frst

1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
2. Ran by Ania (administrator) on ANIA-KOMPUTER on 11-07-2014 14:19:18
3. Running from G:\
4. Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Polski (Polska)
5. Internet Explorer Version 8
6. Boot Mode: Normal
7.  
8. The only official download link for FRST:
9. Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
10. Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
11. Download link from any site other than Bleeping Computer is unpermitted or outdated.
12. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
13.  
14. ==================== Processes (Whitelisted) =================
15.  
16. (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17. (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18. ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
19. (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20. (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
21. () C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
22.  
23.  
24. ==================== Registry (Whitelisted) ==================
25.  
26. HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-10-19] ( Hewlett-Packard Development Company, L.P.)
27. HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
28. HKU\S-1-5-21-3213474604-242372093-1904989789-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
29. Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
30. ShortcutTarget: HP Pavilion Webcam Tray Icon.lnk -> C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
31.  
32. ==================== Internet (Whitelisted) ====================
33.  
34. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN16510427922657812&UM=2&ctid=CT3307181
35. SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1138&systemid=2&v=r10354-173&apn_uid=3093903021454413&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
36. SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=421&v=a9397-124&apn_uid=3093903021454413&apn_dtid=BND421&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
37. SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
38. SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN16510427922657812&UM=2
39. SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=928FDD818C0E2A2FD24C444FCB9C7043&q={searchTerms}
40. SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1138&systemid=2&v=r10354-173&apn_uid=3093903021454413&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
41. SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=421&v=a9397-124&apn_uid=3093903021454413&apn_dtid=BND421&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
42. SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=77528DE001CED8F10059B52C&src_id=30209&camp_id=-6&tb_version=1.3.4000.0(B)
43. SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN16510427922657812&UM=2
44. BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
45. Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
46. Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
47. Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
48. Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
49. Tcpip\..\Interfaces\{B51CF57F-4C71-49D9-9ED2-86EACA0FDD9E}: [NameServer]127.0.0.1
50. Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer]127.0.0.1
51. Tcpip\..\Interfaces\{EE3C7A10-3B9F-42BF-A506-B66370E1B662}: [NameServer]127.0.0.1
52.  
53. FireFox:
54. ========
55. FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
56. FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
57. FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
58.  
59. ========================== Services (Whitelisted) =================
60.  
61. S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
62. R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
63. R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
64.  
65. ==================== Drivers (Whitelisted) ====================
66.  
67. R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
68. R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [47744 2006-07-06] ()
69. S3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [26752 2006-11-24] (Sonix)
70.  
71. ==================== NetSvcs (Whitelisted) ===================
72.  
73.  
74. ==================== One Month Created Files and Folders ========
75.  
76. 2014-07-11 14:14 - 2014-07-11 14:14 - 00000056 _____ () C:\Windows\setupact.log
77. 2014-07-11 14:14 - 2014-07-11 14:14 - 00000000 _____ () C:\Windows\setuperr.log
78. 2014-07-11 13:32 - 2014-07-11 13:32 - 00001070 _____ () C:\Windows\PFRO.log
79. 2014-07-11 13:24 - 2014-07-11 13:24 - 00000000 ____D () C:\Users\Ania\AppData\Local\CrashDumps
80. 2014-07-11 13:11 - 2014-07-11 13:11 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
81. 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
82. 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\Program Files\CCleaner
83. 2014-07-11 13:08 - 2014-07-11 13:08 - 00001041 _____ () C:\Users\Ania\Desktop\Eusing Free Registry Cleaner.lnk
84. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
85. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Eusing
86. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
87. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Program Files\Eusing Free Registry Cleaner
88. 2014-07-11 13:08 - 2014-07-11 13:06 - 04812672 _____ (Piriform Ltd) C:\Users\Ania\Desktop\ccsetup415.exe
89. 2014-07-11 12:53 - 2014-07-11 12:53 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
90. 2014-07-11 12:53 - 2014-07-11 12:53 - 00000000 ____D () C:\ProgramData\RogueKiller
91. 2014-07-11 12:32 - 2014-07-11 12:33 - 00000000 ____D () C:\AdwCleaner
92. 2014-07-11 12:20 - 2014-07-11 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
93. 2014-07-11 12:20 - 2014-07-11 12:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
94. 2014-07-11 12:20 - 2014-07-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
95. 2014-07-11 12:19 - 2014-07-11 12:30 - 00000000 ____D () C:\Users\Ania\Desktop\mbar
96. 2014-07-11 12:19 - 2014-07-11 12:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
97. 2014-07-11 12:19 - 2014-07-11 12:18 - 04770392 _____ () C:\Users\Ania\Desktop\RogueKiller.exe
98. 2014-07-11 12:19 - 2014-07-11 12:16 - 00895120 _____ (Google Inc.) C:\Users\Ania\Desktop\ChromeSetup.exe
99. 2014-07-11 12:05 - 2014-07-11 13:24 - 00000000 ____D () C:\Users\Ania\Desktop\FILMY
100. 2014-07-11 12:04 - 2014-07-11 12:04 - 00000000 ____D () C:\Users\Ania\Desktop\ZDJECIA WSZYSTKIE
101. 2014-07-11 10:19 - 2014-07-11 14:19 - 00000000 ____D () C:\FRST
102.  
103. ==================== One Month Modified Files and Folders =======
104.  
105. 2014-07-11 14:19 - 2014-07-11 10:19 - 00000000 ____D () C:\FRST
106. 2014-07-11 14:18 - 2012-05-21 22:39 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI
107. 2014-07-11 14:18 - 2009-07-14 09:07 - 00687828 _____ () C:\Windows\system32\perfh015.dat
108. 2014-07-11 14:18 - 2009-07-14 09:07 - 00131382 _____ () C:\Windows\system32\perfc015.dat
109. 2014-07-11 14:15 - 2012-05-25 22:22 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Skype
110. 2014-07-11 14:14 - 2014-07-11 14:14 - 00000056 _____ () C:\Windows\setupact.log
111. 2014-07-11 14:14 - 2014-07-11 14:14 - 00000000 _____ () C:\Windows\setuperr.log
112. 2014-07-11 14:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
113. 2014-07-11 13:32 - 2014-07-11 13:32 - 00001070 _____ () C:\Windows\PFRO.log
114. 2014-07-11 13:32 - 2014-07-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
115. 2014-07-11 13:25 - 2013-04-22 14:07 - 00000000 ____D () C:\Program Files\Google
116. 2014-07-11 13:24 - 2014-07-11 13:24 - 00000000 ____D () C:\Users\Ania\AppData\Local\CrashDumps
117. 2014-07-11 13:24 - 2014-07-11 12:05 - 00000000 ____D () C:\Users\Ania\Desktop\FILMY
118. 2014-07-11 13:21 - 2012-05-21 22:27 - 00000000 ____D () C:\Windows\Panther
119. 2014-07-11 13:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
120. 2014-07-11 13:11 - 2014-07-11 13:11 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
121. 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
122. 2014-07-11 13:11 - 2014-07-11 13:11 - 00000000 ____D () C:\Program Files\CCleaner
123. 2014-07-11 13:08 - 2014-07-11 13:08 - 00001041 _____ () C:\Users\Ania\Desktop\Eusing Free Registry Cleaner.lnk
124. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
125. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Eusing
126. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
127. 2014-07-11 13:08 - 2014-07-11 13:08 - 00000000 ____D () C:\Program Files\Eusing Free Registry Cleaner
128. 2014-07-11 13:06 - 2014-07-11 13:08 - 04812672 _____ (Piriform Ltd) C:\Users\Ania\Desktop\ccsetup415.exe
129. 2014-07-11 12:53 - 2014-07-11 12:53 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
130. 2014-07-11 12:53 - 2014-07-11 12:53 - 00000000 ____D () C:\ProgramData\RogueKiller
131. 2014-07-11 12:42 - 2009-07-14 05:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
132. 2014-07-11 12:42 - 2009-07-14 05:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
133. 2014-07-11 12:33 - 2014-07-11 12:32 - 00000000 ____D () C:\AdwCleaner
134. 2014-07-11 12:30 - 2014-07-11 12:19 - 00000000 ____D () C:\Users\Ania\Desktop\mbar
135. 2014-07-11 12:20 - 2014-07-11 12:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
136. 2014-07-11 12:20 - 2014-07-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
137. 2014-07-11 12:19 - 2014-07-11 12:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
138. 2014-07-11 12:18 - 2014-07-11 12:19 - 04770392 _____ () C:\Users\Ania\Desktop\RogueKiller.exe
139. 2014-07-11 12:16 - 2014-07-11 12:19 - 00895120 _____ (Google Inc.) C:\Users\Ania\Desktop\ChromeSetup.exe
140. 2014-07-11 12:04 - 2014-07-11 12:04 - 00000000 ____D () C:\Users\Ania\Desktop\ZDJECIA WSZYSTKIE
141. 2014-07-11 12:03 - 2013-07-25 20:49 - 00000000 ____D () C:\Program Files\Advent
142. 2014-07-11 12:03 - 2013-07-25 20:48 - 00000000 ____D () C:\ProgramData\Advent
143. 2014-07-11 12:03 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
144. 2014-07-11 12:02 - 2013-07-25 20:48 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Temp
145. 2014-07-11 12:01 - 2013-11-21 02:40 - 00000000 ____D () C:\Program Files\BearShare Applications
146. 2014-07-10 21:18 - 2013-11-03 17:32 - 00000360 _____ () C:\Windows\Tasks\RegTask.job
147.  
148. Some content of TEMP:
149. ====================
150. C:\Users\Ania\AppData\Local\Temp\eauninstall.exe
151. C:\Users\Ania\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
152.  
153.  
154. ==================== Bamital & volsnap Check =================
155.  
156. C:\Windows\explorer.exe => File is digitally signed
157. C:\Windows\system32\winlogon.exe => File is digitally signed
158. C:\Windows\system32\wininit.exe => File is digitally signed
159. C:\Windows\system32\svchost.exe => File is digitally signed
160. C:\Windows\system32\services.exe => File is digitally signed
161. C:\Windows\system32\User32.dll => File is digitally signed
162. C:\Windows\system32\userinit.exe => File is digitally signed
163. C:\Windows\system32\rpcss.dll => File is digitally signed
164. C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
165.  
166.  
167. LastRegBack: 2013-12-06 22:20
168.  
169. ==================== End Of Log ============================