Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 02 Ran by tomek (administrator) on TOMEK-PC on 12-12-2014 20:22:54 Running from C:\Users\tomek\Downloads Loaded Profile: tomek (Available profiles: tomek) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12009176 2013-09-03] (Realtek Semiconductor) HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe ÄÄË0­ö˜ä cŮŮŮö}­ Q­``{`a{\¬ {  {­Z»ˆC:\ HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1681707348-1694484624-1071145583-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-16] (Google Inc.) HKU\S-1-5-21-1681707348-1694484624-1071145583-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1681707348-1694484624-1071145583-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1681707348-1694484624-1071145583-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation) Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation) Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\tomek\AppData\Roaming\Mozilla\Firefox\Profiles\107noauq.default-1354819248325 FF SelectedSearchEngine: Allegro FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll (NHN USA Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: ImTranslator - C:\Users\tomek\AppData\Roaming\Mozilla\Firefox\Profiles\107noauq.default-1354819248325\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-03-08] FF Extension: Adblock Plus - C:\Users\tomek\AppData\Roaming\Mozilla\Firefox\Profiles\107noauq.default-1354819248325\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11] FF Extension: Greasemonkey - C:\Users\tomek\AppData\Roaming\Mozilla\Firefox\Profiles\107noauq.default-1354819248325\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-16] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-13] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-15] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-15] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-15] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-15] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-15] FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-16] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-16] (Kaspersky Lab ZAO) S3 hpqcxs08; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S2 hpqddsvc; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices) S3 gdrv; C:\Windows\gdrv.sys [17488 2014-03-05] (Windows (R) 2000 DDK provider) R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [103512 2011-05-19] (JMicron Technology Corp.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-15] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-05-15] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-16] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-15] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-16] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-05-15] (Kaspersky Lab ZAO) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-11] (Intel Corporation) R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2000-01-01] (Microsoft Corporation) R3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10394624 2007-07-24] (Sonix Co. Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-15] () R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [193024 2013-08-12] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [239104 2013-08-12] (VIA Technologies, Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-05-15] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 20:22 - 2014-12-12 20:23 - 00017125 _____ () C:\Users\tomek\Downloads\FRST.txt 2014-12-12 20:22 - 2014-12-12 20:22 - 00000000 ___DC () C:\FRST 2014-12-12 20:17 - 2014-12-12 20:18 - 01111040 _____ (Farbar) C:\Users\tomek\Downloads\FRST.exe 2014-12-10 04:55 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 04:55 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 04:52 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-12-10 03:12 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 03:12 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 03:12 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 03:12 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 03:12 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 03:12 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 03:12 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 03:12 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-12-10 03:12 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 03:12 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 03:12 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 03:12 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 03:12 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-10 03:12 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 03:12 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-12-10 03:12 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 03:12 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 03:12 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 03:12 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 03:12 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 03:12 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-12-10 03:12 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-12-06 08:24 - 2014-12-06 08:24 - 00000000 ____D () C:\Users\tomek\AppData\Roaming\Google 2014-12-02 17:38 - 2014-12-02 17:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-28 18:02 - 2014-11-28 18:03 - 05162080 _____ (Piriform Ltd) C:\Users\tomek\Downloads\ccsetup500.exe 2014-11-20 03:14 - 2014-11-20 03:14 - 00001002 _____ () C:\Users\tomek\Desktop\upc_telewizja_cyfrowa_instrukcja_uzytkownika(1) - Shortcut.lnk 2014-11-19 03:00 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-12 04:55 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 04:55 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 04:55 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 04:55 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 04:55 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 04:55 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 04:54 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 04:54 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 04:53 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 04:53 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 04:53 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 04:53 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 04:53 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 04:50 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 20:15 - 2006-11-02 13:45 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-12 20:15 - 2006-11-02 13:45 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-12 20:08 - 2012-07-29 06:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-12 19:38 - 2011-10-16 11:02 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-12 18:34 - 2014-05-15 17:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-12 18:00 - 2014-01-05 09:05 - 01920215 _____ () C:\Windows\WindowsUpdate.log 2014-12-12 14:38 - 2014-03-08 17:58 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf3aefa3222380.job 2014-12-12 14:22 - 2006-11-02 11:33 - 00760470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-12 14:15 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 04:50 - 2006-11-02 13:58 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-10 19:09 - 2012-07-29 06:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-10 19:09 - 2012-07-29 06:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-10 17:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-12-10 04:59 - 2011-10-19 15:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-10 04:55 - 2013-07-31 18:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 04:52 - 2012-02-16 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-10 04:52 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-12-08 09:18 - 2014-06-24 13:48 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-08 09:18 - 2014-06-24 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-08 09:18 - 2014-06-24 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-08 09:18 - 2012-10-15 11:57 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-06 08:24 - 2011-10-16 11:01 - 00000000 ____D () C:\Users\tomek\AppData\Local\Google 2014-12-05 04:47 - 2014-11-11 21:09 - 06504448 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤 2014-12-03 14:31 - 2014-06-11 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-28 18:04 - 2011-10-15 15:26 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-28 18:04 - 2011-10-15 15:26 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-21 06:14 - 2014-06-24 13:48 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-06-24 13:48 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2012-10-15 11:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-15 21:36 - 2011-10-14 17:45 - 00000000 ____D () C:\Users\tomek\AppData\Roaming\Skype 2014-11-12 14:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-12 05:01 - 2006-11-02 13:44 - 00258184 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-12 14:21 ==================== End Of Log ============================