Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 ([color=red]ATTENTION: ====> FRST version is 27 days old and could be outdated[/color]) Ran by Misa (administrator) on MISA-PC on 09-04-2014 18:57:37 Running from C:\Users\Misa\Desktop\fix Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Windows\system32\PSIService.exe () C:\Program Files\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe () C:\Program Files\Winamp\winampa.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe () C:\Program Files\Bamboo Dock\BambooCore.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Young Digital Planet SA) C:\Program Files\YDP\YdpDict\Watch.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated) HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.) HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-12-24] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) HKLM\...\Run: [UpdatePDIRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [37888 2009-03-09] () HKLM\...\Run: [DXM6Patch_981116] - C:\Windows\p_981116.exe [497376 1998-11-30] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [BambooScribeAutoStart.vbe] - C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe [1151 2011-02-14] () HKLM\...\Run: [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-09-27] () HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [450652 2009-06-03] (IDT, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-12-02] (Kaspersky Lab ZAO) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203720 2008-11-23] (Alcohol Soft Development Team) HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\MountPoints2: {9799d162-90c3-11de-a01e-806e6f6e6963} - E:\autorun.exe HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\MountPoints2: {b90556d9-6f1b-11e1-a25a-00238bb2bcc2} - F:\Startme.exe HKU\S-1-5-21-3424630648-2794623995-3157949827-1000\...\MountPoints2: {cb10a100-76e6-11df-8c06-00238bb2bcc2} - F:\instaluj.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=91&bd=Presario&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=91&bd=Presario&pf=cnnb SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {45750A99-38D5-40A3-BBCC-4ACEDA61D5D7} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKCU - {45750A99-38D5-40A3-BBCC-4ACEDA61D5D7} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\..\Interfaces\{E119EA76-5EF4-40AD-B617-185190443A17}: [NameServer]194.204.159.1,194.204.152.34 FireFox: ======== FF ProfilePath: C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\uwjk8nhh.default-1396536099312 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-04-25] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-04-25] FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-04-25] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-12-02] (Kaspersky Lab ZAO) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-23] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-26] () R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe [217170 2009-06-03] (IDT, Inc.) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [570160 2012-04-25] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2010-06-12] () S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X] S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 18:56 - 2014-04-09 18:57 - 00000000 ____D () C:\FRST 2014-04-09 18:54 - 2014-04-09 18:54 - 01145856 _____ (Farbar) C:\Users\Misa\Downloads\FRST.exe 2014-04-09 18:53 - 2014-04-09 18:57 - 00000000 ____D () C:\Users\Misa\Desktop\fix 2014-04-09 18:49 - 2014-04-09 18:49 - 00000000 ____D () C:\Windows\LastGood 2014-04-03 16:42 - 2014-04-03 16:45 - 00000000 ____D () C:\AdwCleaner 2014-03-25 12:38 - 2014-03-25 12:38 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-25 12:38 - 2014-03-25 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-25 12:37 - 2014-03-25 12:37 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-25 12:36 - 2014-03-25 13:17 - 00000000 ____D () C:\Users\Misa\Desktop\mbar 2014-03-25 12:27 - 2014-03-25 12:27 - 00004916 _____ () C:\Users\Misa\Desktop\ESETSirefefCleaner.exe_20140325.112701.3824.log 2014-03-25 12:24 - 2014-03-25 12:24 - 00367968 _____ (ESET) C:\Users\Misa\Desktop\ESETSirefefCleaner.exe 2014-03-24 18:35 - 2014-03-24 18:35 - 00000000 ____D () C:\Users\Misa\AppData\Local\Macromedia 2014-03-24 18:34 - 2014-03-24 18:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe ==================== One Month Modified Files and Folders ======= 2014-04-09 18:57 - 2014-04-09 18:56 - 00000000 ____D () C:\FRST 2014-04-09 18:57 - 2014-04-09 18:53 - 00000000 ____D () C:\Users\Misa\Desktop\fix 2014-04-09 18:56 - 2013-07-07 17:15 - 00000000 ____D () C:\Users\Misa\Desktop\pobrane pliki 2014-04-09 18:54 - 2014-04-09 18:54 - 01145856 _____ (Farbar) C:\Users\Misa\Downloads\FRST.exe 2014-04-09 18:54 - 2009-04-21 03:38 - 01693113 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 18:53 - 2009-03-16 12:31 - 00662056 _____ () C:\Windows\system32\perfh015.dat 2014-04-09 18:53 - 2009-03-16 12:31 - 00126908 _____ () C:\Windows\system32\perfc015.dat 2014-04-09 18:53 - 2006-11-02 12:33 - 01468980 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-09 18:49 - 2014-04-09 18:49 - 00000000 ____D () C:\Windows\LastGood 2014-04-09 18:49 - 2012-03-16 06:13 - 00238468 _____ () C:\Windows\DPINST.LOG 2014-04-09 18:48 - 2009-08-25 19:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-09 18:47 - 2009-04-21 04:11 - 00000286 _____ () C:\ProgramData\hpqp.ini 2014-04-09 18:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 18:45 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 18:45 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 18:44 - 2009-09-22 10:28 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Winamp 2014-04-09 18:44 - 2006-11-02 15:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-03 16:45 - 2014-04-03 16:42 - 00000000 ____D () C:\AdwCleaner 2014-03-31 19:51 - 2009-10-05 19:57 - 00000052 _____ () C:\Windows\system32\DOErrors.log 2014-03-30 10:46 - 2010-08-18 10:45 - 00000442 _____ () C:\Windows\Tasks\COMODO System Cleaner Update.job 2014-03-25 14:16 - 2013-11-23 20:11 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-03-25 14:15 - 2009-03-16 04:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-25 14:11 - 2011-01-31 19:16 - 00028332 _____ () C:\Windows\PFRO.log 2014-03-25 13:39 - 2011-02-20 13:04 - 00000000 ___RD () C:\Users\Misa\Desktop\wszystko z pulpitu 2014-03-25 13:21 - 2011-10-08 17:32 - 00000000 ____D () C:\Windows\MSSecurityNi 2014-03-25 13:17 - 2014-03-25 12:36 - 00000000 ____D () C:\Users\Misa\Desktop\mbar 2014-03-25 12:38 - 2014-03-25 12:38 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-25 12:38 - 2014-03-25 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-25 12:37 - 2014-03-25 12:37 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-25 12:27 - 2014-03-25 12:27 - 00004916 _____ () C:\Users\Misa\Desktop\ESETSirefefCleaner.exe_20140325.112701.3824.log 2014-03-25 12:24 - 2014-03-25 12:24 - 00367968 _____ (ESET) C:\Users\Misa\Desktop\ESETSirefefCleaner.exe 2014-03-24 18:35 - 2014-03-24 18:35 - 00000000 ____D () C:\Users\Misa\AppData\Local\Macromedia 2014-03-24 18:34 - 2014-03-24 18:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-24 18:34 - 2012-01-06 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-15 16:17 - 2011-01-30 19:41 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Azureus 2014-03-15 16:11 - 2009-08-24 20:34 - 00017920 _____ () C:\Users\Misa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Misa\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 18:59 ==================== End Of Log ============================