Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Renia (administrator) on HOMEPC on 17-03-2014 18:05:31 Running from C:\Users\Renia\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe () C:\Windows\vsnp325.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Sigmatel) C:\Windows\System\w98eject.exe (ITE Tech Inc.) C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Gadu-Gadu S.A.) C:\Program Files\Gadu-Gadu\gg.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [869936 2007-05-10] (Synaptics, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [TouchPadHotKey] - C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [364544 2007-08-13] () HKLM\...\Run: [tsnp325] - C:\Windows\tsnp325.exe [270336 2007-04-21] () HKLM\...\Run: [snp325] - C:\Windows\vsnp325.exe [835584 2007-05-09] () HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-16] (AVAST Software) HKLM\...\Run: [Vit Registry Optimizer] - C:\Program Files\VITSOFT\Vit Registry Fix\Vit Registry Optimizer.exe [422024 2013-02-05] (VITSOFT ®) HKLM\...\Run: [SiSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2007-09-18] (Silicon Integrated Systems Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1121969253-750732130-2290038854-1001\...\Run: [ALLUpdate] - C:\Program Files\ALLPlayer\ALLUpdate.exe [869888 2008-11-24] () HKU\S-1-5-21-1121969253-750732130-2290038854-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG) HKU\S-1-5-21-1121969253-750732130-2290038854-1001\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 SearchScopes: HKCU - {72D39A6F-3EBE-462E-87A2-02E5FE7C9296} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=C9AE0582-ABAC-47E5-9463-81616EA02411&apn_sauid=35A77B34-C649-43E0-999D-3A69AF267BF8 BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Renia\AppData\Roaming\Mozilla\Firefox\Profiles\7c8eh2bo.default FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.google.pl/ FF Keyword.URL: hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npVividasPlayer.dll ( ) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Renia\AppData\Roaming\Mozilla\Firefox\Profiles\7c8eh2bo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-26] FF Extension: DownloadHelper - C:\Users\Renia\AppData\Roaming\Mozilla\Firefox\Profiles\7c8eh2bo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-24] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-16] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers) S3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [X] S4 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbaw.sys [118552 2007-02-07] (Analog Devices Inc.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-16] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-16] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-16] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-16] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-16] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-03-16] () S3 eamon; C:\Windows\System32\DRIVERS\eamon.sys [40824 2009-10-07] (ESET) R1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [54184 2009-10-07] (ESET) S2 ELOADER; C:\Windows\System32\Drivers\adildr.sys [56088 2007-02-07] (Analog Deivces) R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [35168 2009-10-07] () S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10343168 2007-05-07] (Sonix Co. Ltd.) S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S0 SMR410; System32\drivers\SMR410.SYS [X] U3 ufddipow; \??\C:\Users\Renia\AppData\Local\Temp\ufddipow.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 16:05 - 2014-03-17 16:05 - 00000000 ____D () C:\Program Files\SiS VGA Utilities 2014-03-17 16:05 - 2007-09-18 04:08 - 00006656 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSApi.dll 2014-03-17 15:35 - 2014-03-17 15:57 - 00001008 _____ () C:\Windows\PFRO.log 2014-03-17 15:30 - 2014-03-17 15:30 - 00000000 ____D () C:\Users\Renia\AppData\Local\CrashDumps 2014-03-17 15:29 - 2014-03-17 15:29 - 00001044 _____ () C:\Users\Renia\Desktop\Vit Registry Fix 9.5.lnk 2014-03-17 15:29 - 2014-03-17 15:29 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VITSOFT 2014-03-17 15:29 - 2014-03-17 15:29 - 00000000 ____D () C:\Program Files\VITSOFT 2014-03-17 15:28 - 2014-03-17 15:28 - 02424880 _____ (Copyright (C) 2004-2013 VITSOFT) C:\Users\Renia\Downloads\Vit%20Registry%20Fix%20Free%20Edition%20Setup.exe 2014-03-17 15:28 - 2014-03-17 15:28 - 00673248 _____ ( ) C:\Users\Renia\Downloads\Vit-Registry-Fix-Free-Edition(15913).exe 2014-03-17 15:05 - 2014-03-17 15:05 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-17 14:53 - 2014-03-17 14:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Renia\Downloads\tdsskiller.exe 2014-03-16 12:27 - 2014-03-16 12:27 - 00060142 _____ () C:\Users\Renia\Downloads\Shortcut.txt 2014-03-16 12:18 - 2014-03-17 18:03 - 00053671 _____ () C:\Users\Renia\Desktop\gmer.txt 2014-03-16 11:50 - 2014-03-16 11:50 - 00035622 _____ () C:\Users\Renia\Desktop\Extras.Txt 2014-03-16 11:49 - 2014-03-16 11:49 - 00099050 _____ () C:\Users\Renia\Desktop\OTL.Txt 2014-03-16 11:45 - 2014-03-16 11:45 - 00380416 _____ () C:\Users\Renia\Downloads\duxjybz2.exe 2014-03-16 11:21 - 2014-03-17 18:05 - 00012273 _____ () C:\Users\Renia\Downloads\FRST.txt 2014-03-16 11:21 - 2014-03-17 18:05 - 00000000 ____D () C:\FRST 2014-03-16 11:21 - 2014-03-16 12:27 - 00020129 _____ () C:\Users\Renia\Downloads\Addition.txt 2014-03-16 11:20 - 2014-03-16 11:20 - 01145856 _____ (Farbar) C:\Users\Renia\Downloads\FRST.exe 2014-03-16 09:59 - 2014-03-16 09:59 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\AVAST Software 2014-03-16 09:58 - 2014-03-16 09:58 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-03-16 09:57 - 2014-03-16 09:57 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-16 09:57 - 2014-03-16 09:57 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-16 09:55 - 2014-03-16 09:55 - 04697744 _____ (AVAST Software) C:\Users\Renia\Downloads\avast_free_antivirus_setup_online.exe 2014-03-16 09:55 - 2014-03-16 09:55 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-16 09:48 - 2014-03-16 09:48 - 00000862 _____ () C:\Users\Renia\Desktop\Odkurzacz.lnk 2014-03-16 09:48 - 2014-03-16 09:48 - 00000000 ____D () C:\Program Files\Odkurzacz 2014-03-16 09:47 - 2014-03-16 09:47 - 03841551 _____ (FranmoSoftware ) C:\Users\Renia\Downloads\odk13.4.0.1685setup.exe 2014-03-16 02:36 - 2014-03-16 02:36 - 00000680 _____ () C:\Users\Grzegorz\AppData\Local\d3d9caps.dat 2014-03-16 02:26 - 2014-03-16 10:13 - 00000000 ____D () C:\Users\Renia\AppData\Local\NPE 2014-03-16 02:26 - 2014-03-16 02:26 - 03060712 ____N (Symantec Corporation) C:\Users\Renia\Downloads\NPE.exe 2014-03-16 01:53 - 2014-03-16 02:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-03-16 01:48 - 2014-03-16 01:48 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\stxfijek.sys 2014-03-16 00:51 - 2014-03-16 00:51 - 03448880 _____ () C:\Users\Renia\Downloads\avg_remover_slt.exe 2014-03-16 00:41 - 2014-03-16 00:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-16 00:36 - 2014-03-16 00:39 - 133561080 _____ () C:\Users\Renia\Downloads\setup_11.0.1.1245.x01_2014_03_14_23_53.exe 2014-03-16 00:15 - 2014-03-17 15:27 - 00000000 ____D () C:\Users\Renia\Doctor Web 2014-03-16 00:11 - 2014-03-16 00:14 - 144779648 _____ () C:\Users\Renia\Downloads\cureit.exe 2014-03-16 00:10 - 2014-03-16 00:10 - 00673248 _____ ( ) C:\Users\Renia\Downloads\Dr.WEB-CureIt(12976).exe 2014-03-15 23:59 - 2014-03-15 23:59 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\nyxdoesk.sys 2014-03-15 23:23 - 2014-03-15 23:23 - 00000552 _____ () C:\Users\Renia\AppData\Local\d3d8caps.dat 2014-03-15 23:07 - 2014-03-16 11:35 - 00035622 _____ () C:\Users\Renia\Downloads\Extras.Txt 2014-03-15 23:06 - 2014-03-16 11:34 - 00099050 _____ () C:\Users\Renia\Downloads\OTL.Txt 2014-03-15 22:51 - 2014-03-15 22:51 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\tlklfdqf.sys 2014-03-15 22:31 - 2014-03-17 16:05 - 00001356 _____ () C:\Users\Renia\AppData\Local\d3d9caps.dat 2014-03-15 22:29 - 2014-03-15 22:29 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-15 22:29 - 2014-03-15 22:29 - 00000000 _____ () C:\Windows\setupact.log 2014-03-15 22:24 - 2014-03-15 22:24 - 00602112 _____ (OldTimer Tools) C:\Users\Renia\Downloads\OTL.exe 2014-03-15 20:53 - 2014-03-16 02:27 - 00000000 ____D () C:\ProgramData\Norton 2014-03-15 20:12 - 2014-03-15 20:13 - 04375224 _____ (F-Secure Corporation) C:\Users\Renia\Desktop\F-SecureOnlineScanner.exe 2014-03-15 20:09 - 2014-03-15 20:09 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-03-15 19:21 - 2014-03-15 19:22 - 02347384 _____ (ESET) C:\Users\Renia\Downloads\esetsmartinstaller_plk.exe 2014-03-15 19:11 - 2014-03-15 19:11 - 01059840 _____ () C:\Users\Renia\Downloads\MicrosoftFixit50981.msi 2014-03-15 19:06 - 2014-03-15 19:25 - 73236480 _____ () C:\Users\Renia\Downloads\ess_nt32_plk.msi 2014-03-15 18:25 - 2014-03-15 18:25 - 00000912 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-15 18:25 - 2014-03-15 18:25 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\Malwarebytes 2014-03-15 18:25 - 2014-03-15 18:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-15 18:25 - 2014-03-15 18:25 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-15 18:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-15 15:58 - 2014-03-15 20:53 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\Panda Security 2014-03-15 15:57 - 2014-03-15 20:57 - 00000000 ____D () C:\Program Files\Panda Security 2014-03-15 15:55 - 2014-03-15 15:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renia\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-15 15:51 - 2014-03-15 15:51 - 00846288 _____ () C:\Users\Renia\Downloads\PandaCloudAntivirus.exe 2014-03-15 15:33 - 2014-03-15 15:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Grzegorz\Downloads\HijackThis_2.0.4.exe 2014-03-15 15:33 - 2014-03-15 15:33 - 00006562 _____ () C:\Users\Grzegorz\Downloads\hijackthis.log 2014-03-15 15:32 - 2014-03-15 15:32 - 00673248 _____ ( ) C:\Users\Grzegorz\Desktop\HijackThis(12030).exe 2014-03-15 15:31 - 2014-03-15 15:31 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\lswhkyhp.sys 2014-03-15 15:21 - 2014-03-16 09:55 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-15 15:21 - 2014-03-15 15:21 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\krynsszl.sys 2014-03-15 15:13 - 2014-03-15 15:16 - 123721288 _____ (AVAST Software) C:\Users\Renia\Downloads\avast_premier_antivirus_setup.exe 2014-03-15 15:09 - 2014-03-15 15:09 - 00000000 ____D () C:\Users\Renia\Desktop\ESET NOD32 Antivirus 5.0.95.0 [PL] [32-64 bit] 2014-02-24 15:48 - 2014-02-24 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-17 18:05 - 2014-03-16 11:21 - 00012273 _____ () C:\Users\Renia\Downloads\FRST.txt 2014-03-17 18:05 - 2014-03-16 11:21 - 00000000 ____D () C:\FRST 2014-03-17 18:03 - 2014-03-16 12:18 - 00053671 _____ () C:\Users\Renia\Desktop\gmer.txt 2014-03-17 17:42 - 2008-11-30 02:42 - 01557671 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 17:18 - 2013-06-17 09:22 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-17 16:08 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-17 16:08 - 2006-11-02 13:45 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:08 - 2006-11-02 13:45 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:06 - 2006-11-02 13:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-17 16:05 - 2014-03-17 16:05 - 00000000 ____D () C:\Program Files\SiS VGA Utilities 2014-03-17 16:05 - 2014-03-15 22:31 - 00001356 _____ () C:\Users\Renia\AppData\Local\d3d9caps.dat 2014-03-17 16:05 - 2008-11-30 02:43 - 00009248 _____ () C:\Windows\DPINST.LOG 2014-03-17 16:05 - 2008-11-29 21:33 - 00000000 ____D () C:\Users\Renia 2014-03-17 16:04 - 2008-12-06 19:28 - 00000000 ____D () C:\fsc.tmp 2014-03-17 15:57 - 2014-03-17 15:35 - 00001008 _____ () C:\Windows\PFRO.log 2014-03-17 15:57 - 2014-03-16 01:53 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-03-17 15:40 - 2008-12-10 12:32 - 00000000 ____D () C:\Program Files\ESET 2014-03-17 15:34 - 2006-11-02 11:22 - 58195968 _____ () C:\Windows\system32\config\COMPONENTS_bak.sav007 2014-03-17 15:34 - 2006-11-02 11:22 - 34603008 _____ () C:\Windows\system32\config\SOFTWARE_bak.sav007 2014-03-17 15:34 - 2006-11-02 11:22 - 15990784 _____ () C:\Windows\system32\config\SYSTEM_bak.sav007 2014-03-17 15:34 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY_bak.sav007 2014-03-17 15:34 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM_bak.sav007 2014-03-17 15:34 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_bak.sav007 2014-03-17 15:30 - 2014-03-17 15:30 - 00000000 ____D () C:\Users\Renia\AppData\Local\CrashDumps 2014-03-17 15:29 - 2014-03-17 15:29 - 00001044 _____ () C:\Users\Renia\Desktop\Vit Registry Fix 9.5.lnk 2014-03-17 15:29 - 2014-03-17 15:29 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VITSOFT 2014-03-17 15:29 - 2014-03-17 15:29 - 00000000 ____D () C:\Program Files\VITSOFT 2014-03-17 15:28 - 2014-03-17 15:28 - 02424880 _____ (Copyright (C) 2004-2013 VITSOFT) C:\Users\Renia\Downloads\Vit%20Registry%20Fix%20Free%20Edition%20Setup.exe 2014-03-17 15:28 - 2014-03-17 15:28 - 00673248 _____ ( ) C:\Users\Renia\Downloads\Vit-Registry-Fix-Free-Edition(15913).exe 2014-03-17 15:27 - 2014-03-16 00:15 - 00000000 ____D () C:\Users\Renia\Doctor Web 2014-03-17 15:27 - 2011-05-04 21:30 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\skypePM 2014-03-17 15:27 - 2009-03-27 20:11 - 00000000 ____D () C:\Program Files\IrfanView 2014-03-17 15:27 - 2008-12-26 22:07 - 00000000 ____D () C:\Users\Public\pliki 2014-03-17 15:05 - 2014-03-17 15:05 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-17 14:54 - 2014-03-17 14:53 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Renia\Downloads\tdsskiller.exe 2014-03-16 12:27 - 2014-03-16 12:27 - 00060142 _____ () C:\Users\Renia\Downloads\Shortcut.txt 2014-03-16 12:27 - 2014-03-16 11:21 - 00020129 _____ () C:\Users\Renia\Downloads\Addition.txt 2014-03-16 11:50 - 2014-03-16 11:50 - 00035622 _____ () C:\Users\Renia\Desktop\Extras.Txt 2014-03-16 11:49 - 2014-03-16 11:49 - 00099050 _____ () C:\Users\Renia\Desktop\OTL.Txt 2014-03-16 11:45 - 2014-03-16 11:45 - 00380416 _____ () C:\Users\Renia\Downloads\duxjybz2.exe 2014-03-16 11:35 - 2014-03-15 23:07 - 00035622 _____ () C:\Users\Renia\Downloads\Extras.Txt 2014-03-16 11:34 - 2014-03-15 23:06 - 00099050 _____ () C:\Users\Renia\Downloads\OTL.Txt 2014-03-16 11:20 - 2014-03-16 11:20 - 01145856 _____ (Farbar) C:\Users\Renia\Downloads\FRST.exe 2014-03-16 10:37 - 2006-11-02 11:23 - 00000219 _____ () C:\Windows\system.ini 2014-03-16 10:29 - 2006-11-02 12:18 - 00000000 ___RD () C:\Windows\Offline Web Pages 2014-03-16 10:13 - 2014-03-16 02:26 - 00000000 ____D () C:\Users\Renia\AppData\Local\NPE 2014-03-16 09:59 - 2014-03-16 09:59 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\AVAST Software 2014-03-16 09:58 - 2014-03-16 09:58 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-03-16 09:57 - 2014-03-16 09:57 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-16 09:57 - 2014-03-16 09:57 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-16 09:57 - 2014-03-16 09:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-16 09:55 - 2014-03-16 09:55 - 04697744 _____ (AVAST Software) C:\Users\Renia\Downloads\avast_free_antivirus_setup_online.exe 2014-03-16 09:55 - 2014-03-16 09:55 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-16 09:55 - 2014-03-15 15:21 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-16 09:52 - 2008-12-06 19:18 - 00000000 ____D () C:\ProgramData\Skype 2014-03-16 09:48 - 2014-03-16 09:48 - 00000862 _____ () C:\Users\Renia\Desktop\Odkurzacz.lnk 2014-03-16 09:48 - 2014-03-16 09:48 - 00000000 ____D () C:\Program Files\Odkurzacz 2014-03-16 09:47 - 2014-03-16 09:47 - 03841551 _____ (FranmoSoftware ) C:\Users\Renia\Downloads\odk13.4.0.1685setup.exe 2014-03-16 02:36 - 2014-03-16 02:36 - 00000680 _____ () C:\Users\Grzegorz\AppData\Local\d3d9caps.dat 2014-03-16 02:36 - 2008-11-29 18:09 - 00103184 _____ () C:\Users\Grzegorz\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-16 02:27 - 2014-03-15 20:53 - 00000000 ____D () C:\ProgramData\Norton 2014-03-16 02:26 - 2014-03-16 02:26 - 03060712 ____N (Symantec Corporation) C:\Users\Renia\Downloads\NPE.exe 2014-03-16 01:48 - 2014-03-16 01:48 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\stxfijek.sys 2014-03-16 00:51 - 2014-03-16 00:51 - 03448880 _____ () C:\Users\Renia\Downloads\avg_remover_slt.exe 2014-03-16 00:41 - 2014-03-16 00:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-16 00:39 - 2014-03-16 00:36 - 133561080 _____ () C:\Users\Renia\Downloads\setup_11.0.1.1245.x01_2014_03_14_23_53.exe 2014-03-16 00:25 - 2008-11-29 21:33 - 00000000 ____D () C:\Users\Renia\AppData\Local\VirtualStore 2014-03-16 00:14 - 2014-03-16 00:11 - 144779648 _____ () C:\Users\Renia\Downloads\cureit.exe 2014-03-16 00:10 - 2014-03-16 00:10 - 00673248 _____ ( ) C:\Users\Renia\Downloads\Dr.WEB-CureIt(12976).exe 2014-03-15 23:59 - 2014-03-15 23:59 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\nyxdoesk.sys 2014-03-15 23:54 - 2011-12-25 23:33 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-15 23:23 - 2014-03-15 23:23 - 00000552 _____ () C:\Users\Renia\AppData\Local\d3d8caps.dat 2014-03-15 22:51 - 2014-03-15 22:51 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\tlklfdqf.sys 2014-03-15 22:29 - 2014-03-15 22:29 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-15 22:29 - 2014-03-15 22:29 - 00000000 _____ () C:\Windows\setupact.log 2014-03-15 22:24 - 2014-03-15 22:24 - 00602112 _____ (OldTimer Tools) C:\Users\Renia\Downloads\OTL.exe 2014-03-15 22:23 - 2008-11-29 21:33 - 00103184 _____ () C:\Users\Renia\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-15 22:21 - 2006-11-02 13:44 - 00387416 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-15 21:06 - 2009-06-14 23:09 - 00000069 _____ () C:\Windows\NeroDigital.ini 2014-03-15 21:06 - 2008-12-26 16:52 - 00127488 _____ () C:\Users\Renia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-15 21:05 - 2008-11-29 19:18 - 00000000 ____D () C:\Windows\Minidump 2014-03-15 20:57 - 2014-03-15 15:57 - 00000000 ____D () C:\Program Files\Panda Security 2014-03-15 20:53 - 2014-03-15 15:58 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\Panda Security 2014-03-15 20:13 - 2014-03-15 20:12 - 04375224 _____ (F-Secure Corporation) C:\Users\Renia\Desktop\F-SecureOnlineScanner.exe 2014-03-15 20:09 - 2014-03-15 20:09 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-03-15 19:25 - 2014-03-15 19:06 - 73236480 _____ () C:\Users\Renia\Downloads\ess_nt32_plk.msi 2014-03-15 19:22 - 2014-03-15 19:21 - 02347384 _____ (ESET) C:\Users\Renia\Downloads\esetsmartinstaller_plk.exe 2014-03-15 19:11 - 2014-03-15 19:11 - 01059840 _____ () C:\Users\Renia\Downloads\MicrosoftFixit50981.msi 2014-03-15 18:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\security 2014-03-15 18:25 - 2014-03-15 18:25 - 00000912 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-15 18:25 - 2014-03-15 18:25 - 00000000 ____D () C:\Users\Renia\AppData\Roaming\Malwarebytes 2014-03-15 18:25 - 2014-03-15 18:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-15 18:25 - 2014-03-15 18:25 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-15 15:55 - 2014-03-15 15:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renia\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-15 15:51 - 2014-03-15 15:51 - 00846288 _____ () C:\Users\Renia\Downloads\PandaCloudAntivirus.exe 2014-03-15 15:33 - 2014-03-15 15:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Grzegorz\Downloads\HijackThis_2.0.4.exe 2014-03-15 15:33 - 2014-03-15 15:33 - 00006562 _____ () C:\Users\Grzegorz\Downloads\hijackthis.log 2014-03-15 15:32 - 2014-03-15 15:32 - 00673248 _____ ( ) C:\Users\Grzegorz\Desktop\HijackThis(12030).exe 2014-03-15 15:31 - 2014-03-15 15:31 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\lswhkyhp.sys 2014-03-15 15:21 - 2014-03-15 15:21 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\krynsszl.sys 2014-03-15 15:16 - 2014-03-15 15:13 - 123721288 _____ (AVAST Software) C:\Users\Renia\Downloads\avast_premier_antivirus_setup.exe 2014-03-15 15:09 - 2014-03-15 15:09 - 00000000 ____D () C:\Users\Renia\Desktop\ESET NOD32 Antivirus 5.0.95.0 [PL] [32-64 bit] 2014-03-13 00:18 - 2012-05-16 19:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 00:18 - 2011-05-18 21:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-25 15:32 - 2012-05-10 08:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-24 15:49 - 2014-02-24 15:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-17 16:13 ==================== End Of Log ============================