Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by Grzegorz (administrator) on 1Q21WS on 02-05-2014 17:00:33 Running from C:\Users\Grzegorz\Desktop\Nowy folder Microsoft Windows 7 Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe () C:\Windows\System32\PnkBstrA.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Sony DADC Austria AG.) C:\Windows\System32\UAService7.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [GG] => C:\Users\Grzegorz\AppData\Local\GG\Application\gghub.exe [4023360 2014-04-04] (GG Network S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {5b0c5aca-24e2-11e2-8f52-001a4d6d98b2} - K:\Autorun.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {e8aec489-cddb-11e1-9677-001a4d6d98b2} - J:\RunGame.exe ==================== Internet (Whitelisted) ==================== SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {9F10FB97-153E-4C79-AD2A-CBBAF248A1EC} URL = https://www.google.com/search?q={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Grzegorz\AppData\Roaming\Mozilla\Firefox\Profiles\a3aomcye.default-1397719485965 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Grzegorz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) ==================== Services (All) ======================== R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [64952 2011-06-06] (Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257712 2014-04-29] (Adobe Systems Incorporated) R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2010-09-28] (AMD) S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation) R3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation) S4 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [46528 2012-07-09] (Microsoft Corporation) R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation) R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation) S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation) S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) R2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation) S3 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation) R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation) S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [104912 2012-07-09] (Microsoft Corporation) S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [139264 2012-06-02] (Microsoft Corporation) R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation) S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) R2 Dhcp; C:\Windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation) R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation) R2 DPS; C:\Windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation) S3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) S3 EFS; C:\Windows\System32\lsass.exe [22528 2011-11-17] (Microsoft Corporation) R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation) R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) S3 Fax; C:\Windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation) R3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) R3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) R2 FontCache; C:\Windows\system32\FntCache.dll [802304 2011-02-19] (Microsoft Corporation) S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation) R2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation) R3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation) R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation) R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation) S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation) S3 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation) R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation) R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation) S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168448 2010-08-27] (Microsoft Corporation) R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation) S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) R2 LVPrcSrv; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [154136 2009-10-07] (Logitech Inc.) R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-03-29] (Mozilla Foundation) R2 MpsSvc; C:\Windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation) S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation) S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation) S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation) R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139696 2012-07-09] (Microsoft Corporation) S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139696 2012-07-09] (Microsoft Corporation) R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139696 2012-07-09] (Microsoft Corporation) S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139696 2012-07-09] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150616 2012-11-12] (Microsoft Corporation) S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4846168 2012-10-01] (Microsoft Corporation) R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) R3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) S3 pla; C:\Windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation) R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [294912 2011-05-24] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-04-22] () S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation) R2 Power; C:\Windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation) R2 ProfSvc; C:\Windows\system32\profsvc.dll [163328 2012-05-02] (Microsoft Corporation) S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation) S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) S3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation) S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) R2 RpcSs; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation) R2 SamSs; C:\Windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation) S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) R2 Schedule; C:\Windows\system32\schedsvc.dll [749056 2010-11-02] (Microsoft Corporation) S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation) S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation) S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) S3 SessionEnv; C:\Windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation) S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation) S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies) S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) R2 Spooler; C:\Windows\System32\spoolsv.exe [316928 2012-02-11] (Microsoft Corporation) S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation) S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation) R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) R2 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation) S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) R2 SysMain; C:\Windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation) S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation) S3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation) S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) S3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation) R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation) S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) R2 UserAccess7; C:\Windows\system32\UAService7.exe [139264 2011-05-13] (Sony DADC Austria AG.) R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation) S3 vds; C:\Windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation) S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation) S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2013-03-05] (Microsoft Corporation) S3 wbengine; C:\Windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation) S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-09-14] (Microsoft Corporation) S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) S3 WebClient; C:\Windows\System32\webclnt.dll [204800 2010-12-21] (Microsoft Corporation) S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) R3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [350720 2010-12-21] (Microsoft Corporation) R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation) S3 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation) R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2010-12-21] (Microsoft Corporation) R2 WSearch; C:\Windows\system32\SearchIndexer.exe [428032 2011-05-04] (Microsoft Corporation) S4 wuauserv; C:\Windows\system32\wuaueng.dll [1933848 2012-06-03] (Microsoft Corporation) S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation) S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-14] (DT Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-30] (LogMeIn, Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-04-27] (REALiX(tm)) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 16:59 - 2014-05-02 17:00 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-05-02 16:59 - 2014-05-02 17:00 - 00000000 ____D () C:\FRST 2014-05-02 12:04 - 2014-05-02 12:06 - 191246704 _____ () C:\Users\Grzegorz\Downloads\Windows6.1-KB947821-v32-x86.msu 2014-04-27 13:46 - 2014-04-27 13:46 - 00022688 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2014-04-27 13:45 - 2014-04-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 2014-04-27 13:45 - 2014-04-27 13:45 - 00000000 ____D () C:\Program Files\HWiNFO32 2014-04-27 13:44 - 2014-04-27 13:44 - 02564360 _____ (Martin Malík - REALiX ) C:\Users\Grzegorz\Downloads\hw32_436.exe 2014-04-26 10:10 - 2014-04-26 10:10 - 00347379 _____ () C:\Windows\system32\sfc.txt 2014-04-26 09:28 - 2014-04-26 09:28 - 00000369 _____ () C:\DelFix.txt 2014-04-22 20:45 - 2014-04-22 20:45 - 00000842 _____ () C:\Users\Grzegorz\Desktop\nfs — skrót.lnk 2014-04-22 20:36 - 2014-04-22 20:36 - 00000000 ____D () C:\Users\Grzegorz\Downloads\Crack do NFS Undercover 2014-04-21 20:33 - 2014-04-21 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-21 20:33 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-21 20:33 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-21 20:33 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-21 20:33 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-21 20:32 - 2014-04-21 20:33 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-04-20 21:48 - 2014-04-20 22:08 - 00000000 ____D () C:\Users\Grzegorz\Downloads\1314067752-SecretSpecial-Race-Starter 2014-04-20 21:48 - 2012-03-11 14:50 - 00781998 _____ () C:\Users\Grzegorz\Desktop\NFSU2 Race Trainer.exe 2014-04-15 18:10 - 2014-04-15 18:11 - 00000000 ____D () C:\Program Files\Opera 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Opera Software 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Opera Software 2014-04-15 17:46 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2014-04-15 17:40 - 2014-04-15 17:40 - 00143648 _____ () C:\Windows\Minidump\041514-16687-01.dmp 2014-04-15 17:32 - 2014-04-15 18:39 - 00000000 ____D () C:\Windows\system32\Data 2014-04-15 17:32 - 2014-04-15 17:32 - 00000000 ____D () C:\Program Files\Creative 2014-04-15 17:31 - 2010-03-18 19:19 - 00011776 _____ (Creative Technology Limited) C:\Windows\INRES.DLL 2014-04-15 17:31 - 2010-03-18 19:17 - 00010240 _____ (Creative Technology Ltd) C:\Windows\CTDCRES.DLL 2014-04-13 13:26 - 2014-04-13 13:26 - 00000000 ____D () C:\ProgramData\redistpart 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\launcher 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\explauncher 2014-04-12 16:46 - 2014-04-12 16:46 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\MPC-HC 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack ==================== One Month Modified Files and Folders ======= 2014-05-02 17:00 - 2014-05-02 16:59 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-05-02 17:00 - 2014-05-02 16:59 - 00000000 ____D () C:\FRST 2014-05-02 17:00 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-02 17:00 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-02 16:57 - 2013-12-16 14:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\GG 2014-05-02 16:57 - 2011-01-22 17:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Skype 2014-05-02 16:55 - 2013-12-08 14:37 - 00017071 _____ () C:\Windows\setupact.log 2014-05-02 16:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 14:54 - 2013-09-05 16:07 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-02 12:12 - 2011-01-20 22:48 - 01672424 _____ () C:\Windows\WindowsUpdate.log 2014-05-02 12:06 - 2014-05-02 12:04 - 191246704 _____ () C:\Users\Grzegorz\Downloads\Windows6.1-KB947821-v32-x86.msu 2014-05-01 21:25 - 2012-02-06 20:32 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\NFS Underground 2 2014-04-29 22:54 - 2013-09-05 16:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-29 22:54 - 2011-05-22 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-28 18:53 - 2011-11-12 18:33 - 00138184 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys 2014-04-28 18:52 - 2011-11-12 18:33 - 00183112 _____ () C:\Windows\system32\PnkBstrB.exe 2014-04-27 22:03 - 2013-12-16 14:41 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\GG 2014-04-27 13:46 - 2014-04-27 13:46 - 00022688 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2014-04-27 13:45 - 2014-04-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 2014-04-27 13:45 - 2014-04-27 13:45 - 00000000 ____D () C:\Program Files\HWiNFO32 2014-04-27 13:44 - 2014-04-27 13:44 - 02564360 _____ (Martin Malík - REALiX ) C:\Users\Grzegorz\Downloads\hw32_436.exe 2014-04-26 10:10 - 2014-04-26 10:10 - 00347379 _____ () C:\Windows\system32\sfc.txt 2014-04-26 09:28 - 2014-04-26 09:28 - 00000369 _____ () C:\DelFix.txt 2014-04-25 21:55 - 2011-01-22 22:27 - 00000000 ___RD () C:\Users\Grzegorz\Desktop\grzes 2014-04-23 17:04 - 2014-01-25 19:47 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\.minecraft 2014-04-23 16:08 - 2011-11-12 18:33 - 00000000 ____D () C:\Users\Grzegorz\Documents\NFS Undercover 2014-04-22 20:45 - 2014-04-22 20:45 - 00000842 _____ () C:\Users\Grzegorz\Desktop\nfs — skrót.lnk 2014-04-22 20:41 - 2011-11-12 18:33 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe 2014-04-22 20:36 - 2014-04-22 20:36 - 00000000 ____D () C:\Users\Grzegorz\Downloads\Crack do NFS Undercover 2014-04-22 16:28 - 2009-07-14 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-22 16:22 - 2011-03-26 20:30 - 00389258 _____ () C:\Windows\DirectX.log 2014-04-21 20:33 - 2014-04-21 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-21 20:33 - 2014-04-21 20:32 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-04-21 20:33 - 2013-11-01 15:28 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-21 20:33 - 2013-08-24 13:34 - 00000000 ____D () C:\Program Files\Java 2014-04-20 22:08 - 2014-04-20 21:48 - 00000000 ____D () C:\Users\Grzegorz\Downloads\1314067752-SecretSpecial-Race-Starter 2014-04-17 09:29 - 2011-01-20 22:44 - 00446370 _____ () C:\Windows\PFRO.log 2014-04-15 18:39 - 2014-04-15 17:32 - 00000000 ____D () C:\Windows\system32\Data 2014-04-15 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-15 18:23 - 2011-06-12 12:25 - 00000149 _____ () C:\Windows\disney.ini 2014-04-15 18:11 - 2014-04-15 18:10 - 00000000 ____D () C:\Program Files\Opera 2014-04-15 18:11 - 2011-01-20 22:56 - 00001425 _____ () C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Opera Software 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Opera Software 2014-04-15 17:40 - 2014-04-15 17:40 - 00143648 _____ () C:\Windows\Minidump\041514-16687-01.dmp 2014-04-15 17:40 - 2013-04-27 18:40 - 00000000 ____D () C:\Windows\Minidump 2014-04-15 17:40 - 2011-01-20 22:56 - 00000000 ____D () C:\Users\Grzegorz 2014-04-15 17:32 - 2014-04-15 17:32 - 00000000 ____D () C:\Program Files\Creative 2014-04-15 17:32 - 2011-01-20 23:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-14 20:13 - 2014-04-21 20:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-04-21 20:33 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-14 20:05 - 2014-04-21 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-14 20:04 - 2014-04-21 20:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-13 13:26 - 2014-04-13 13:26 - 00000000 ____D () C:\ProgramData\redistpart 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\launcher 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\explauncher 2014-04-12 16:46 - 2014-04-12 16:46 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\MPC-HC 2014-04-09 20:02 - 2011-07-01 22:23 - 00000000 ____D () C:\ProgramData\Real 2014-04-09 20:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-09 18:39 - 2011-01-20 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-04-09 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-09 18:37 - 2011-01-28 15:52 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Adobe 2014-04-09 18:25 - 2014-03-29 20:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-06 18:00 - 2011-01-20 23:00 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 18:00 - 2009-07-14 10:07 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-04-06 18:00 - 2009-07-14 10:07 - 00155268 _____ () C:\Windows\system32\perfc015.dat Some content of TEMP: ==================== C:\Users\Grzegorz\AppData\Local\Temp\drm_dyndata_7380012.dll C:\Users\Grzegorz\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Grzegorz\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Grzegorz\AppData\Local\Temp\installstats.exe C:\Users\Grzegorz\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 21:24 ==================== End Of Log ============================