11 - 00000000 ____D () C:\Program Files\fst_pl_31

==================== One Month Modified Files and Folders =======

2014-02-05 15:35 - 2008-03-17 19:47 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{49675F32-5DCD-4E8A-AF91-84890D23012A}.job
2014-02-05 15:34 - 2014-02-05 15:33 - 00000000 ____D () C:\FRST
2014-02-05 15:25 - 2013-09-20 06:14 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 15:21 - 2006-11-02 13:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 15:21 - 2006-11-02 13:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 15:17 - 2011-02-09 09:29 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485203417-2420686941-307345420-1000UA.job
2014-02-05 15:08 - 2014-01-18 10:11 - 00000334 _____ () C:\Windows\Tasks\bench-sys.job
2014-02-05 14:39 - 2013-02-26 07:39 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 14:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2014-02-05 14:08 - 2014-01-18 10:11 - 00000334 _____ () C:\Windows\Tasks\bench-S-1-5-21-3485203417-2420686941-307345420-1000.job
2014-02-05 14:07 - 2014-01-18 09:17 - 00000000 ____D () C:\Users\Martuś\AppData\Local\fst_pl_31
2014-02-05 13:21 - 2008-03-17 17:26 - 01328895 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 07:25 - 2013-09-20 06:14 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 07:22 - 2010-10-13 15:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-05 07:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 08:09 - 2014-02-04 08:09 - 00000150 _____ () C:\Windows\system32\kisknl.log
2014-02-03 07:54 - 2006-11-02 14:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 16:04 - 2014-02-02 16:04 - 00000000 ____D () C:\Users\Martuś\AppData\Local\fst_pl_19
2014-02-02 16:04 - 2014-02-02 16:04 - 00000000 ____D () C:\Program Files\fst_pl_19
2014-02-02 11:55 - 2014-02-02 11:54 - 00138784 _____ () C:\Windows\Minidump\Mini020214-01.dmp
2014-02-02 11:54 - 2013-09-09 08:48 - 261646648 _____ () C:\Windows\MEMORY.DMP
2014-02-02 11:54 - 2008-08-06 11:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-02 11:11 - 2014-02-01 19:48 - 00000000 ____D () C:\AdwCleaner
2014-02-02 10:37 - 2014-02-02 10:37 - 00000000 ____D () C:\Program Files\Anvisoft
2014-02-01 11:24 - 2008-03-17 22:39 - 00190976 _____ () C:\Users\Martuś\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 08:43 - 2011-02-09 09:31 - 00000000 ____D () C:\Users\Martuś\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-01-30 08:43 - 2008-03-17 18:28 - 00000000 ____D () C:\Users\Martuś
2014-01-30 08:43 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-01-30 08:43 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-01-30 08:43 - 2006-11-02 11:22 - 51904512 _____ () C:\Windows\system32\config\software_previous
2014-01-30 08:43 - 2006-11-02 11:22 - 29097984 _____ () C:\Windows\system32\config\components_previous
2014-01-30 08:43 - 2006-11-02 11:22 - 22020096 _____ () C:\Windows\system32\config\system_previous
2014-01-30 08:43 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-01-30 08:43 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-01-30 08:43 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-01-29 19:11 - 2008-06-16 15:33 - 00000000 ____D () C:\Users\Martuś\AppData\Roaming\Winamp
2014-01-21 06:17 - 2011-02-09 09:29 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485203417-2420686941-307345420-1000Core.job
2014-01-18 10:11 - 2014-01-18 10:11 - 00000266 __RSH () C:\ProgramData\ntuser.pol
2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D () C:\Users\Martuś\AppData\Local\Discount Dragon
2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D () C:\Program Files\predm
2014-01-18 10:11 - 2014-01-18 10:11 - 00000000 ____D () C:\Program Files\Bench
2014-01-18 10:11 - 2014-01-18 09:17 - 00000000 ____D () C:\Program Files\fst_pl_31
2014-01-18 10:11 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-18 09:52 - 2008-03-17 18:28 - 00155776 _____ () C:\Users\Martuś\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-18 09:50 - 2006-11-02 13:47 - 00513928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 09:46 - 2014-01-18 09:46 - 00000000 ____D () C:\Program Files\Microsoft Reader
2014-01-18 09:46 - 2007-04-24 08:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-18 09:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-18 09:18 - 2014-01-18 09:18 - 00000000 ____D () C:\Users\Martuś\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-16 09:59 - 2013-03-01 16:43 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 13:28 - 2007-10-22 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 13:23 - 2013-08-17 01:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 13:17 - 2013-07-18 02:00 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Martuś\DivXLand_MediaSub_211.exe
C:\Users\Martuś\kiougo.exe


Some content of TEMP:
====================
C:\Users\Martuś\AppData\Local\Temp\Quarantine.exe
C:\Users\Martuś\AppData\Local\Temp\setup_fst_pl.exe
C:\Users\Martuś\AppData\Local\Temp\{A6C47AD3-9162-401A-8D22-A84752F3222A}-28.0.1500.72_27.0.1453.116_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-05 07:39

==================== End Of Log ============================