Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 Ran by SYSTEM at 10-10-2012 22:34:36 Running from G:\ Windows 7 Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog [2169856 2011-04-03] () HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10025576 2011-02-24] (Realtek Semiconductor) HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x] HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x] HKLM\...\Run: [] [x] HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup [307200 2011-06-14] (PowerISO Computing, Inc.) HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.) HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [Acememes] C:\Windows\Wenmemor.exe [x] HKU\admin\...\Run: [cacaoweb] "C:\Users\admin\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [435712 2012-10-04] () HKU\admin\...\Run: [RGSC] C:\Program Files\Rockstar Games Social Club\RGSCLauncher.exe /silent [306088 2008-12-12] (Take-Two Interactive Software, Inc.) HKU\admin\...\Run: [csrs.exe] C:\Windows\csrs.exe [x] HKU\admin\...\Run: [userinit] C:\rk\rk.exe [x] HKU\admin\...\Run: [jushed] C:\ProgramData\jushed.exe [566784 2011-08-30] ( ) HKU\admin\...\Run: [PCSpeedUp] C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk [x] HKU\admin\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x] HKU\admin\...\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000 [338296 2011-05-16] (Uniblue Systems Limited) HKU\admin\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation) HKU\admin\...\Run: [screenshooter] C:\Program Files\ScreenShooter\screenshooter.exe --hidden [606208 2010-09-03] () HKU\admin\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.) HKU\admin\...\Run: [GG] "C:\Users\admin\AppData\Local\GG\Application\gghub.exe" [3381384 2012-09-12] (GG Network S.A.) HKU\admin\...\Run: [MediaClassic] C:\Users\admin\AppData\Roaming\WINtemp.exe [115200 2012-10-02] () HKU\admin\...\Policies\system: [LogonHoursAction] 2 HKU\admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Winlogon\Notify\LogonInit: logonInit.dll [X] Tcpip\Parameters: [DhcpNameServer] 80.85.224.2 80.85.224.50 ==================== Services (Whitelisted) =================== 2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-08-29] (LogMeIn Inc.) 2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-24] (NVIDIA Corporation) 2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-09-25] () 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3064000 2012-08-13] (Skype Technologies S.A.) 2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [x] 2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-09-03] (DT Soft Ltd) 3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-28] (Duplex Secure Ltd.) 3 XDva387; \??\C:\Windows\system32\XDva387.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-10-10 22:25 - 2012-10-10 22:25 - 00000000 ___DC C:\FRST 2012-10-10 12:08 - 2012-10-09 21:28 - 00905954 ___AC (Farbar) C:\Users\admin\Desktop\FRST (1).exe 2012-10-06 03:53 - 2012-10-10 12:16 - 00000392 ___AC C:\Windows\setupact.log 2012-10-06 03:53 - 2012-10-06 03:53 - 00000000 ___AC C:\Windows\setuperr.log 2012-10-05 06:20 - 2012-10-05 06:20 - 00000000 ___DC C:\Program Files\ESET 2012-10-03 10:31 - 2012-10-03 10:31 - 00000000 ___DC C:\Users\admin\AppData\Local\OtLand 2012-10-03 10:30 - 2012-10-03 10:30 - 00148992 ___AC (OtLand) C:\Users\admin\Documents\ipchanger.exe 2012-10-03 10:27 - 2012-10-03 10:27 - 00000298 ___AC C:\Program Files\unin.bat 2012-10-03 10:18 - 2012-10-03 10:24 - 00000717 ___AC C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk 2012-10-03 10:17 - 2012-10-02 12:01 - 00115200 ___AC C:\Users\admin\AppData\Roaming\WINtemp.exe 2012-10-03 10:15 - 2012-10-03 10:15 - 32056381 ___AC (CipSoft GmbH ) C:\Users\admin\Documents\Tibia 9.60.exe 2012-10-03 07:55 - 2012-10-03 07:56 - 23950631 ___AC (CipSoft GmbH ) C:\Users\admin\Documents\tibia860.exe 2012-09-27 12:47 - 2012-10-05 06:24 - 00268952 ___AC C:\Windows\System32\PnkBstrB.xtr 2012-09-26 01:39 - 2012-09-26 01:39 - 00000000 ___DC C:\Users\All Users\GG 2012-09-25 13:08 - 2012-10-05 06:25 - 00137176 ____A C:\Windows\System32\Drivers\PnkBstrK.sys 2012-09-25 13:08 - 2012-09-25 13:08 - 00022328 ___AC C:\Users\admin\AppData\Roaming\PnkBstrK.sys 2012-09-25 13:07 - 2012-10-05 06:24 - 00268952 ___AC C:\Windows\System32\PnkBstrB.exe 2012-09-25 13:07 - 2012-10-03 12:30 - 00268952 ___AC C:\Windows\System32\PnkBstrB.ex0 2012-09-25 13:07 - 2012-09-25 13:11 - 00075136 ___AC C:\Windows\System32\PnkBstrA.exe 2012-09-25 13:07 - 2012-09-25 13:07 - 00682280 ___AC C:\Windows\System32\pbsvc.exe 2012-09-22 07:19 - 2012-09-22 07:20 - 00000000 __SDC C:\Users\admin\GG dysk 2012-09-22 07:19 - 2012-09-22 07:19 - 00001578 ___AC C:\Users\admin\Desktop\GG dysk.lnk 2012-09-22 07:17 - 2012-10-05 05:24 - 00000000 ___DC C:\Users\admin\AppData\Roaming\GG 2012-09-22 05:11 - 2012-09-22 05:11 - 00001099 ___AC C:\Users\admin\Desktop\GG.lnk 2012-09-22 04:53 - 2012-09-22 04:53 - 00000000 ___DC C:\Users\admin\Documents\TEST NA PRAWO JAZDY 2012-09-22 04:49 - 2012-09-21 12:13 - 42958872 ___AC C:\Users\admin\Desktop\ggsetup.exe 2012-09-21 13:41 - 2012-09-26 01:39 - 00000000 ___DC C:\Users\admin\AppData\Local\GG 2012-09-19 12:15 - 2012-09-19 12:15 - 00001032 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd96a379282add.job 2012-09-11 11:58 - 2012-10-03 10:17 - 00000000 ___DC C:\Program Files\Tibi 2012-09-11 11:57 - 2012-10-03 10:17 - 00000914 ___AC C:\Users\Public\Desktop\Tibia.lnk 2012-09-11 11:57 - 2012-09-11 12:01 - 00000000 ___DC C:\Users\admin\AppData\Roaming\Tibia 2012-09-11 11:57 - 2012-09-11 11:57 - 00000000 ___DC C:\Program Files\Tibia ==================== 3 Months Modified Files ================== 2012-10-10 12:16 - 2012-10-06 03:53 - 00000392 ___AC C:\Windows\setupact.log 2012-10-09 21:28 - 2012-10-10 12:08 - 00905954 ___AC (Farbar) C:\Users\admin\Desktop\FRST (1).exe 2012-10-06 03:53 - 2012-10-06 03:53 - 00000000 ___AC C:\Windows\setuperr.log 2012-10-05 06:25 - 2012-09-25 13:08 - 00137176 ____A C:\Windows\System32\Drivers\PnkBstrK.sys 2012-10-05 06:24 - 2012-09-27 12:47 - 00268952 ___AC C:\Windows\System32\PnkBstrB.xtr 2012-10-05 06:24 - 2012-09-25 13:07 - 00268952 ___AC C:\Windows\System32\PnkBstrB.exe 2012-10-05 05:22 - 2011-08-30 11:53 - 00000002 ___AC C:\Users\All Users\timerxfile 2012-10-05 05:22 - 2011-08-30 11:53 - 00000001 ___AC C:\Users\All Users\varsavefile 2012-10-05 05:22 - 2011-08-30 11:53 - 00000001 ___AC C:\Users\All Users\datesavefile 2012-10-03 12:30 - 2012-09-25 13:07 - 00268952 ___AC C:\Windows\System32\PnkBstrB.ex0 2012-10-03 10:30 - 2012-10-03 10:30 - 00148992 ___AC (OtLand) C:\Users\admin\Documents\ipchanger.exe 2012-10-03 10:27 - 2012-10-03 10:27 - 00000298 ___AC C:\Program Files\unin.bat 2012-10-03 10:24 - 2012-10-03 10:18 - 00000717 ___AC C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk 2012-10-03 10:24 - 2009-07-13 15:12 - 00206848 ___AC (Microsoft Corporation) C:\Windows\System32\ws2_32.dll 2012-10-03 10:17 - 2012-09-11 11:57 - 00000914 ___AC C:\Users\Public\Desktop\Tibia.lnk 2012-10-03 10:15 - 2012-10-03 10:15 - 32056381 ___AC (CipSoft GmbH ) C:\Users\admin\Documents\Tibia 9.60.exe 2012-10-03 07:56 - 2012-10-03 07:55 - 23950631 ___AC (CipSoft GmbH ) C:\Users\admin\Documents\tibia860.exe 2012-10-02 12:01 - 2012-10-03 10:17 - 00115200 ___AC C:\Users\admin\AppData\Roaming\WINtemp.exe 2012-09-25 13:11 - 2012-09-25 13:07 - 00075136 ___AC C:\Windows\System32\PnkBstrA.exe 2012-09-25 13:08 - 2012-09-25 13:08 - 00022328 ___AC C:\Users\admin\AppData\Roaming\PnkBstrK.sys 2012-09-25 13:07 - 2012-09-25 13:07 - 00682280 ___AC C:\Windows\System32\pbsvc.exe 2012-09-22 07:19 - 2012-09-22 07:19 - 00001578 ___AC C:\Users\admin\Desktop\GG dysk.lnk 2012-09-22 05:11 - 2012-09-22 05:11 - 00001099 ___AC C:\Users\admin\Desktop\GG.lnk 2012-09-21 12:13 - 2012-09-22 04:49 - 42958872 ___AC C:\Users\admin\Desktop\ggsetup.exe 2012-09-19 12:15 - 2012-09-19 12:15 - 00001032 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd96a379282add.job 2012-09-18 13:34 - 2012-08-14 02:33 - 00000564 ___AC C:\Users\admin\Desktop\murzyn aport.txt 2012-09-03 12:27 - 2012-09-03 12:27 - 00477168 ___AC (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2012-09-03 12:27 - 2012-09-03 12:27 - 00473072 ___AC (Sun Microsystems, Inc.) C:\Windows\System32\RENCDB.tmp 2012-09-03 12:27 - 2012-09-03 12:27 - 00157680 ___AC (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2012-09-03 12:27 - 2012-09-03 12:27 - 00149488 ___AC (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2012-09-03 12:27 - 2012-09-03 12:27 - 00149488 ___AC (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2012-08-14 02:33 - 2012-08-14 02:33 - 00000000 ___AC C:\Windows\System32\murzyn aport.txt 2012-08-09 11:23 - 2012-08-09 11:23 - 00000873 ___AC C:\Users\Public\Desktop\Smite.lnk 2012-08-09 11:23 - 2012-08-09 11:23 - 00000864 ___AC C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk 2012-07-19 06:17 - 2012-07-19 06:17 - 00000000 ___AC C:\Windows\System32\silka koxy.rar ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 2046.49 MB Available physical RAM: 1549.15 MB Total Pagefile: 2046.49 MB Available Pagefile: 1626.63 MB Total Virtual: 2047.88 MB Available Virtual: 1971.22 MB ==================== Partitions ============================= 2 Drive c: () (Fixed) (Total:48.83 GB) (Free:19.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive d: () (Fixed) (Total:92.02 GB) (Free:60.44 GB) NTFS 4 Drive e: () (Fixed) (Total:92.02 GB) (Free:66.21 GB) NTFS 6 Drive g: (PENDRIVE) (Removable) (Total:7.44 GB) (Free:4.52 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 8 MB Disk 1 Online 7634 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 48 GB 31 KB Partition 0 Extended 184 GB 48 GB Partition 2 Logical 92 GB 48 GB Partition 3 Logical 92 GB 140 GB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 48 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D NTFS Partition 92 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 92 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7630 MB 4032 KB ========================================================= Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G PENDRIVE FAT32 Removable 7630 MB Healthy ========================================================= Last Boot: 2011-08-21 06:11 ==================== End Of Log ============================