Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Grzesiek (administrator) on GREGORR7 on 27-03-2014 16:04:22 Running from C:\Users\Grzesiek\Downloads Microsoft Windows 7 Professional Service Pack 1, v.721 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (AMD) C:\Windows\system32\atieclxx.exe (Validity Sensors, Inc.) c:\Windows\system32\vfsFPService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe (Marvell) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe () C:\Windows\system32\dmwu.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.0.1.3\NIS.exe (Aztec Media Inc.) C:\Program Files\Settings Manager\systemk\SystemkService.exe (Aztec Media Inc.) C:\Program Files\Settings Manager\systemk\SystemkService.exe (Aztec Media Inc.) C:\Program Files\Settings Manager\systemk\systemku.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.0.1.3\NIS.exe () C:\Windows\System32\jmdp\stij.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Advanced Micro Devices Inc.) c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-22] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1529128 2009-04-30] (Synaptics Incorporated) HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard) HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: F - F:\Setup.exe HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: {22ee6aca-891a-11e0-b75d-00247e439d1e} - F:\Setup.exe HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: {36189312-3df6-11e0-ba99-00247e439d1e} - H:\MicroLauncher.exe HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: {9639c001-8642-11e1-84fc-00247e439d1e} - F:\Startme.exe HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: {98ffc8c7-b3d4-11e1-b41a-00238b964d6b} - F:\MicroLauncher.exe HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: {98ffc8d4-b3d4-11e1-b41a-00238b964d6b} - F:\MicroLauncher.exe HKU\S-1-5-21-2841997267-1925533197-2326034003-1000\...\MountPoints2: {d3a3815c-6175-11e2-b708-00247e439d1e} - F:\SETUP.EXE AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] () AppInit_DLLs: C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll => C:\Program Files\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] () IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [485904 2014-02-06] () HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.0.1.3\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.0.1.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.0.1.3\coIEPlg.dll (Symantec Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default FF user.js: detected! => C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default\user.js FF DefaultSearchEngine: Allegro FF SearchEngineOrder.1: default-search.net FF SelectedSearchEngine: Allegro FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Grzesiek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default\searchplugins\default-search.xml FF SearchPlugin: C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml FF Extension: Settings Manager - C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default\Extensions\{E729C6EC-E9FF-E59F-355C-EC59F2795E4E} [2014-03-23] FF Extension: Iplex to ALLPlayer - C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2011-07-03] FF Extension: ImTranslator - C:\Users\Grzesiek\AppData\Roaming\Mozilla\Firefox\Profiles\r9px5onc.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-06-01] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\ FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox4\ [] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF [2014-03-26] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn\ [] ========================== Services (Whitelisted) ================= S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [245760 2009-11-18] (Marvell) R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1434416 2013-09-15] () S2 KMService; C:\Windows\system32\srvany.exe [8192 2011-02-20] () R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.0.1.3\NIS.exe [275696 2013-08-31] (Symantec Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe [221266 2009-07-21] (IDT, Inc.) R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3448848 2014-02-06] (Aztec Media Inc.) S3 Sony PC Companion; "C:\Program Files\Sony\Sony PC Companion\PCCService.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1500010.003\ccSetx86.sys [117336 2013-07-30] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-18] (DT Soft Ltd) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-03-26] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-03-26] (Symantec Corporation) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.) S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2009-12-04] () R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [21664 2013-03-02] (REALiX(tm)) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-08-04] (Huawei Technologies Co., Ltd.) R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20140326.001\IDSvix86.sys [395992 2014-03-24] (Symantec Corporation) R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20140326.016\NAVENG.SYS [93272 2014-03-26] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20140326.016\NAVEX15.SYS [1612376 2014-03-26] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NIS\1500010.003\SRTSP.SYS [650840 2013-07-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1500010.003\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1500010.003\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1500010.003\SYMEFA.SYS [935000 2013-08-05] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-03-26] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1500010.003\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NIS\1500010.003\SYMNETS.SYS [446552 2013-07-31] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-27 16:04 - 2014-03-27 16:05 - 00016317 _____ () C:\Users\Grzesiek\Downloads\FRST.txt 2014-03-27 16:02 - 2014-03-27 16:04 - 00000000 ____D () C:\FRST 2014-03-27 16:01 - 2014-03-27 16:01 - 01145856 _____ (Farbar) C:\Users\Grzesiek\Downloads\FRST.exe 2014-03-27 09:53 - 2014-03-27 09:54 - 00014680 _____ () C:\Users\Grzesiek\Downloads\GMER.txt 2014-03-27 08:35 - 2014-03-27 08:35 - 00380416 _____ () C:\Users\Grzesiek\Downloads\9q721xqj.exe 2014-03-27 08:32 - 2014-03-27 08:32 - 00089802 _____ () C:\Users\Grzesiek\Downloads\Extras.Txt 2014-03-27 08:30 - 2014-03-27 08:30 - 00139700 _____ () C:\Users\Grzesiek\Downloads\OTL.Txt 2014-03-27 08:07 - 2014-03-27 08:07 - 00602112 _____ (OldTimer Tools) C:\Users\Grzesiek\Downloads\OTL.exe 2014-03-26 10:35 - 2014-03-26 10:52 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-03-26 10:35 - 2014-03-26 10:35 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2014-03-26 10:35 - 2014-03-26 10:35 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT 2014-03-26 10:34 - 2014-03-26 13:20 - 00000000 ____D () C:\Windows\system32\Drivers\NIS 2014-03-26 10:34 - 2014-03-26 10:50 - 00000000 ____D () C:\ProgramData\Norton 2014-03-26 10:34 - 2014-03-26 10:34 - 00000000 ____D () C:\Program Files\Norton Internet Security 2014-03-23 20:31 - 2014-03-23 20:31 - 00000000 ____D () C:\ProgramData\ESET 2014-03-23 20:14 - 2014-03-27 15:56 - 00000000 ____D () C:\ProgramData\systemk 2014-03-23 20:14 - 2014-03-23 20:14 - 00000000 ____D () C:\ProgramData\Wincert 2014-03-23 20:14 - 2014-03-23 20:14 - 00000000 ____D () C:\Program Files\Settings Manager 2014-03-23 19:10 - 2014-03-23 19:10 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2014-03-08 17:29 - 2014-03-25 09:14 - 00000000 ___RD () C:\Users\Grzesiek\Desktop\Nowy folder ==================== One Month Modified Files and Folders ======= 2014-03-27 16:05 - 2014-03-27 16:04 - 00016317 _____ () C:\Users\Grzesiek\Downloads\FRST.txt 2014-03-27 16:04 - 2014-03-27 16:02 - 00000000 ____D () C:\FRST 2014-03-27 16:01 - 2014-03-27 16:01 - 01145856 _____ (Farbar) C:\Users\Grzesiek\Downloads\FRST.exe 2014-03-27 15:57 - 2009-07-14 05:39 - 00722771 _____ () C:\Windows\setupact.log 2014-03-27 15:56 - 2014-03-23 20:14 - 00000000 ____D () C:\ProgramData\systemk 2014-03-27 15:53 - 2013-09-20 09:44 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-27 15:52 - 2011-02-19 22:51 - 01558616 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-27 15:52 - 2009-07-14 09:07 - 00701494 _____ () C:\Windows\system32\perfh015.dat 2014-03-27 15:52 - 2009-07-14 09:07 - 00136480 _____ () C:\Windows\system32\perfc015.dat 2014-03-27 15:50 - 2011-02-19 22:10 - 01954939 _____ () C:\Windows\WindowsUpdate.log 2014-03-27 15:47 - 2011-02-20 07:49 - 00053328 _____ () C:\Windows\PFRO.log 2014-03-27 15:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-27 13:01 - 2009-07-14 05:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-27 13:01 - 2009-07-14 05:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-27 09:54 - 2014-03-27 09:53 - 00014680 _____ () C:\Users\Grzesiek\Downloads\GMER.txt 2014-03-27 08:35 - 2014-03-27 08:35 - 00380416 _____ () C:\Users\Grzesiek\Downloads\9q721xqj.exe 2014-03-27 08:32 - 2014-03-27 08:32 - 00089802 _____ () C:\Users\Grzesiek\Downloads\Extras.Txt 2014-03-27 08:30 - 2014-03-27 08:30 - 00139700 _____ () C:\Users\Grzesiek\Downloads\OTL.Txt 2014-03-27 08:07 - 2014-03-27 08:07 - 00602112 _____ (OldTimer Tools) C:\Users\Grzesiek\Downloads\OTL.exe 2014-03-26 13:20 - 2014-03-26 10:34 - 00000000 ____D () C:\Windows\system32\Drivers\NIS 2014-03-26 10:52 - 2014-03-26 10:35 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-03-26 10:51 - 2011-03-19 18:29 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-26 10:50 - 2014-03-26 10:34 - 00000000 ____D () C:\ProgramData\Norton 2014-03-26 10:35 - 2014-03-26 10:35 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2014-03-26 10:35 - 2014-03-26 10:35 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT 2014-03-26 10:34 - 2014-03-26 10:34 - 00000000 ____D () C:\Program Files\Norton Internet Security 2014-03-25 09:14 - 2014-03-08 17:29 - 00000000 ___RD () C:\Users\Grzesiek\Desktop\Nowy folder 2014-03-23 20:31 - 2014-03-23 20:31 - 00000000 ____D () C:\ProgramData\ESET 2014-03-23 20:21 - 2011-07-02 18:21 - 00000000 ____D () C:\Users\Grzesiek\AppData\Local\ALLPlayer 2014-03-23 20:18 - 2013-11-17 12:07 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForGrzesiek.job 2014-03-23 20:14 - 2014-03-23 20:14 - 00000000 ____D () C:\ProgramData\Wincert 2014-03-23 20:14 - 2014-03-23 20:14 - 00000000 ____D () C:\Program Files\Settings Manager 2014-03-23 20:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-03-23 19:15 - 2011-02-19 22:39 - 00000000 ____D () C:\Users\Grzesiek 2014-03-23 19:14 - 2011-02-19 23:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-23 19:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help 2014-03-23 19:11 - 2011-02-19 23:48 - 00000000 ____D () C:\Users\Grzesiek\AppData\Roaming\hpqLog 2014-03-23 19:11 - 2011-02-19 23:46 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-03-23 19:10 - 2014-03-23 19:10 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2014-03-23 19:08 - 2011-03-20 16:03 - 00000000 ____D () C:\Users\Grzesiek\AppData\Roaming\Hewlett-Packard 2014-03-23 19:08 - 2011-02-19 23:51 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-23 19:06 - 2011-03-20 16:01 - 00000052 _____ () C:\Windows\system32\DOErrors.log 2014-03-17 20:53 - 2012-04-18 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-17 20:53 - 2011-05-28 11:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-17 12:50 - 2011-02-20 17:44 - 00000000 ____D () C:\Users\Grzesiek\AppData\Roaming\uTorrent 2014-03-11 21:27 - 2011-02-20 17:36 - 00000000 ____D () C:\Users\Grzesiek\AppData\Roaming\Skype Some content of TEMP: ==================== C:\Users\Grzesiek\AppData\Local\Temp\chromesetup.exe C:\Users\Grzesiek\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Grzesiek\AppData\Local\Temp\ose00000.exe C:\Users\Grzesiek\AppData\Local\Temp\Resource.exe C:\Users\Grzesiek\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\Grzesiek\AppData\Local\Temp\SkypeSetup.exe C:\Users\Grzesiek\AppData\Local\Temp\Softonic_PL_1-5-9_PL-Production_10_CleanRelease.exe C:\Users\Grzesiek\AppData\Local\Temp\sp58915.exe C:\Users\Grzesiek\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Grzesiek\AppData\Local\Temp\UninstallHPTCA.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2013-02-20 20:39] - [2010-09-29 23:46] - 2616320 ____A (Microsoft Corporation) DF3DE87080587CD85396C4C8A04D8937 C:\Windows\system32\winlogon.exe [2013-02-20 20:39] - [2010-09-29 23:47] - 0286720 ____A (Microsoft Corporation) B2E8D9E74C70D6C4A18FDD5814862BA9 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll [2013-02-20 20:38] - [2010-09-29 23:50] - 0811520 ____A (Microsoft Corporation) CE01557A526807E108A7A4BA2122508D C:\Windows\system32\userinit.exe [2013-02-20 20:38] - [2010-09-29 23:47] - 0026624 ____A (Microsoft Corporation) 8C069537269AE8AB3E308B295038ABE6 C:\Windows\system32\rpcss.dll [2013-02-20 20:39] - [2010-09-29 23:49] - 0376320 ____A (Microsoft Corporation) 779323AAC2B39019EA83A34469BA873A ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\system32\Drivers\volsnap.sys [2013-02-20 20:39] - [2010-09-29 23:58] - 0245632 ____A (Microsoft Corporation) B974EEC6EEBEF26F2BB10A1CE3EDBFC3 LastRegBack: 2014-03-10 19:52 ==================== End Of Log ============================