Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014 Ran by Magdalena (administrator) on MAGDONI1008 on 05-09-2014 16:51:29 Running from C:\Users\Magdalena\Desktop Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Polski (Polska) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-21] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [273544 2011-04-09] (RealNetworks, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-11-02] (PowerISO Computing, Inc.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6676808 2011-12-21] (COMODO) HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872 2011-12-24] (Malwarebytes Corporation) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-25] (Comodo Security Solutions, Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {08e36102-5d20-11df-8c7e-0024548346dd} - F:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {18d5b8f2-7a1d-11df-a97e-0024548346dd} - F:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {58867e50-bba2-11e0-b022-0024548346dd} - G:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {95c390f5-93df-11df-b13e-0024548346dd} - F:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {9d63f059-9698-11df-b1ca-0024548346dd} - F:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {9d63f065-9698-11df-b1ca-0024548346dd} - F:\AutoRun.exe HKU\S-1-5-21-1624614489-1438924107-3198493719-1000\...\MountPoints2: {d280d167-b50d-11df-aa0a-0024548346dd} - G:\AutoRun.exe AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301224 2011-12-19] (COMODO) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.) Startup: C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn SearchScopes: HKLM - {55B7F8AB-0FBD-47E7-A0FA-5EAD9892D790} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_pl___PL384 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Pomocnik rejestracji usługi Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{37E72176-4A42-432A-BED0-ACEFBA4EB236}: [NameServer] 8.26.56.26,156.154.70.22 Tcpip\..\Interfaces\{5CE9FDAF-3B08-4944-922A-2BDA3FE58576}: [NameServer] 8.26.56.26,156.154.70.22 FireFox: ======== FF ProfilePath: C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\7rnlhl31.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\7rnlhl31.default\Extensions\2020Player_IKEA@2020Technologies.com [2011-08-30] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-08-02] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-09] FF Extension: No Name - C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\7rnlhl31.default\extensions\plugin@yontoo.com.xpi [] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll () CHR CustomProfile: C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30] CHR Extension: (Szukaj w Google) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-06-11] CHR Extension: (Skype Click to Call) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-11] CHR Extension: (Google Wallet) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30] CHR Extension: (Gmail) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-04-09] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-07-25] (Comodo Security Solutions, Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1960584 2011-12-19] (COMODO) R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-25] (Comodo Security Solutions, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [652872 2011-12-24] (Malwarebytes Corporation) R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-08-20] (AVG Technologies) R1 CFRMD; C:\windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider) R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [491816 2012-01-17] (COMODO) R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [39640 2011-12-19] (COMODO) R1 HMD; C:\windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] () S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed] R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82400 2011-12-19] (COMODO) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation) [File not signed] S3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-30] (Malwarebytes Corporation) R1 SCDEmu; C:\windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-05 18:48 - 2014-09-05 18:48 - 00000020 ____N () C:\windows\url.txt 2014-09-05 18:48 - 2009-07-14 03:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe 2014-09-05 16:51 - 2014-09-05 16:51 - 00021643 _____ () C:\Users\Magdalena\Desktop\FRST.txt 2014-09-05 16:34 - 2014-09-04 18:43 - 00047471 _____ () C:\Users\Magdalena\Desktop\AdwCleaner[S0].txt 2014-09-05 16:34 - 2014-09-04 18:41 - 00048810 _____ () C:\Users\Magdalena\Desktop\AdwCleaner[R1].txt 2014-09-05 16:34 - 2014-09-04 18:39 - 00048749 _____ () C:\Users\Magdalena\Desktop\AdwCleaner[R0].txt 2014-09-04 20:35 - 2014-09-05 16:51 - 00000000 ____D () C:\FRST 2014-09-04 20:30 - 2014-09-04 20:30 - 00380416 _____ () C:\Users\Magdalena\Downloads\uvtkqgy4.exe 2014-09-04 20:28 - 2014-09-04 20:29 - 00854417 _____ () C:\Users\Magdalena\Downloads\SecurityCheck.exe 2014-09-04 20:28 - 2014-09-04 20:28 - 00602112 _____ (OldTimer Tools) C:\Users\Magdalena\Downloads\OTL.exe 2014-09-04 20:27 - 2014-09-04 20:27 - 01096704 _____ (Farbar) C:\Users\Magdalena\Desktop\FRST.exe 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\ProgramData\Visan 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\Program Files\HP Photo Creations 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-09-04 19:25 - 2014-09-04 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-09-04 19:25 - 2014-09-04 19:25 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\HpUpdate 2014-09-04 19:25 - 2014-03-06 11:48 - 00597512 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPMC211.dll 2014-09-04 19:23 - 2014-09-04 19:25 - 00000000 ____D () C:\Program Files\HP 2014-09-04 19:23 - 2014-09-04 19:23 - 00000000 ____D () C:\ProgramData\HP 2014-09-04 19:22 - 2014-09-04 19:22 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-09-04 19:06 - 2014-09-04 19:26 - 00000000 ____D () C:\Users\Magdalena\AppData\Local\HP 2014-09-04 19:06 - 2014-09-04 19:07 - 04902336 _____ (Piriform Ltd) C:\Users\Magdalena\Downloads\ccsetup417pro.exe 2014-09-04 18:38 - 2014-09-04 18:43 - 00000000 ____D () C:\AdwCleaner 2014-09-04 18:36 - 2014-09-04 18:36 - 01370467 _____ () C:\Users\Magdalena\Downloads\adwcleaner_3.309.exe 2014-09-04 18:26 - 2014-09-04 18:27 - 06674824 _____ () C:\Users\Magdalena\Downloads\HPPSdr.exe 2014-09-04 18:26 - 2014-09-04 18:27 - 02338824 _____ () C:\Users\Magdalena\Downloads\hppiw.exe 2014-09-04 18:24 - 2014-09-04 18:30 - 106859936 _____ () C:\Users\Magdalena\Downloads\DJ2540_188.exe 2014-09-04 16:35 - 2014-09-04 16:35 - 00000000 ____D () C:\Program Files\Common Files\COMODO 2014-08-28 20:30 - 2014-08-28 20:30 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-05 18:48 - 2014-09-05 18:48 - 00000020 ____N () C:\windows\url.txt 2014-09-05 18:48 - 2010-06-17 16:32 - 00088640 _____ (Phoenix Technologies Ltd.) C:\windows\chsync.exe 2014-09-05 16:52 - 2014-09-05 16:51 - 00021643 _____ () C:\Users\Magdalena\Desktop\FRST.txt 2014-09-05 16:51 - 2014-09-04 20:35 - 00000000 ____D () C:\FRST 2014-09-05 16:49 - 2011-03-27 22:42 - 00065536 _____ () C:\windows\system32\Ikeext.etl 2014-09-05 16:49 - 2010-08-17 21:31 - 00000008 __RSH () C:\Users\Magdalena\ntuser.pol 2014-09-05 16:49 - 2010-06-17 16:32 - 01398969 _____ () C:\windows\chsync.log 2014-09-05 16:49 - 2010-05-11 20:55 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-05 16:49 - 2010-05-11 20:55 - 00000000 ____D () C:\Users\Magdalena 2014-09-05 16:49 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-05 16:49 - 2009-07-14 06:39 - 00225301 _____ () C:\windows\setupact.log 2014-09-05 16:48 - 2009-12-31 01:31 - 00880978 _____ () C:\windows\PFRO.log 2014-09-05 16:42 - 2009-07-14 04:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy 2014-09-05 16:37 - 2009-12-30 08:49 - 01809266 _____ () C:\windows\WindowsUpdate.log 2014-09-05 16:37 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing 2014-09-05 16:31 - 2009-07-14 06:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-05 16:31 - 2009-07-14 06:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-05 16:25 - 2010-06-17 16:45 - 00595456 _____ (Navizon Inc) C:\windows\system32\NScanNative.dll 2014-09-05 16:25 - 2010-06-17 16:45 - 00043584 _____ (Phoenix Technologies LTD) C:\windows\system32\AES.dll 2014-09-05 16:24 - 2010-06-17 16:41 - 00081920 _____ (Phoenix Technologies LTD) C:\windows\system32\fstcp.dll 2014-09-05 16:24 - 2010-06-17 16:41 - 00076800 _____ () C:\windows\system32\spekekit.dll 2014-09-05 12:00 - 2010-10-29 10:56 - 00000000 ____D () C:\Users\Magdalena\Documents\FINANSE 2014-09-05 09:06 - 2013-02-24 15:49 - 00002095 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-05 08:25 - 2010-06-17 16:45 - 00595456 _____ (Navizon Inc) C:\windows\system32\NScanNative_bak.dll 2014-09-05 08:24 - 2010-06-17 16:45 - 00043584 _____ (Phoenix Technologies LTD) C:\windows\system32\AES_bak.dll 2014-09-05 08:24 - 2010-06-17 16:41 - 00081920 _____ (Phoenix Technologies LTD) C:\windows\system32\fstcp_bak.dll 2014-09-05 08:24 - 2010-06-17 16:41 - 00076800 _____ () C:\windows\system32\spekekit_bak.dll 2014-09-04 20:30 - 2014-09-04 20:30 - 00380416 _____ () C:\Users\Magdalena\Downloads\uvtkqgy4.exe 2014-09-04 20:29 - 2014-09-04 20:28 - 00854417 _____ () C:\Users\Magdalena\Downloads\SecurityCheck.exe 2014-09-04 20:28 - 2014-09-04 20:28 - 00602112 _____ (OldTimer Tools) C:\Users\Magdalena\Downloads\OTL.exe 2014-09-04 20:27 - 2014-09-04 20:27 - 01096704 _____ (Farbar) C:\Users\Magdalena\Desktop\FRST.exe 2014-09-04 20:22 - 2011-06-22 13:19 - 00000000 ____D () C:\Program Files\NAPI-PROJEKT 2014-09-04 20:22 - 2011-01-26 12:40 - 00001912 _____ () C:\windows\epplauncher.mif 2014-09-04 20:21 - 2009-12-30 08:45 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-09-04 20:19 - 2010-06-17 16:36 - 00000000 ____D () C:\Program Files\blueconnect 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\ProgramData\Visan 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\Program Files\HP Photo Creations 2014-09-04 19:26 - 2014-09-04 19:26 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-09-04 19:26 - 2014-09-04 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-09-04 19:26 - 2014-09-04 19:06 - 00000000 ____D () C:\Users\Magdalena\AppData\Local\HP 2014-09-04 19:25 - 2014-09-04 19:25 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\HpUpdate 2014-09-04 19:25 - 2014-09-04 19:23 - 00000000 ____D () C:\Program Files\HP 2014-09-04 19:23 - 2014-09-04 19:23 - 00000000 ____D () C:\ProgramData\HP 2014-09-04 19:23 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32 2014-09-04 19:22 - 2014-09-04 19:22 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-09-04 19:07 - 2014-09-04 19:06 - 04902336 _____ (Piriform Ltd) C:\Users\Magdalena\Downloads\ccsetup417pro.exe 2014-09-04 18:43 - 2014-09-05 16:34 - 00047471 _____ () C:\Users\Magdalena\Desktop\AdwCleaner[S0].txt 2014-09-04 18:43 - 2014-09-04 18:38 - 00000000 ____D () C:\AdwCleaner 2014-09-04 18:41 - 2014-09-05 16:34 - 00048810 _____ () C:\Users\Magdalena\Desktop\AdwCleaner[R1].txt 2014-09-04 18:39 - 2014-09-05 16:34 - 00048749 _____ () C:\Users\Magdalena\Desktop\AdwCleaner[R0].txt 2014-09-04 18:36 - 2014-09-04 18:36 - 01370467 _____ () C:\Users\Magdalena\Downloads\adwcleaner_3.309.exe 2014-09-04 18:30 - 2014-09-04 18:24 - 106859936 _____ () C:\Users\Magdalena\Downloads\DJ2540_188.exe 2014-09-04 18:27 - 2014-09-04 18:26 - 06674824 _____ () C:\Users\Magdalena\Downloads\HPPSdr.exe 2014-09-04 18:27 - 2014-09-04 18:26 - 02338824 _____ () C:\Users\Magdalena\Downloads\hppiw.exe 2014-09-04 16:35 - 2014-09-04 16:35 - 00000000 ____D () C:\Program Files\Common Files\COMODO 2014-09-04 16:35 - 2012-08-28 20:32 - 00001973 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk 2014-09-04 16:35 - 2011-12-20 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2014-09-02 15:19 - 2009-12-31 02:26 - 02241624 _____ () C:\windows\system32\perfh015.dat 2014-09-02 15:19 - 2009-12-31 02:26 - 00672034 _____ () C:\windows\system32\perfc015.dat 2014-09-02 15:19 - 2009-07-26 22:06 - 00004568 _____ () C:\windows\system32\PerfStringBackup.INI 2014-08-29 15:21 - 2010-10-29 10:49 - 00000000 ____D () C:\Users\Magdalena\Documents\PRACA 2014-08-29 13:51 - 2012-04-15 00:31 - 00000000 ____D () C:\Users\Magdalena\Documents\FIRMA 2014-08-28 20:53 - 2011-08-02 15:58 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\Skype 2014-08-28 20:30 - 2014-08-28 20:30 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-28 20:30 - 2011-08-02 15:58 - 00000000 ____D () C:\ProgramData\Skype 2014-08-28 20:21 - 2013-09-17 17:41 - 00000000 ____D () C:\Users\piotr mistrz 2014-08-28 20:21 - 2010-08-17 21:34 - 00000000 ____D () C:\Users\Filip 2014-08-28 20:21 - 2010-06-23 13:18 - 00000000 ____D () C:\Users\piotr 2014-08-26 16:51 - 2010-08-17 21:34 - 00000000 ____D () C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-08-25 06:53 - 2010-08-09 22:16 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-20 18:53 - 2011-08-02 15:58 - 00000000 ___RD () C:\Program Files\Skype 2014-08-20 18:47 - 2012-10-09 22:19 - 00042784 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys 2014-08-20 10:48 - 2010-05-11 21:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-19 17:10 - 2010-05-11 21:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-19 17:09 - 2013-08-16 11:12 - 00000000 ____D () C:\windows\system32\MRT 2014-08-19 17:02 - 2010-06-20 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Files to move or delete: ==================== C:\Users\piotr\PowerPointViewer.exe C:\Users\piotr\TMViewerSetup.exe C:\Users\Public\PowerISO43.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 14:12 ==================== End Of Log ============================