Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 Ran by Michał Zięcina (administrator) on IBR-CNU252BDF2 on 04-10-2014 08:18:19 Running from C:\Users\User\Desktop Loaded Profile: Michał Zięcina (Available profiles: Michał Zięcina & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-15] (Hewlett-Packard Company) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.) HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2013-06-13] (Intel Corporation) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-06-13] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [183168 2012-04-03] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.) HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-09-14] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3168158027-1598748805-4083129569-1001\...\MountPoints2: {04203187-1e7f-11e4-a261-54168aa86c1e} - H:\AutoRun.exe HKU\S-1-5-21-3168158027-1598748805-4083129569-1001\...\MountPoints2: {04203195-1e7f-11e4-a261-54168aa86c1e} - H:\AutoRun.exe HKU\S-1-5-21-3168158027-1598748805-4083129569-1001\...\MountPoints2: {22e3c742-efdd-11e2-91fc-54168aa86c1e} - D:\AutoRun.exe HKU\S-1-5-21-3168158027-1598748805-4083129569-1001\...\MountPoints2: {a9ea8aaa-9831-11e2-957f-a41731b6e8b9} - D:\AutoRun.exe HKU\S-1-5-21-3168158027-1598748805-4083129569-1001\...\MountPoints2: {a9ea8abf-9831-11e2-957f-a41731b6e8b9} - D:\AutoRun.exe Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKCU - DefaultScope {CC5F59DD-B1C8-40F0-969A-98383EEF9B05} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {CC5F59DD-B1C8-40F0-969A-98383EEF9B05} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130329065540.dll (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130329065541.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2F863322-B855-4833-BA63-FC616DFFE293}: [NameServer] 193.41.112.18 193.41.112.14 Tcpip\..\Interfaces\{3BBACF83-1A62-414E-8FEB-A253D2891A76}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{5EC1571D-10F3-4522-8945-961A5AB127A9}: [NameServer] 10.201.175.15,10.201.175.14 Tcpip\..\Interfaces\{794F5778-B1D1-4413-B2C2-D8EBD68F9876}: [NameServer] 213.158.199.1 213.158.199.5 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmiylh75.default FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmiylh75.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-03-05] FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmiylh75.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-10-12] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmiylh75.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-26] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-12-27] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-03-29] Chrome: ======= CHR HomePage: Default -> D8C326C7E5FF3A206F5982B08594A62E675D8A0BB8C5D4BA7E4F4C46DB3A4E55 CHR StartupUrls: Default -> "hxxp://www.google.pl/" CHR DefaultSearchKeyword: Default -> 9152F734062848FD47C9561FC95DB5FB2EAC240BE79573613FC7DAFC5EC6ED1E CHR DefaultSearchURL: Default -> 2D36678A772E7DEA01B2A6FFEF933B1B98403E099FEE5C4F009DCFD7152CE2FD CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-02-01] (Hewlett-Packard Company) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG) R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] () S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-03-29] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed] R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2011-10-06] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-09-14] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [158832 2011-10-06] (McAfee, Inc.) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc) R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG) R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [536848 2012-03-21] () R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [3487128 2009-12-30] (Check Point Software Technologies) R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5858304 2012-12-27] (Broadcom Corporation) [File not signed] R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [688024 2012-05-31] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-03-29] (Bytemobile, Inc.) [File not signed] S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-03-29] (Huawei Technologies Co., Ltd.) S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-28] (JMicron Technology Corp.) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-10-05] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-10-05] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-10-05] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-10-05] (MCCI Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160016 2011-10-06] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229008 2011-10-06] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [646816 2011-10-06] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100648 2011-10-06] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284384 2011-10-06] (McAfee, Inc.) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863680 2012-03-31] (Sonix Co. Ltd.) R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-03-29] (Bytemobile, Inc.) [File not signed] R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2009-12-30] (Check Point Software Technologies) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279312 2012-04-28] (Ericsson AB) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-04 08:18 - 2014-10-04 08:19 - 00024354 _____ () C:\Users\User\Desktop\FRST.txt 2014-10-04 08:17 - 2014-10-04 08:18 - 00000000 ____D () C:\FRST 2014-10-04 08:16 - 2014-10-04 08:16 - 02109440 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-10-04 07:34 - 2014-10-04 07:34 - 00118494 _____ () C:\Users\User\Desktop\OTL.Txt 2014-10-04 07:34 - 2014-10-04 07:34 - 00066304 _____ () C:\Users\User\Desktop\Extras.Txt 2014-10-04 07:19 - 2014-10-04 07:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe 2014-10-04 07:17 - 2014-10-04 07:17 - 00000347 _____ () C:\Users\User\Desktop\ComboFix(1).exe 2014-10-02 21:49 - 2014-10-04 08:00 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-02 21:49 - 2014-10-02 21:49 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-02 21:49 - 2014-10-02 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-02 21:49 - 2014-10-02 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-02 21:49 - 2014-10-02 21:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-02 21:49 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-10-02 21:49 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-10-02 21:49 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-10-02 21:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-10-02 21:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-10-02 21:38 - 2014-10-02 21:38 - 00000000 ____D () C:\windows\ERUNT 2014-10-02 21:37 - 2014-10-02 21:37 - 01701755 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe 2014-10-01 22:37 - 2014-10-01 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 08:16 - 2014-09-25 08:18 - 00000000 ____D () C:\Users\User\Desktop\Nowy folder 2014-09-25 08:15 - 2014-09-25 08:18 - 00000000 __SHD () C:\Users\User\Desktop\SMS-PW-17 2014-09-24 07:29 - 2014-09-24 07:29 - 00002926 _____ () C:\windows\System32\Tasks\{0D754985-27C4-495F-A195-CA897C7BE6AA} 2014-09-24 06:15 - 2014-09-24 17:49 - 03668341 _____ () C:\Users\User\Desktop\20141001 - bezpieczeństwo IBR2.pptx 2014-09-24 06:06 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-24 06:06 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-23 00:40 - 2014-08-31 17:26 - 1925296006 _____ () C:\Users\User\Desktop\Nieokiełznana Miłość Boga.avi 2014-09-23 00:40 - 2014-08-31 16:11 - 2101928224 _____ () C:\Users\User\Desktop\Palec Boży.avi 2014-09-13 23:49 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 23:49 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-13 23:49 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-13 23:49 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-13 23:49 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-13 22:51 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2014-09-13 22:51 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll 2014-09-13 22:51 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe 2014-09-13 22:51 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2014-09-13 22:51 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2014-09-13 22:51 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2014-09-13 22:51 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe 2014-09-13 22:51 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll 2014-09-13 22:13 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-13 22:13 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 22:12 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-13 22:12 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-13 22:12 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-13 22:12 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-13 22:12 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-13 22:12 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-12 01:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2014-09-12 01:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2014-09-12 01:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2014-09-12 01:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2014-09-12 01:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2014-09-12 01:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL 2014-09-12 01:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL 2014-09-12 01:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL 2014-09-12 01:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL 2014-09-12 01:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL 2014-09-12 01:13 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls 2014-09-12 01:13 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-04 07:52 - 2013-03-07 10:25 - 00001062 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-04 07:24 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-04 07:24 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-04 07:17 - 2013-03-07 10:25 - 00001058 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-04 07:16 - 2012-05-09 05:08 - 00000000 ____D () C:\ProgramData\PDFC 2014-10-04 07:16 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-10-04 07:16 - 2009-07-14 06:51 - 00094732 _____ () C:\windows\setupact.log 2014-10-02 22:17 - 2012-12-27 17:40 - 02004928 _____ () C:\windows\WindowsUpdate.log 2014-10-02 22:16 - 2014-02-06 23:00 - 00000000 ____D () C:\Quarantine 2014-10-02 22:11 - 2010-11-21 05:47 - 00223754 _____ () C:\windows\PFRO.log 2014-10-02 22:09 - 2012-05-09 04:03 - 04825204 _____ () C:\windows\system32\perfh015.dat 2014-10-02 22:09 - 2012-05-09 04:03 - 01583116 _____ () C:\windows\system32\perfc015.dat 2014-10-02 22:09 - 2009-07-14 07:13 - 00006248 _____ () C:\windows\system32\PerfStringBackup.INI 2014-10-02 22:04 - 2014-04-12 16:02 - 00000368 _____ () C:\windows\Tasks\HPCeeScheduleForMichał Zięcina.job 2014-10-02 22:04 - 2013-03-07 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-02 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\security 2014-10-02 21:37 - 2014-03-05 08:46 - 00000000 ____D () C:\Users\User\AppData\Local\ChomikBox 2014-10-02 21:27 - 2014-04-12 16:02 - 00003240 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMichał Zięcina 2014-10-02 21:26 - 2013-03-29 07:43 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-10-02 21:25 - 2013-06-13 08:01 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-02 21:14 - 2014-03-05 08:46 - 00000000 ____D () C:\Users\User\.gstreamer-0.10 2014-10-01 20:40 - 2013-03-29 08:00 - 00002288 ____H () C:\Users\User\Documents\Default.rdp 2014-09-24 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-09-21 16:58 - 2012-05-09 05:10 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-21 16:58 - 2012-05-09 05:10 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-20 21:09 - 2013-03-06 14:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-14 00:01 - 2013-08-29 21:39 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 23:55 - 2013-03-07 10:05 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 22:36 - 2013-03-06 13:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-13 22:13 - 2014-04-23 21:01 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-13 20:15 - 2009-07-14 06:45 - 00388072 _____ () C:\windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\1ulexhjl.dll C:\Users\User\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\User\AppData\Local\Temp\clnxqnoc.dll C:\Users\User\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\User\AppData\Local\Temp\Extract.exe C:\Users\User\AppData\Local\Temp\gjeb6rlg.dll C:\Users\User\AppData\Local\Temp\ResetDevice.exe C:\Users\User\AppData\Local\Temp\SP56729.exe C:\Users\User\AppData\Local\Temp\SP57443.exe C:\Users\User\AppData\Local\Temp\sp58915.exe C:\Users\User\AppData\Local\Temp\SP59033.exe C:\Users\User\AppData\Local\Temp\SP59202.exe C:\Users\User\AppData\Local\Temp\SP59426.exe C:\Users\User\AppData\Local\Temp\SP59529.exe C:\Users\User\AppData\Local\Temp\SP59530.exe C:\Users\User\AppData\Local\Temp\SP60623.exe C:\Users\User\AppData\Local\Temp\UninstallHPSA.exe C:\Users\User\AppData\Local\Temp\_is118D.exe C:\Users\User\AppData\Local\Temp\_is4E06.exe C:\Users\User\AppData\Local\Temp\_is82DB.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 18:11 ==================== End Of Log ============================