Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02 Ran by MaGdusia (administrator) on MAGDUSIA-PC on 15-06-2014 15:30:27 Running from D:\Tomek\Instalki Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe () C:\Program Files\ASUS\ASUS Live Update\ALU.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe () C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe () C:\Program Files\Wireless Console 2\wcourier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ATK) C:\Program Files\ASUS\Splendid\ACMON.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUSTeK) C:\Windows\System32\ACEngSvr.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe () C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgam.exe () C:\Program Files\ASUS\ATK Hotkey\WDC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe () C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) C:\Windows\AsScrPro.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynAsus.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe () C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-01-12] () HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13543968 2008-06-25] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-06-25] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-06-13] (Realtek Semiconductor) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] () HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3054136 2008-09-07] (ASUS) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-16] (Synaptics, Inc.) HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {1ca40064-aa46-11e1-b61d-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {1ca40065-aa46-11e1-b61d-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {1e312aa4-50fb-11e2-a552-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {1e312ab0-50fb-11e2-a552-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {3c59fdee-b942-11e1-b5a2-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {3c59fdf0-b942-11e1-b5a2-002243a32dad} - G:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {45be6b7b-aca2-11e1-8552-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {45be6b7d-aca2-11e1-8552-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {5f5dd8ed-1bae-11e3-9db2-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {7c99026e-c455-11e1-b38d-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {7c990271-c455-11e1-b38d-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {ad2110c4-badf-11e1-aa38-002243a32dad} - G:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {bdc6fabc-b4d1-11e1-8764-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {bdc6fabe-b4d1-11e1-8764-002243a32dad} - G:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {c31575ed-aff1-11e1-abf4-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {c315760e-aff1-11e1-abf4-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {c36e86e4-978e-11e1-be20-002243a32dad} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {c36e8705-978e-11e1-be20-002243a32dad} - G:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {dabc674f-bee2-11e1-bd0a-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2529038935-653534040-3308758212-1000\...\MountPoints2: {e341191d-e23e-11e2-8f65-002243a32dad} - F:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=76EB582C80139263 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=76EB582C80139263 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\MaGdusia\AppData\Roaming\Mozilla\Firefox\Profiles\uhys7070.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\MaGdusia\AppData\Roaming\Mozilla\Firefox\Profiles\uhys7070.default\user.js FF SearchPlugin: C:\Users\MaGdusia\AppData\Roaming\Mozilla\Firefox\Profiles\uhys7070.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\MaGdusia\AppData\Roaming\Mozilla\Firefox\Profiles\uhys7070.default\searchplugins\delta.xml FF Extension: WebSite Recommendation - C:\Users\MaGdusia\AppData\Roaming\Mozilla\Firefox\Profiles\uhys7070.default\Extensions\WebSiteRecommendation@weliketheweb.com [2014-03-20] FF Extension: Adblock Plus - C:\Users\MaGdusia\AppData\Roaming\Mozilla\Firefox\Profiles\uhys7070.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-07] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\ FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\ [] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe ========================== Services (Whitelisted) ================= R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed] R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] () [File not signed] S2 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-12-28] () R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () ==================== Drivers (Whitelisted) ==================== R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [54112 2010-07-12] (AVG Technologies CZ, s.r.o.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-10] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.) R3 DCamUSBET; C:\Windows\System32\DRIVERS\etDevice.sys [474624 2007-09-06] (eMPIA Technology, Inc.) R3 FiltUSBET; C:\Windows\System32\DRIVERS\etFilter.sys [206336 2007-10-15] (eMPIA Technology Inc.) R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-12-28] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-12-28] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-12-28] (Huawei Technologies Co., Ltd.) R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. ) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( ) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100) R3 ScanUSBET; C:\Windows\System32\DRIVERS\etScan.sys [6656 2007-09-06] (eMPIA Technology, Inc.) S3 ALSysIO; \??\C:\Users\MaGdusia\AppData\Local\Temp\ALSysIO.sys [X] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2012-12-28] (Huawei Technologies Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-15 15:28 - 2014-06-15 15:30 - 00000000 ____D () C:\FRST 2014-06-15 14:05 - 2014-06-15 14:05 - 00101240 _____ () C:\Users\MaGdusia\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-15 14:02 - 2014-06-15 14:03 - 00373608 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-15 14:02 - 2014-06-15 14:02 - 00000580 _____ () C:\Windows\PFRO.log 2014-06-14 12:22 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 15:46 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 15:46 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 15:46 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 15:46 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 15:46 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 15:46 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 15:46 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-12 15:46 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 15:46 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 15:46 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-12 15:46 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 15:46 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 15:46 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 15:46 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 15:46 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-12 15:46 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 15:46 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 15:46 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 15:46 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-12 15:46 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-12 15:46 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 15:46 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 15:46 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 15:46 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-04 15:41 - 2014-06-04 15:41 - 00000000 ____D () C:\Users\MaGdusia\Desktop\Dzień Dziecka 2014-06-04 15:34 - 2014-06-08 17:53 - 00000000 ____D () C:\Users\MaGdusia\Desktop\Lunka 2014-05-27 21:56 - 2014-05-27 23:44 - 00000000 ____D () C:\Users\MaGdusia\Desktop\Muzyka-siatkówka 2014-05-27 21:55 - 2014-05-27 22:04 - 00000000 ____D () C:\Users\MaGdusia\Downloads\eska VA - Zima 2014 (2013) 2014-05-27 21:50 - 2014-05-27 21:50 - 00017680 _____ () C:\Users\MaGdusia\Downloads\[www.tnt24.info] VA - VA Eska - Zima 2014 [2CD] (2014) [mp3@320kbps].torrent ==================== One Month Modified Files and Folders ======= 2014-06-15 15:30 - 2014-06-15 15:28 - 00000000 ____D () C:\FRST 2014-06-15 15:30 - 2012-05-06 17:19 - 00000000 ____D () C:\Users\MaGdusia\AppData\Local\Temp 2014-06-15 15:07 - 2012-05-06 19:09 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-15 14:11 - 2008-09-07 07:55 - 01818403 _____ () C:\Windows\WindowsUpdate.log 2014-06-15 14:05 - 2014-06-15 14:05 - 00101240 _____ () C:\Users\MaGdusia\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-15 14:05 - 2012-09-24 18:07 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-15 14:04 - 2014-03-02 09:57 - 00000206 _____ () C:\Windows\Tasks\AutoKMSDaily.job 2014-06-15 14:04 - 2014-03-02 09:57 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job 2014-06-15 14:04 - 2013-01-29 23:08 - 00000298 _____ () C:\Windows\Tasks\ROC_REG_JAN_DELETE.job 2014-06-15 14:04 - 2012-07-19 13:34 - 00093892 _____ () C:\ProgramData\nvModes.001 2014-06-15 14:04 - 2008-09-07 09:49 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-06-15 14:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-15 14:04 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-15 14:04 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-15 14:03 - 2014-06-15 14:02 - 00373608 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-15 14:02 - 2014-06-15 14:02 - 00000580 _____ () C:\Windows\PFRO.log 2014-06-15 14:01 - 2008-09-07 07:56 - 00001076 _____ () C:\Windows\bthservsdp.dat 2014-06-15 14:01 - 2006-11-02 15:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-15 13:57 - 2012-05-06 23:21 - 00000000 ____D () C:\Program Files\The KMPlayer 2014-06-15 13:25 - 2012-05-20 20:53 - 00000000 ____D () C:\Users\MaGdusia\AppData\Roaming\BitTorrent 2014-06-15 13:24 - 2012-07-05 22:23 - 00000000 ____D () C:\Windows\Minidump 2014-06-15 13:18 - 2012-10-19 20:20 - 00000000 ____D () C:\Program Files\AviSynth 2.5 2014-06-15 13:02 - 2012-05-06 19:42 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2014-06-13 22:18 - 2008-09-07 08:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-13 21:59 - 2013-07-25 19:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-13 21:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-13 21:47 - 2012-05-06 19:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-13 21:47 - 2012-05-06 19:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-08 17:53 - 2014-06-04 15:34 - 00000000 ____D () C:\Users\MaGdusia\Desktop\Lunka 2014-06-04 15:41 - 2014-06-04 15:41 - 00000000 ____D () C:\Users\MaGdusia\Desktop\Dzień Dziecka 2014-06-04 15:34 - 2008-04-18 02:01 - 00714932 _____ () C:\Windows\system32\perfh015.dat 2014-06-04 15:34 - 2008-04-18 02:01 - 00151772 _____ () C:\Windows\system32\perfc015.dat 2014-06-04 15:34 - 2006-11-02 12:33 - 01616158 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-28 18:48 - 2014-06-12 15:46 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 18:39 - 2014-06-12 15:46 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 18:38 - 2014-06-12 15:46 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 18:33 - 2014-06-12 15:46 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 18:32 - 2014-06-12 15:46 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 18:32 - 2014-06-12 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 18:31 - 2014-06-12 15:46 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 18:31 - 2014-06-12 15:46 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 18:30 - 2014-06-12 15:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 18:30 - 2014-06-12 15:46 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 18:30 - 2014-06-12 15:46 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 18:30 - 2014-06-12 15:46 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 18:30 - 2014-06-12 15:46 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 18:30 - 2014-06-12 15:46 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 18:30 - 2014-06-12 15:46 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-12 15:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 18:29 - 2014-06-12 15:46 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 18:29 - 2014-06-12 15:46 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 18:29 - 2014-06-12 15:46 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 18:29 - 2014-06-12 15:46 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 18:28 - 2014-06-12 15:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-27 23:44 - 2014-05-27 21:56 - 00000000 ____D () C:\Users\MaGdusia\Desktop\Muzyka-siatkówka 2014-05-27 22:04 - 2014-05-27 21:55 - 00000000 ____D () C:\Users\MaGdusia\Downloads\eska VA - Zima 2014 (2013) 2014-05-27 21:50 - 2014-05-27 21:50 - 00017680 _____ () C:\Users\MaGdusia\Downloads\[www.tnt24.info] VA - VA Eska - Zima 2014 [2CD] (2014) [mp3@320kbps].torrent ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-15 14:08 ==================== End Of Log ============================