Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01 Ran by Abi (administrator) on ABI-KOMPUTER on 31-07-2014 11:51:02 Running from C:\Users\Abi\Desktop\Nowy folder Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\IBUpdaterService\ibsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited) HKLM-x32\...\Run: [tuto4pc_pl_5] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe\uTorrent.exe [1051984 2013-02-11] (BitTorrent Inc.) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\Run: [Media Finder] => "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-05-22] ((주)마크애니) HKU\S-1-5-21-2373459085-1094487338-3103877305-1001\...\MountPoints2: {6bf9b6c3-774b-11e2-86cc-c0cb38ef19ac} - G:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=153 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0 SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0 SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C25A002682EAEA6D&affID=119676&tsp=4971 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0 BHO: grreatsaver -> {BE84127E-28DF-A836-D6CC-6C621D810140} -> C:\Program Files (x86)\grreatsaver\2I.x64.dll () BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: ALLYouTubeDownloader -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: grreatsaver -> {BE84127E-28DF-A836-D6CC-6C621D810140} -> C:\Program Files (x86)\grreatsaver\2I.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Abi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF user.js: detected! => C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\user.js FF SearchPlugin: C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\searchplugins\babylon.xml FF Extension: General Crawler - C:\Users\Abi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-06-03] FF Extension: P-HD-V1.4 - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [2014-07-17] FF Extension: Iplex to ALLPlayer - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\IplextoALL@ALLPlayer.org [2014-01-02] FF Extension: 7Go - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\7go@7go.com.xpi [2013-10-07] FF Extension: GoPhotoIt - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\gophoto@gophoto.it.xpi [2012-07-31] FF Extension: Iplex to ALLPlayer - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2013-02-13] FF Extension: PlusWinks - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\pluswinks@PlusWinks.xpi [2013-07-20] FF Extension: ALLYouTubeDownloader - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2014-01-03] FF Extension: Adblock Plus - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24] FF Extension: BonanzaDeals - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-01] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-19] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (YToBookMark) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnbopggcioogbkaofnechgjphkfofmo [2014-01-09] CHR Extension: (No Name) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blelaljgakacjdeaggpjilljobdmboff [2014-07-21] CHR Extension: (Easy Surf) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Abi\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-06-03] CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Abi\AppData\Roaming\7go\7go.crx [2013-07-30] CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Abi\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2013-07-30] CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Abi\AppData\Roaming\PlusWinks\PlusWinks.crx [2013-05-30] CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [713600 2013-06-11] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-05-04] (Nero AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197888 2010-01-22] (SMI) R4 kl1; system32\DRIVERS\kl1.sys [X] R4 KLIF; system32\DRIVERS\klif.sys [X] R4 klkbdflt; system32\DRIVERS\klkbdflt.sys [X] R4 klmouflt; system32\DRIVERS\klmouflt.sys [X] R4 kltdi; system32\DRIVERS\kltdi.sys [X] R4 kneps; system32\DRIVERS\kneps.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-31 11:49 - 2014-07-31 11:51 - 00000000 ____D () C:\FRST 2014-07-31 10:43 - 2014-07-31 10:43 - 00000000 ___SD () C:\Users\Abi\Documents\Passwords Database 2014-07-31 10:41 - 2014-07-31 11:51 - 00000000 ____D () C:\Users\Abi\Desktop\Nowy folder 2014-07-30 17:26 - 2014-07-30 17:26 - 00000000 ____D () C:\Users\Abi\AppData\Local\Adobe 2014-07-29 19:35 - 2014-07-29 19:34 - 00000677 _____ () C:\Users\Abi\Desktop\PRZEPISY.lnk 2014-07-26 08:53 - 2014-07-26 08:53 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-07-26 08:42 - 2014-07-26 08:42 - 00000000 ____D () C:\ProgramData\McAfee 2014-07-23 11:48 - 2014-07-23 11:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 3 Beta 4 2014-07-23 11:43 - 2014-07-23 11:46 - 00000136 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy (2).txt 2014-07-17 12:32 - 2014-07-17 12:54 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempnQ5876.html 2014-07-17 10:52 - 2014-07-17 10:52 - 00000022 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy.txt 2014-07-17 09:29 - 2014-07-31 09:34 - 00002232 _____ () C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4.job 2014-07-17 09:29 - 2014-07-31 09:34 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-07-17 09:29 - 2014-07-31 09:34 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-07-17 09:29 - 2014-07-31 09:29 - 00003786 _____ () C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11.job 2014-07-17 09:29 - 2014-07-31 09:29 - 00002416 _____ () C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3.job 2014-07-17 09:29 - 2014-07-17 09:29 - 00006816 _____ () C:\Windows\System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11 2014-07-17 09:29 - 2014-07-17 09:29 - 00005446 _____ () C:\Windows\System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3 2014-07-17 09:29 - 2014-07-17 09:29 - 00005262 _____ () C:\Windows\System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4 2014-07-17 09:29 - 2014-07-17 09:29 - 00003890 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-07-17 09:29 - 2014-07-17 09:29 - 00003636 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-07-17 09:29 - 2014-07-17 09:29 - 00000000 ____D () C:\Program Files (x86)\P-HD-V1.4 2014-07-17 09:28 - 2014-07-17 09:28 - 00262144 _____ () C:\Windows\system32\config\elam 2014-07-17 09:27 - 2014-07-31 09:27 - 00003784 _____ () C:\Windows\Tasks\5cb9b097-d74b-44f5-a55d-7af3d7a7e7ea-11.job 2014-07-17 09:27 - 2014-07-17 09:30 - 00000000 ____D () C:\Program Files (x86)\SavePass 2014-07-17 09:27 - 2014-07-17 09:27 - 00000000 ____D () C:\Users\Abi\AppData\Local\globalUpdate 2014-07-17 09:27 - 2014-07-17 09:27 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-07-17 09:26 - 2014-07-17 09:26 - 00000000 ____D () C:\Users\Abi\AppData\Roaming\VOPackage 2014-07-12 21:28 - 2014-07-13 02:28 - 00002432 _____ () C:\Users\Abi\AppData\Local\Tempfp3400.html 2014-07-12 21:28 - 2014-07-13 02:28 - 00002089 _____ () C:\Users\Abi\AppData\Local\TempLC3400.html 2014-07-12 21:28 - 2014-07-12 21:31 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempeW3400.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-31 11:51 - 2014-07-31 11:49 - 00000000 ____D () C:\FRST 2014-07-31 11:51 - 2014-07-31 10:41 - 00000000 ____D () C:\Users\Abi\Desktop\Nowy folder 2014-07-31 11:50 - 2013-02-11 14:05 - 00000000 ____D () C:\Users\Abi\AppData\Roaming\uTorrent 2014-07-31 11:47 - 2013-02-11 16:22 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-31 11:39 - 2011-04-05 17:24 - 00037242 _____ () C:\Users\Abi\Desktop\do ściągnięcia.txt 2014-07-31 11:24 - 2013-12-31 14:16 - 00000000 ____D () C:\Program Files (x86)\BonanzaDealsLive 2014-07-31 11:13 - 2013-02-13 00:07 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2373459085-1094487338-3103877305-1001UA.job 2014-07-31 11:07 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-31 11:07 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-31 11:06 - 2013-02-11 12:37 - 01891248 _____ () C:\Windows\WindowsUpdate.log 2014-07-31 10:52 - 2013-12-31 14:16 - 00000000 ____D () C:\Program Files (x86)\BonanzaDeals 2014-07-31 10:51 - 2014-03-14 13:27 - 00000000 ____D () C:\Users\Abi\AppData\Roaming\Samsung 2014-07-31 10:51 - 2013-12-22 11:26 - 00000000 ____D () C:\ProgramData\Samsung 2014-07-31 10:51 - 2013-12-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-07-31 10:51 - 2013-02-11 12:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-31 10:45 - 2013-10-07 23:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-07-31 10:44 - 2014-01-09 02:03 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-31 10:44 - 2014-01-09 02:03 - 00000000 ____D () C:\Users\Gość 2014-07-31 10:44 - 2014-01-09 02:03 - 00000000 ____D () C:\Users\Administrator 2014-07-31 10:43 - 2014-07-31 10:43 - 00000000 ___SD () C:\Users\Abi\Documents\Passwords Database 2014-07-31 09:34 - 2014-07-17 09:29 - 00002232 _____ () C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4.job 2014-07-31 09:34 - 2014-07-17 09:29 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-07-31 09:34 - 2014-07-17 09:29 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-07-31 09:29 - 2014-07-17 09:29 - 00003786 _____ () C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11.job 2014-07-31 09:29 - 2014-07-17 09:29 - 00002416 _____ () C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3.job 2014-07-31 09:27 - 2014-07-17 09:27 - 00003784 _____ () C:\Windows\Tasks\5cb9b097-d74b-44f5-a55d-7af3d7a7e7ea-11.job 2014-07-31 08:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-31 08:33 - 2014-02-05 17:00 - 00024514 _____ () C:\Windows\setupact.log 2014-07-30 23:12 - 2013-02-13 00:07 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2373459085-1094487338-3103877305-1001Core.job 2014-07-30 17:40 - 2011-04-12 15:21 - 00698004 _____ () C:\Windows\system32\perfh015.dat 2014-07-30 17:40 - 2011-04-12 15:21 - 00135082 _____ () C:\Windows\system32\perfc015.dat 2014-07-30 17:40 - 2009-07-14 07:13 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-30 17:26 - 2014-07-30 17:26 - 00000000 ____D () C:\Users\Abi\AppData\Local\Adobe 2014-07-29 19:34 - 2014-07-29 19:35 - 00000677 _____ () C:\Users\Abi\Desktop\PRZEPISY.lnk 2014-07-29 14:48 - 2013-04-02 19:36 - 00000000 ____D () C:\FILMY 2014-07-26 08:59 - 2013-02-11 16:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-26 08:59 - 2013-02-11 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-26 08:59 - 2013-02-11 16:22 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-26 08:53 - 2014-07-26 08:53 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-07-26 08:42 - 2014-07-26 08:42 - 00000000 ____D () C:\ProgramData\McAfee 2014-07-24 11:39 - 2013-02-11 18:52 - 00000000 ____D () C:\ProgramData\MoorHunt 2014-07-24 11:37 - 2013-02-11 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-23 11:48 - 2014-07-23 11:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 3 Beta 4 2014-07-23 11:46 - 2014-07-23 11:43 - 00000136 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy (2).txt 2014-07-21 09:58 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-17 12:54 - 2014-07-17 12:32 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempnQ5876.html 2014-07-17 10:52 - 2014-07-17 10:52 - 00000022 _____ () C:\Users\Abi\Desktop\Nowy dokument tekstowy.txt 2014-07-17 09:30 - 2014-07-17 09:27 - 00000000 ____D () C:\Program Files (x86)\SavePass 2014-07-17 09:29 - 2014-07-17 09:29 - 00006816 _____ () C:\Windows\System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11 2014-07-17 09:29 - 2014-07-17 09:29 - 00005446 _____ () C:\Windows\System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3 2014-07-17 09:29 - 2014-07-17 09:29 - 00005262 _____ () C:\Windows\System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4 2014-07-17 09:29 - 2014-07-17 09:29 - 00003890 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-07-17 09:29 - 2014-07-17 09:29 - 00003636 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-07-17 09:29 - 2014-07-17 09:29 - 00000000 ____D () C:\Program Files (x86)\P-HD-V1.4 2014-07-17 09:28 - 2014-07-17 09:28 - 00262144 _____ () C:\Windows\system32\config\elam 2014-07-17 09:27 - 2014-07-17 09:27 - 00000000 ____D () C:\Users\Abi\AppData\Local\globalUpdate 2014-07-17 09:27 - 2014-07-17 09:27 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-07-17 09:26 - 2014-07-17 09:26 - 00000000 ____D () C:\Users\Abi\AppData\Roaming\VOPackage 2014-07-13 02:28 - 2014-07-12 21:28 - 00002432 _____ () C:\Users\Abi\AppData\Local\Tempfp3400.html 2014-07-13 02:28 - 2014-07-12 21:28 - 00002089 _____ () C:\Users\Abi\AppData\Local\TempLC3400.html 2014-07-12 21:31 - 2014-07-12 21:28 - 00002432 _____ () C:\Users\Abi\AppData\Local\TempeW3400.html 2014-07-02 08:48 - 2013-04-15 08:33 - 00000641 _____ () C:\Users\Abi\Desktop\MoorHunt.lnk Some content of TEMP: ==================== C:\Users\Abi\AppData\Local\Temp\6_Offer_6.exe C:\Users\Abi\AppData\Local\Temp\c0dgfv0w.dll C:\Users\Abi\AppData\Local\Temp\DownloadManager.exe C:\Users\Abi\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 00:28 ==================== End Of Log ============================