Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01 Ran by Serge_2 (administrator) on MAGDA on 16-12-2014 13:01:23 Running from C:\Users\Serge_2\Downloads Loaded Profile: Serge_2 (Available profiles: Serge_2) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe () C:\Acer\Mobility Center\MobilityService.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-929553786-925988434-3115227362-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141212 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141212 HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com SearchScopes: HKU\S-1-5-21-929553786-925988434-3115227362-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-929553786-925988434-3115227362-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-26] Chrome: ======= CHR Profile: C:\Users\Serge_2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Ask Search) - C:\Users\Serge_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2014-12-12] CHR Extension: (YouTube) - C:\Users\Serge_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28] CHR Extension: (Szukaj w Google) - C:\Users\Serge_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28] CHR Extension: (Google Wallet) - C:\Users\Serge_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Users\Serge_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28] CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - No Path CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - No Path ==================== Services (All) ======================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [24576 2006-11-02] (Microsoft Corporation) R2 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [9216 2006-10-05] (Agere Systems) S3 ALG; C:\Windows\System32\alg.exe [59392 2008-01-19] (Microsoft Corporation) R3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2014-06-02] (Microsoft Corporation) S4 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [46688 2013-09-11] (Microsoft Corporation) R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [316928 2014-10-03] (Microsoft Corporation) R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [316928 2014-10-03] (Microsoft Corporation) R2 BFE; C:\Windows\System32\bfe.dll [334848 2009-04-11] (Microsoft Corporation) S3 BITS; C:\Windows\system32\qmgr.dll [758784 2009-04-11] (Microsoft Corporation) S2 Browser; C:\Windows\System32\browser.dll [81920 2008-01-19] (Microsoft Corporation) S3 CertPropSvc; C:\Windows\System32\certprop.dll [40448 2009-04-11] (Microsoft Corporation) S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-05-08] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation) S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2006-11-02] (Microsoft Corporation) R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2013-07-08] (Microsoft Corporation) R2 DcomLaunch; C:\Windows\system32\rpcss.dll [550400 2009-04-11] (Microsoft Corporation) S3 DFSR; C:\Windows\system32\DFSR.exe [2092544 2009-04-11] (Microsoft Corporation) R2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [204288 2009-04-11] (Microsoft Corporation) R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [86528 2011-03-02] (Microsoft Corporation) S3 dot3svc; C:\Windows\System32\dot3svc.dll [175616 2009-04-11] (Microsoft Corporation) R2 DPS; C:\Windows\system32\dps.dll [134656 2008-01-19] (Microsoft Corporation) R3 EapHost; C:\Windows\System32\eapsvc.dll [57344 2008-01-19] (Microsoft Corporation) R2 EMDMgmt; C:\Windows\system32\emdmgmt.dll [564224 2009-04-11] (Microsoft Corporation) S4 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-05-10] () [File not signed] R2 Eventlog; C:\Windows\System32\wevtsvc.dll [1017856 2009-04-11] (Microsoft Corporation) R2 EventSystem; C:\Windows\system32\es.dll [268800 2009-04-11] (Microsoft Corporation) S3 fdPHost; C:\Windows\system32\fdPHost.dll [13312 2008-01-19] (Microsoft Corporation) R2 FDResPub; C:\Windows\system32\fdrespub.dll [27648 2006-11-02] (Microsoft Corporation) S2 FontCache; C:\Windows\system32\FntCache.dll [798208 2013-08-27] (Microsoft Corporation) S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904 2009-02-18] (Microsoft Corporation) R2 gpsvc; C:\Windows\System32\gpsvc.dll [576512 2009-04-11] (Microsoft Corporation) R2 hidserv; C:\Windows\System32\hidserv.dll [26112 2009-04-11] (Microsoft Corporation) S3 hkmsvc; C:\Windows\system32\kmsvc.dll [68096 2008-01-19] (Microsoft Corporation) S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [879256 2014-06-26] (Microsoft Corporation) R2 IKEEXT; C:\Windows\System32\ikeext.dll [444928 2013-10-11] (Microsoft Corporation) S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [74240 2008-01-19] (Microsoft Corporation) R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [200704 2010-02-18] (Microsoft Corporation) R3 KeyIso; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) S2 KtmRm; C:\Windows\system32\msdtckrm.dll [344576 2008-01-19] (Microsoft Corporation) R2 LanmanServer; C:\Windows\System32\srvsvc.dll [125952 2010-09-06] (Microsoft Corporation) R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [160256 2009-06-10] (Microsoft Corporation) S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [188928 2008-01-19] (Microsoft Corporation) R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18944 2006-11-02] (Microsoft Corporation) R2 MMCSS; C:\Windows\system32\mmcss.dll [45056 2008-01-19] (Microsoft Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] R2 MpsSvc; C:\Windows\system32\mpssvc.dll [407552 2009-04-11] (Microsoft Corporation) S3 MSDTC; C:\Windows\System32\msdtc.exe [105984 2008-01-19] (Microsoft Corporation) S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [111616 2008-01-19] (Microsoft Corporation) S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-04-11] (Microsoft Corporation) S3 napagent; C:\Windows\system32\qagentRT.dll [302592 2009-04-11] (Microsoft Corporation) S3 Netlogon; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) R3 Netman; C:\Windows\System32\netman.dll [274432 2008-01-19] (Microsoft Corporation) S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) R2 netprofm; C:\Windows\System32\netprofm.dll [237056 2008-01-19] (Microsoft Corporation) S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\nlasvc.dll [168448 2008-01-19] (Microsoft Corporation) R2 nsi; C:\Windows\system32\nsisvc.dll [18432 2008-01-19] (Microsoft Corporation) S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S3 p2pimsvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) S3 p2psvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) R2 PcaSvc; C:\Windows\System32\pcasvc.dll [37888 2008-01-19] (Microsoft Corporation) S3 pla; C:\Windows\system32\pla.dll [1502208 2008-01-19] (Microsoft Corporation) R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [222720 2009-04-11] (Microsoft Corporation) S3 PNRPAutoReg; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) S3 PNRPsvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) R2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [364032 2009-04-11] (Microsoft Corporation) R2 ProfSvc; C:\Windows\system32\profsvc.dll [153088 2009-04-11] (Microsoft Corporation) S3 ProtectedStorage; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) S3 QWAVE; C:\Windows\system32\qwave.dll [243712 2008-01-19] (Microsoft Corporation) S2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [167936 2008-01-19] (Microsoft Corporation) S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2008-01-19] (Microsoft Corporation) R3 RasMan; C:\Windows\System32\rasmans.dll [262144 2009-04-11] (Microsoft Corporation) S4 RemoteAccess; C:\Windows\System32\mprdim.dll [68608 2008-01-19] (Microsoft Corporation) S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [107008 2009-04-11] (Microsoft Corporation) S3 RpcLocator; C:\Windows\system32\locator.exe [7680 2006-11-02] (Microsoft Corporation) R2 RpcSs; C:\Windows\system32\rpcss.dll [550400 2009-04-11] (Microsoft Corporation) R2 SamSs; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [95232 2009-04-11] (Microsoft Corporation) R2 Schedule; C:\Windows\system32\schedsvc.dll [601600 2010-11-04] (Microsoft Corporation) S3 SCPolicySvc; C:\Windows\System32\certprop.dll [40448 2009-04-11] (Microsoft Corporation) S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [104960 2008-01-19] (Microsoft Corporation) R2 seclogon; C:\Windows\system32\seclogon.dll [19968 2008-01-19] (Microsoft Corporation) R2 SENS; C:\Windows\system32\sens.dll [47104 2008-01-19] (Microsoft Corporation) S3 SessionEnv; C:\Windows\system32\sessenv.dll [84992 2008-01-19] (Microsoft Corporation) S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [288256 2008-01-19] (Microsoft Corporation) R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) R2 slsvc; C:\Windows\system32\SLsvc.exe [3408896 2009-04-11] (Microsoft Corporation) S3 SLUINotify; C:\Windows\system32\SLUINotify.dll [60928 2009-04-11] (Microsoft Corporation) S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation) R2 Spooler; C:\Windows\System32\spoolsv.exe [128000 2010-08-17] (Microsoft Corporation) R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [155648 2008-01-19] (Microsoft Corporation) R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [116736 2008-01-19] (Microsoft Corporation) R2 stisvc; C:\Windows\System32\wiaservc.dll [453120 2009-04-11] (Microsoft Corporation) S3 swprv; C:\Windows\System32\swprv.dll [311808 2009-04-11] (Microsoft Corporation) R2 SysMain; C:\Windows\system32\sysmain.dll [558080 2009-04-11] (Microsoft Corporation) R2 TabletInputService; C:\Windows\System32\TabSvc.dll [68096 2006-11-02] (Microsoft Corporation) R3 TapiSrv; C:\Windows\System32\tapisrv.dll [242688 2009-04-11] (Microsoft Corporation) S2 TBS; C:\Windows\System32\tbssvc.dll [56320 2008-01-19] (Microsoft Corporation) R2 TermService; C:\Windows\System32\termsrv.dll [449536 2014-10-10] (Microsoft Corporation) R2 Themes; C:\Windows\system32\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) S3 THREADORDER; C:\Windows\system32\mmcss.dll [45056 2008-01-19] (Microsoft Corporation) R2 TrkWks; C:\Windows\System32\trkwks.dll [75264 2008-01-19] (Microsoft Corporation) S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [39424 2009-04-11] (Microsoft Corporation) S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2008-01-19] (Microsoft Corporation) R2 upnphost; C:\Windows\System32\upnphost.dll [259072 2008-01-19] (Microsoft Corporation) R2 UxSms; C:\Windows\System32\uxsms.dll [29184 2009-04-11] (Microsoft Corporation) S3 vds; C:\Windows\System32\vds.exe [385536 2009-04-11] (Microsoft Corporation) S3 VSS; C:\Windows\system32\vssvc.exe [1055232 2009-04-11] (Microsoft Corporation) R2 W32Time; C:\Windows\system32\w32time.dll [282624 2009-04-11] (Microsoft Corporation) S2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [365568 2008-01-19] (Microsoft Corporation) S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [413696 2009-04-11] (Microsoft Corporation) S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32256 2006-11-02] (Microsoft Corporation) S3 WdiServiceHost; C:\Windows\system32\wdi.dll [73728 2008-01-19] (Microsoft Corporation) R3 WdiSystemHost; C:\Windows\system32\wdi.dll [73728 2008-01-19] (Microsoft Corporation) R2 WebClient; C:\Windows\System32\webclnt.dll [199680 2009-04-11] (Microsoft Corporation) S3 Wecsvc; C:\Windows\system32\wecsvc.dll [146944 2009-10-09] (Microsoft Corporation) S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [62976 2008-01-19] (Microsoft Corporation) R2 WerSvc; C:\Windows\System32\WerSvc.dll [126976 2009-04-11] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [377344 2011-11-16] (Microsoft Corporation) R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [162304 2009-04-11] (Microsoft Corporation) S3 WinRM; C:\Windows\system32\WsmSvc.dll [1181696 2009-10-09] (Microsoft Corporation) R2 Wlansvc; C:\Windows\System32\wlansvc.dll [513536 2009-07-11] (Microsoft Corporation) S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [137728 2009-04-11] (Microsoft Corporation) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) [File not signed] S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [896512 2008-01-19] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [140288 2009-04-11] (Microsoft Corporation) R2 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [81920 2009-10-01] (Microsoft Corporation) S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [770168 2013-09-11] (Microsoft Corporation) S2 wscsvc; C:\Windows\system32\wscsvc.dll [61440 2009-04-11] (Microsoft Corporation) R2 WSearch; C:\Windows\system32\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation) S2 wuauserv; C:\Windows\system32\wuaueng.dll [1933848 2012-06-02] (Microsoft Corporation) R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation) R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2007-01-30] (Conexant Systems, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-08-16] (NewTech Infosystems, Inc.) [File not signed] R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] () U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\Serge_2\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 13:01 - 2014-12-16 13:01 - 00020250 _____ () C:\Users\Serge_2\Downloads\FRST.txt 2014-12-16 12:59 - 2014-12-16 12:59 - 00149416 _____ () C:\Windows\Minidump\Mini121614-04.dmp 2014-12-16 12:55 - 2014-12-16 12:55 - 00008187 _____ () C:\ComboFix.txt 2014-12-16 12:29 - 2014-12-16 12:55 - 00000000 ____D () C:\ComboFix 2014-12-16 12:22 - 2014-12-16 12:22 - 00149416 _____ () C:\Windows\Minidump\Mini121614-03.dmp 2014-12-16 11:48 - 2014-12-16 12:59 - 00314454 _____ () C:\Windows\PFRO.log 2014-12-16 11:48 - 2014-12-16 11:48 - 00149416 _____ () C:\Windows\Minidump\Mini121614-02.dmp 2014-12-16 11:45 - 2014-12-16 11:45 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-16 11:45 - 2014-12-16 11:45 - 00000000 _____ () C:\Windows\setupact.log 2014-12-16 11:33 - 2014-12-16 11:34 - 00149416 _____ () C:\Windows\Minidump\Mini121614-01.dmp 2014-12-15 20:11 - 2014-12-15 20:11 - 00000000 ____D () C:\Users\Serge_2\Downloads\FRST-OlderVersion 2014-12-15 19:59 - 2014-12-16 12:59 - 196219103 _____ () C:\Windows\MEMORY.DMP 2014-12-15 19:59 - 2014-12-15 19:59 - 00149416 _____ () C:\Windows\Minidump\Mini121514-01.dmp 2014-12-15 13:00 - 2014-12-15 13:00 - 00000000 ____D () C:\Users\Serge_2\Downloads\do wstawienia 2014-12-15 12:57 - 2014-12-15 12:57 - 01593785 _____ () C:\Users\Serge_2\Downloads\download.zip 2014-12-13 23:36 - 2014-12-13 23:36 - 00000000 ____D () C:\Users\Serge_2\AppData\Roaming\WinRAR 2014-12-13 23:36 - 2014-12-13 23:36 - 00000000 ____D () C:\Users\Serge_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-13 23:36 - 2014-12-13 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-13 23:36 - 2014-12-13 23:36 - 00000000 ____D () C:\Program Files\WinRAR 2014-12-13 23:35 - 2014-12-13 23:35 - 01766368 _____ () C:\Users\Serge_2\Downloads\wrar520.exe 2014-12-13 23:33 - 2014-12-13 23:33 - 00754240 _____ ( ) C:\Users\Serge_2\Downloads\WinRAR(12398)-dp.exe 2014-12-12 21:17 - 2014-12-12 21:17 - 00000000 ____D () C:\ProgramData\APN 2014-12-12 21:16 - 2014-12-12 21:16 - 00000000 ____D () C:\Windows\Sun 2014-12-12 21:14 - 2014-12-12 21:14 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-12-12 21:14 - 2014-12-12 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-12 10:21 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-12 10:21 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-12 10:07 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-12-11 15:11 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-11 15:11 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 15:11 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 15:11 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 15:11 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 15:11 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 15:11 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 15:11 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-12-11 15:11 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 15:11 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-11 15:11 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 15:11 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 15:11 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-11 15:11 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 15:11 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-12-11 15:11 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 15:11 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 15:11 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 15:11 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 15:11 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 15:11 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-12-11 15:11 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-28 21:48 - 2014-12-09 23:11 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-11-28 21:48 - 2014-11-28 21:48 - 01055952 _____ (Adobe) C:\Users\Serge_2\Downloads\install_reader10_pl_mssa_aaa_aih.exe 2014-11-28 21:35 - 2014-11-28 21:53 - 00000000 ____D () C:\Users\Serge_2\AppData\Roaming\Solvusoft 2014-11-28 21:35 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe 2014-11-28 21:34 - 2014-11-28 21:34 - 00000000 ____D () C:\Spacekace 2014-11-28 19:02 - 2014-12-06 22:21 - 00000000 ____D () C:\Users\Serge_2\Downloads\hwinfo 2014-11-28 07:03 - 2014-11-28 08:17 - 00000000 ____D () C:\Users\Serge_2\AppData\Roaming\Dropbox 2014-11-28 06:39 - 2014-11-28 06:39 - 00000000 ____D () C:\ProgramData\F-Secure 2014-11-26 22:52 - 2014-11-26 22:52 - 00638888 _____ (Oracle Corporation) C:\Users\Serge_2\Downloads\chromeinstall-8u25 (1).exe 2014-11-25 10:49 - 2014-12-16 13:00 - 00000000 ____D () C:\Users\Serge_2\Downloads\reperacja kompa 2014-11-25 10:01 - 2014-11-25 10:02 - 00004633 _____ () C:\-20141125.log 2014-11-25 09:58 - 2014-11-25 09:58 - 00000090 _____ () C:\SDMA.log 2014-11-24 22:47 - 2014-12-16 13:01 - 00000000 ____D () C:\FRST 2014-11-24 22:29 - 2014-12-15 20:11 - 01111040 _____ (Farbar) C:\Users\Serge_2\Downloads\FRST.exe 2014-11-23 20:08 - 2014-11-23 20:08 - 00000079 _____ () C:\Windows\wininit.ini 2014-11-20 03:01 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 12:59 - 2009-05-06 00:40 - 00016384 _____ () C:\Windows\system32\Ikeext.etl 2014-12-16 12:59 - 2009-04-19 17:33 - 00000000 ____D () C:\Windows\Minidump 2014-12-16 12:59 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-16 12:59 - 2006-11-02 13:45 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-16 12:59 - 2006-11-02 13:45 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-16 12:55 - 2014-01-16 17:03 - 00000000 ____D () C:\Qoobox 2014-12-16 12:49 - 2006-11-02 11:23 - 00000242 _____ () C:\Windows\system.ini 2014-12-16 12:31 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2014-12-16 12:26 - 2014-08-11 05:02 - 01100122 _____ () C:\Windows\WindowsUpdate.log 2014-12-16 12:06 - 2014-08-11 05:01 - 00032498 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-16 12:00 - 2011-11-22 15:24 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-12-16 11:58 - 2011-12-10 18:26 - 00001356 _____ () C:\Users\Serge_2\AppData\Local\d3d9caps.dat 2014-12-12 21:13 - 2009-06-09 19:25 - 00000000 ____D () C:\Program Files\Java 2014-12-12 11:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-12-12 10:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-12-12 10:23 - 2007-08-16 20:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-12 10:18 - 2013-08-15 22:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 10:12 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-12-06 00:11 - 2012-01-02 20:16 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-11-28 21:57 - 2007-08-16 20:19 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-28 21:54 - 2011-11-22 15:17 - 00000000 ____D () C:\Users\Serge_2\AppData\Roaming\Adobe 2014-11-28 21:52 - 2014-08-09 18:32 - 00000000 ____D () C:\Windows\system32\config\RCCBakup 2014-11-28 21:49 - 2012-09-29 03:18 - 00000000 ____D () C:\Users\Serge_2\AppData\Local\Adobe 2014-11-28 21:48 - 2007-08-16 20:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-11-28 21:47 - 2007-08-16 20:19 - 00000000 ____D () C:\Program Files\Adobe 2014-11-26 10:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-25 21:31 - 2011-11-22 14:28 - 00000000 ____D () C:\Users\Serge_2 2014-11-25 10:04 - 2007-08-16 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Empowering Technology 2014-11-25 10:04 - 2007-08-16 19:10 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-11-25 10:02 - 2007-08-16 20:03 - 00000000 ____D () C:\Windows\system32\i386 2014-11-25 10:00 - 2007-08-16 20:14 - 00000000 ____D () C:\ProgramData\CyberLink 2014-11-25 09:58 - 2007-08-16 20:13 - 00000000 ____D () C:\Program Files\Acer 2014-11-24 14:04 - 2009-10-03 19:46 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-23 22:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-11-23 20:12 - 2011-11-22 14:30 - 00070672 _____ () C:\Users\Serge_2\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-23 20:11 - 2006-11-02 13:44 - 00306376 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 12:29 ==================== End Of Log ============================