Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by DOMOWY (administrator) on DOMOWY-LAPTOP on 09-02-2015 15:51:16 Running from C:\Users\DOMOWY\Desktop Loaded Profiles: DOMOWY (Available profiles: UpdatusUser & DOMOWY) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (GG Network S.A.) C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\Przypominacz JT\Przypominacz JT.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () D:\POCZTA\KomaMail\Koma_Mail.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe (Google Inc.) C:\Users\DOMOWY\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Przypominacz JT] => C:\Program Files (x86)\Przypominacz JT\Przypominacz JT.exe [736768 2015-01-26] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-339540346-3109504209-938711790-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2790400 2010-08-30] (Locktime Software) HKU\S-1-5-21-339540346-3109504209-938711790-1001\...\Run: [Google Update] => C:\Users\DOMOWY\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-06] (Google Inc.) HKU\S-1-5-21-339540346-3109504209-938711790-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-339540346-3109504209-938711790-1001\...\Run: [Gadu-Gadu 10] => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe [13374048 2012-02-11] (GG Network S.A.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation) IFEO\taskmgr.exe: [Debugger] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-339540346-3109504209-938711790-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-339540346-3109504209-938711790-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2AD23F6F-4F4B-4F8D-972A-B97E20D8A9C8}: [NameServer] 193.41.112.14 193.41.112.18 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-339540346-3109504209-938711790-1001: @tools.google.com/Google Update;version=3 -> C:\Users\DOMOWY\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-339540346-3109504209-938711790-1001: @tools.google.com/Google Update;version=9 -> C:\Users\DOMOWY\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.pl/ CHR StartupUrls: Default -> "hxxp://www.google.pl/", "https://chrome.google.com/webstore/category/app/91-bookmarks?utm_source=chrome-ntp-icon&_sort=1" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Google Update) - C:\Users\DOMOWY\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Profile: C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-06] CHR Extension: (Adblock Plus) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-24] CHR Extension: (Szukaj w Google) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-06] CHR Extension: (Google Wallet) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\DOMOWY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-10] (ABBYY) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1743872 2010-08-30] (Locktime Software) [File not signed] S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [774616 2012-04-16] (Mister Group) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [44032 2010-08-11] (Alcor Micro, Corp.) [File not signed] S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed] R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS) U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-07-08] (MediaMall Technologies, Inc.) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2010-08-30] (Locktime Software) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-03] (Oracle Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:51 - 2015-02-09 15:51 - 00018905 _____ () C:\Users\DOMOWY\Desktop\FRST.txt 2015-02-09 15:51 - 2015-02-09 15:51 - 00000000 ____D () C:\FRST 2015-02-09 15:29 - 2015-02-09 15:29 - 00380416 _____ () C:\Users\DOMOWY\Desktop\9cbcebwh.exe 2015-02-09 15:27 - 2015-02-09 15:27 - 02132992 _____ (Farbar) C:\Users\DOMOWY\Desktop\FRST64.exe 2015-02-09 13:37 - 2015-02-09 13:38 - 00003219 _____ () C:\Users\DOMOWY\Desktop\eset.txt 2015-02-09 13:34 - 2015-02-09 13:34 - 00003219 _____ () C:\Users\DOMOWY\Desktop\Eset online scanner.txt 2015-02-09 11:07 - 2015-02-09 11:07 - 02347384 _____ (ESET) C:\Users\DOMOWY\Desktop\esetsmartinstaller_plk.exe 2015-02-09 10:33 - 2015-02-09 10:33 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-09 10:30 - 2015-02-09 10:30 - 00000000 ___RD () C:\Users\DOMOWY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-02-08 14:16 - 2015-02-09 15:25 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-339540346-3109504209-938711790-1001UA1d043a16c89f813.job 2015-02-08 14:16 - 2015-02-08 14:16 - 00004038 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-339540346-3109504209-938711790-1001UA1d043a16c89f813 2015-02-05 21:43 - 2015-02-05 21:43 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-05 21:40 - 2015-02-05 21:40 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\DOMOWY\Downloads\FreeYouTubeDownload.exe 2015-02-05 14:44 - 2015-02-05 14:44 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\HandBrake 2015-02-05 14:42 - 2015-02-05 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-05 14:41 - 2015-02-05 21:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-05 14:38 - 2015-02-05 21:43 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\DVDVideoSoft 2015-02-05 14:17 - 2015-02-05 14:17 - 03529744 _____ (DVDVideoSoft Ltd. ) C:\Users\DOMOWY\Downloads\FreeDVDVideoConverter.exe 2015-02-04 15:46 - 2015-02-04 15:47 - 12240456 _____ (MPC-HC Team ) C:\Users\DOMOWY\Downloads\MPC-HC.1.7.8.x64.exe 2015-02-01 15:09 - 2015-02-01 15:09 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje 2015-01-31 14:59 - 2015-02-06 06:20 - 00001386 _____ () C:\Windows\PFRO.log 2015-01-31 14:47 - 2015-01-31 14:47 - 11127472 _____ () C:\Users\DOMOWY\Downloads\SetupYTD.exe 2015-01-31 14:29 - 2015-01-31 14:29 - 02194432 _____ () C:\Users\DOMOWY\Downloads\adwcleaner_4.109.exe 2015-01-30 22:44 - 2015-02-09 10:30 - 00000840 _____ () C:\Windows\setupact.log 2015-01-30 22:44 - 2015-01-30 22:44 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-30 22:42 - 2015-01-30 22:42 - 00108486 _____ () C:\Users\DOMOWY\Documents\cc_20150130_224228.reg 2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\IsolatedStorage 2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2015-01-29 18:22 - 2015-01-29 18:22 - 00000000 ____D () C:\Spacekace 2015-01-27 11:07 - 2015-01-27 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przypominacz JT 2015-01-27 11:07 - 2015-01-27 11:07 - 00000000 ____D () C:\Program Files (x86)\Przypominacz JT 2015-01-26 23:41 - 2015-01-26 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-01-26 12:22 - 2015-01-26 23:20 - 00000000 ____D () C:\Users\DOMOWY\Desktop\skany zdjęć Jowity 2015-01-24 13:53 - 2015-01-25 14:52 - 00000000 ____D () C:\Program Files\Adblock Plus for IE 2015-01-23 14:59 - 2015-01-23 14:59 - 00000000 ____D () C:\Users\DOMOWY\Desktop\Allegro POK 2015-01-20 21:58 - 2015-01-31 14:58 - 00000000 ____D () C:\AdwCleaner 2015-01-14 14:14 - 2015-01-14 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vCard VCF To CSV Converter Software 2015-01-14 14:14 - 2015-01-14 14:14 - 00000000 ____D () C:\Program Files (x86)\vCard VCF To CSV Converter Software 2015-01-14 09:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 09:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 09:24 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 09:24 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 09:24 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 09:24 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 09:24 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 09:24 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 09:24 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 09:24 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 09:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 09:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 09:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 18:26 - 2015-01-14 14:27 - 00000000 ____D () C:\Users\DOMOWY\Downloads\do konwersji kontaktów 2015-01-13 18:09 - 2015-01-13 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSV to vCard 2015-01-13 18:09 - 2015-01-13 18:09 - 00000000 ____D () C:\Program Files (x86)\CSV to vCard 2015-01-13 17:52 - 2015-01-13 17:52 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-13 17:51 - 2015-01-13 17:56 - 00000000 ____D () C:\Users\DOMOWY\Documents\samsung 2015-01-13 17:51 - 2015-01-13 17:51 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2015-01-13 17:51 - 2015-01-13 17:51 - 00000000 ____D () C:\Users\DOMOWY\Documents\SelfMV 2015-01-13 17:51 - 2015-01-13 17:51 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\Samsung 2015-01-13 17:51 - 2015-01-13 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-13 17:51 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-01-13 17:50 - 2015-01-13 17:50 - 00000000 ____D () C:\Program Files (x86)\Samsung ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:35 - 2012-02-02 14:13 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\Skype 2015-02-09 15:19 - 2014-09-10 09:28 - 00000000 ____D () C:\Users\DOMOWY\Desktop\WAŻNE 2015-02-09 15:15 - 2012-05-06 21:21 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-339540346-3109504209-938711790-1001UA.job 2015-02-09 14:36 - 2011-09-18 10:16 - 01262123 _____ () C:\Windows\WindowsUpdate.log 2015-02-09 14:21 - 2012-05-06 21:21 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-339540346-3109504209-938711790-1001Core.job 2015-02-09 10:57 - 2012-03-01 10:56 - 10145792 ___SH () C:\Users\DOMOWY\Desktop\Thumbs.db 2015-02-09 10:37 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-09 10:37 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-09 10:30 - 2014-05-14 09:25 - 00000389 _____ () C:\Users\DOMOWY\Documents\Przypominacz JT - Lista przypomnień.txt 2015-02-09 10:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-08 23:44 - 2013-08-21 15:51 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.2 2015-02-08 16:19 - 2012-02-14 14:47 - 00000000 ____D () C:\Users\DOMOWY\AppData\Local\CrashDumps 2015-02-08 14:16 - 2012-05-06 21:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-339540346-3109504209-938711790-1001Core 2015-02-07 12:29 - 2012-06-08 22:24 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-06 20:50 - 2012-05-06 21:21 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-339540346-3109504209-938711790-1001UA 2015-02-06 06:24 - 2012-06-08 22:24 - 00003870 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-06 06:24 - 2012-04-06 08:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-06 06:24 - 2012-02-14 17:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 17:30 - 2012-02-03 22:33 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\SoftGrid Client 2015-02-04 17:26 - 2014-04-01 16:15 - 00000000 ____D () C:\Users\DOMOWY\Documents\Moje skanowanie 2015-02-04 17:16 - 2011-02-19 06:31 - 00784836 _____ () C:\Windows\system32\perfh015.dat 2015-02-04 17:16 - 2011-02-19 06:31 - 00170502 _____ () C:\Windows\system32\perfc015.dat 2015-02-04 17:16 - 2009-07-14 06:13 - 01782216 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-04 15:47 - 2012-08-20 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 2015-02-04 15:47 - 2012-08-20 21:17 - 00000000 ____D () C:\Program Files\MPC-HC 2015-02-02 13:17 - 2012-12-07 19:37 - 00000000 ____D () C:\Users\DOMOWY\Desktop\Pliki tekstowe 2015-02-01 15:09 - 2014-05-14 16:03 - 00000885 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk 2015-02-01 15:08 - 2014-08-18 16:34 - 00000000 ____D () C:\Users\DOMOWY\AppData\Local\Adobe 2015-01-31 14:58 - 2012-02-01 18:19 - 00000000 ____D () C:\Users\DOMOWY 2015-01-31 00:28 - 2012-03-16 22:54 - 00027136 _____ () C:\Users\DOMOWY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-30 22:45 - 2014-04-01 16:15 - 00000000 ____D () C:\Users\DOMOWY\Documents\Bluetooth Folder 2015-01-30 22:40 - 2014-05-08 14:44 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\TeamViewer 2015-01-30 22:40 - 2014-04-09 09:02 - 00000000 ____D () C:\Windows\Minidump 2015-01-30 22:40 - 2012-02-16 20:59 - 00000000 ____D () C:\Users\DOMOWY\AppData\Roaming\uTorrent 2015-01-30 10:21 - 2012-02-01 18:20 - 00065240 _____ () C:\Users\DOMOWY\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-30 10:20 - 2009-07-14 05:45 - 00285224 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-27 15:12 - 2014-11-25 19:50 - 00000000 ____D () C:\Users\DOMOWY\Desktop\Zelmer 2015-01-26 23:41 - 2012-11-30 12:14 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-26 23:41 - 2012-05-06 21:21 - 00000000 ____D () C:\Users\DOMOWY\AppData\Local\Google 2015-01-26 23:27 - 2012-02-14 12:30 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-26 17:34 - 2012-12-31 12:57 - 00000000 ____D () C:\Users\DOMOWY\Downloads\Android 2015-01-25 17:13 - 2012-03-20 22:21 - 00000000 ____D () C:\Users\DOMOWY\.VirtualBox 2015-01-25 15:32 - 2012-04-15 19:56 - 00000000 ____D () C:\Users\DOMOWY\Desktop\zintegrowany 2015-01-25 14:57 - 2012-03-20 22:23 - 00000000 ____D () C:\Users\DOMOWY\VirtualBox VMs 2015-01-25 14:44 - 2013-05-08 09:28 - 00000000 ____D () C:\Users\DOMOWY\Downloads\Spica 2015-01-25 14:20 - 2013-03-17 20:20 - 00000000 ____D () C:\Users\DOMOWY\Desktop\PDF-y 2015-01-25 14:04 - 2014-05-18 13:17 - 00000000 ____D () C:\Users\DOMOWY\Desktop\Zdjęcia mamy 2015-01-23 21:47 - 2014-02-18 20:50 - 00000000 ____D () C:\Users\DOMOWY\Desktop\Polisy Generali 2015-01-19 08:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-17 13:44 - 2014-01-09 20:30 - 00000000 ____D () C:\Users\DOMOWY\Desktop\Faktury Toya 2015-01-14 10:10 - 2013-08-15 23:32 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 10:00 - 2012-02-05 10:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 17:51 - 2011-09-18 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-11 19:21 - 2012-03-16 14:26 - 00000000 ____D () C:\Users\DOMOWY\AppData\Local\ChomikBox 2015-01-11 19:20 - 2012-03-16 14:26 - 00000000 ____D () C:\Users\DOMOWY\.gstreamer-0.10 2015-01-11 12:15 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2012-10-12 01:50 - 2013-06-27 07:44 - 0049738 _____ () C:\Program Files (x86)\AutoMapa EU.md5 2012-03-24 21:43 - 2008-04-19 18:18 - 0254976 _____ () C:\Program Files (x86)\GG Serwer Changer.exe 2012-03-24 21:43 - 2007-06-22 20:55 - 0000548 _____ () C:\Program Files (x86)\GG Serwer Changer.exe.manifest 2012-03-24 21:43 - 2008-04-19 18:06 - 0000598 _____ () C:\Program Files (x86)\srvlist.dat 2012-02-19 20:37 - 2012-04-11 13:17 - 0000295 _____ () C:\Users\DOMOWY\AppData\Roaming\burnaware.ini 2012-12-11 22:13 - 2012-12-11 22:13 - 0099384 _____ () C:\Users\DOMOWY\AppData\Roaming\inst.exe 2012-12-11 22:13 - 2012-12-11 22:13 - 0007859 _____ () C:\Users\DOMOWY\AppData\Roaming\pcouffin.cat 2012-12-11 22:13 - 2012-12-11 22:13 - 0001167 _____ () C:\Users\DOMOWY\AppData\Roaming\pcouffin.inf 2012-12-11 22:13 - 2012-12-11 22:13 - 0000055 _____ () C:\Users\DOMOWY\AppData\Roaming\pcouffin.log 2012-12-11 22:13 - 2012-12-11 22:13 - 0082816 _____ (VSO Software) C:\Users\DOMOWY\AppData\Roaming\pcouffin.sys 2012-03-16 22:54 - 2015-01-31 00:28 - 0027136 _____ () C:\Users\DOMOWY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-02-25 23:22 - 2012-02-26 10:36 - 0000600 _____ () C:\Users\DOMOWY\AppData\Local\PUTTY.RND 2012-02-17 17:57 - 2014-04-06 11:18 - 0007611 _____ () C:\Users\DOMOWY\AppData\Local\resmon.resmoncfg 2014-04-01 11:06 - 2014-04-01 11:06 - 0003185 _____ () C:\Users\DOMOWY\AppData\Local\unins000.dat 2014-04-01 11:06 - 2014-04-01 11:06 - 0707504 _____ () C:\Users\DOMOWY\AppData\Local\unins000.exe 2014-04-01 11:06 - 2014-04-01 11:06 - 0011761 _____ () C:\Users\DOMOWY\AppData\Local\unins000.msg 2014-11-25 17:43 - 2014-11-25 17:43 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-04-01 10:21 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe 2012-02-09 12:05 - 2013-03-21 18:29 - 0019568 _____ () C:\ProgramData\hpzinstall.log 2012-02-18 18:39 - 2012-02-18 18:53 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2011-09-18 10:40 - 2011-09-18 10:41 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-09-18 10:40 - 2011-09-18 10:40 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\DOMOWY\AppData\Local\Temp\FreeDVDVideoConverter.exe C:\Users\DOMOWY\AppData\Local\Temp\FreeYouTubeDownload.exe C:\Users\DOMOWY\AppData\Local\Temp\Quarantine.exe C:\Users\DOMOWY\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 14:22 ==================== End Of Log ============================