Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
- Ran by Ania (administrator) on ANIA-KOMPUTER on 11-07-2014 14:19:18
- Running from G:\
- Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Polski (Polska)
- Internet Explorer Version 8
- Boot Mode: Normal
- The only official download link for FRST:
- Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
- Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
- Download link from any site other than Bleeping Computer is unpermitted or outdated.
- See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
- (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
- ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
- (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
- () C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
- ==================== Registry (Whitelisted) ==================
- HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-10-19] ( Hewlett-Packard Development Company, L.P.)
- HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
- HKU\S-1-5-21-3213474604-242372093-1904989789-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
- Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
- ShortcutTarget: HP Pavilion Webcam Tray Icon.lnk -> C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
- ==================== Internet (Whitelisted) ====================
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN16510427922657812&UM=2&ctid=CT3307181
- SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1138&systemid=2&v=r10354-173&apn_uid=3093903021454413&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
- SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=421&v=a9397-124&apn_uid=3093903021454413&apn_dtid=BND421&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
- SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
- SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN16510427922657812&UM=2
- SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=928FDD818C0E2A2FD24C444FCB9C7043&q={searchTerms}
- SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1138&systemid=2&v=r10354-173&apn_uid=3093903021454413&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
- SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=421&v=a9397-124&apn_uid=3093903021454413&apn_dtid=BND421&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
- SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=77528DE001CED8F10059B52C&src_id=30209&camp_id=-6&tb_version=1.3.4000.0(B)
- SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN16510427922657812&UM=2
- BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
- Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
- Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
- Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
- Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
- Tcpip\..\Interfaces\{B51CF57F-4C71-49D9-9ED2-86EACA0FDD9E}: [NameServer]127.0.0.1
- Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer]127.0.0.1
- Tcpip\..\Interfaces\{EE3C7A10-3B9F-42BF-A506-B66370E1B662}: [NameServer]127.0.0.1
- FireFox:
- ========
- FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
- FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
- FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- ========================== Services (Whitelisted) =================
- S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
- R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
- R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
- ==================== Drivers (Whitelisted) ====================
- R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
- R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [47744 2006-07-06] ()
- S3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [26752 2006-11-24] (Sonix)
- ==================== NetSvcs (Whitelisted) ===================
- ==================== One Month Created Files and Folders ========
- 2014-07-11 14:14 - 2014-07-11 14:14 - 00000056 _____ () C:\Windows\setupact.log
- 2014-07-11 14:14 - 2014-07-11 14:14 - 00000000 _____ () C:\Windows\setuperr.log
- 2014-07-11 13:32 - 2014-07-11 13:32 - 00001070 _____ () C:\Windows\PFRO.log
- 2014-07-11 13:24 - 2014-07-11 13:24 - 00000000 ____D () C:\Users\Ania\AppData\Local\CrashDumps
- 2014-07-11 13:11 - 2014-07-11 13:11 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
- 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
- 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\Program Files\CCleaner
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00001041 _____ () C:\Users\Ania\Desktop\Eusing Free Registry Cleaner.lnk
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Eusing
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Program Files\Eusing Free Registry Cleaner
- 2014-07-11 13:08 - 2014-07-11 13:06 - 04812672 _____ (Piriform Ltd) C:\Users\Ania\Desktop\ccsetup415.exe
- 2014-07-11 12:53 - 2014-07-11 12:53 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
- 2014-07-11 12:53 - 2014-07-11 12:53 - 00000000 ____D () C:\ProgramData\RogueKiller
- 2014-07-11 12:32 - 2014-07-11 12:33 - 00000000 ____D () C:\AdwCleaner
- 2014-07-11 12:20 - 2014-07-11 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
- 2014-07-11 12:20 - 2014-07-11 12:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-07-11 12:20 - 2014-07-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
- 2014-07-11 12:19 - 2014-07-11 12:30 - 00000000 ____D () C:\Users\Ania\Desktop\mbar
- 2014-07-11 12:19 - 2014-07-11 12:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2014-07-11 12:19 - 2014-07-11 12:18 - 04770392 _____ () C:\Users\Ania\Desktop\RogueKiller.exe
- 2014-07-11 12:19 - 2014-07-11 12:16 - 00895120 _____ (Google Inc.) C:\Users\Ania\Desktop\ChromeSetup.exe
- 2014-07-11 12:05 - 2014-07-11 13:24 - 00000000 ____D () C:\Users\Ania\Desktop\FILMY
- 2014-07-11 12:04 - 2014-07-11 12:04 - 00000000 ____D () C:\Users\Ania\Desktop\ZDJECIA WSZYSTKIE
- 2014-07-11 10:19 - 2014-07-11 14:19 - 00000000 ____D () C:\FRST
- ==================== One Month Modified Files and Folders =======
- 2014-07-11 14:19 - 2014-07-11 10:19 - 00000000 ____D () C:\FRST
- 2014-07-11 14:18 - 2012-05-21 22:39 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2014-07-11 14:18 - 2009-07-14 09:07 - 00687828 _____ () C:\Windows\system32\perfh015.dat
- 2014-07-11 14:18 - 2009-07-14 09:07 - 00131382 _____ () C:\Windows\system32\perfc015.dat
- 2014-07-11 14:15 - 2012-05-25 22:22 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Skype
- 2014-07-11 14:14 - 2014-07-11 14:14 - 00000056 _____ () C:\Windows\setupact.log
- 2014-07-11 14:14 - 2014-07-11 14:14 - 00000000 _____ () C:\Windows\setuperr.log
- 2014-07-11 14:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2014-07-11 13:32 - 2014-07-11 13:32 - 00001070 _____ () C:\Windows\PFRO.log
- 2014-07-11 13:32 - 2014-07-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
- 2014-07-11 13:25 - 2013-04-22 14:07 - 00000000 ____D () C:\Program Files\Google
- 2014-07-11 13:24 - 2014-07-11 13:24 - 00000000 ____D () C:\Users\Ania\AppData\Local\CrashDumps
- 2014-07-11 13:24 - 2014-07-11 12:05 - 00000000 ____D () C:\Users\Ania\Desktop\FILMY
- 2014-07-11 13:21 - 2012-05-21 22:27 - 00000000 ____D () C:\Windows\Panther
- 2014-07-11 13:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
- 2014-07-11 13:11 - 2014-07-11 13:11 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
- 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
- 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\Program Files\CCleaner
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00001041 _____ () C:\Users\Ania\Desktop\Eusing Free Registry Cleaner.lnk
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Eusing
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
- 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Program Files\Eusing Free Registry Cleaner
- 2014-07-11 13:06 - 2014-07-11 13:08 - 04812672 _____ (Piriform Ltd) C:\Users\Ania\Desktop\ccsetup415.exe
- 2014-07-11 12:53 - 2014-07-11 12:53 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
- 2014-07-11 12:53 - 2014-07-11 12:53 - 00000000 ____D () C:\ProgramData\RogueKiller
- 2014-07-11 12:42 - 2009-07-14 05:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2014-07-11 12:42 - 2009-07-14 05:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2014-07-11 12:33 - 2014-07-11 12:32 - 00000000 ____D () C:\AdwCleaner
- 2014-07-11 12:30 - 2014-07-11 12:19 - 00000000 ____D () C:\Users\Ania\Desktop\mbar
- 2014-07-11 12:20 - 2014-07-11 12:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-07-11 12:20 - 2014-07-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
- 2014-07-11 12:19 - 2014-07-11 12:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2014-07-11 12:18 - 2014-07-11 12:19 - 04770392 _____ () C:\Users\Ania\Desktop\RogueKiller.exe
- 2014-07-11 12:16 - 2014-07-11 12:19 - 00895120 _____ (Google Inc.) C:\Users\Ania\Desktop\ChromeSetup.exe
- 2014-07-11 12:04 - 2014-07-11 12:04 - 00000000 ____D () C:\Users\Ania\Desktop\ZDJECIA WSZYSTKIE
- 2014-07-11 12:03 - 2013-07-25 20:49 - 00000000 ____D () C:\Program Files\Advent
- 2014-07-11 12:03 - 2013-07-25 20:48 - 00000000 ____D () C:\ProgramData\Advent
- 2014-07-11 12:03 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
- 2014-07-11 12:02 - 2013-07-25 20:48 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Temp
- 2014-07-11 12:01 - 2013-11-21 02:40 - 00000000 ____D () C:\Program Files\BearShare Applications
- 2014-07-10 21:18 - 2013-11-03 17:32 - 00000360 _____ () C:\Windows\Tasks\RegTask.job
- Some content of TEMP:
- ====================
- C:\Users\Ania\AppData\Local\Temp\eauninstall.exe
- C:\Users\Ania\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
- ==================== Bamital & volsnap Check =================
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2013-12-06 22:20
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement