Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by Spider (administrator) on SPIDER-KOMPUTER on 21-07-2015 21:58:19 Running from C:\Users\Spider\Desktop Loaded Profiles: Spider (Available Profiles: Spider) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (BitTorrent Inc.) C:\Users\Spider\AppData\Roaming\uTorrent\uTorrent.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Acronis) C:\Program Files (x86)\Acronis True Image 2014\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\SBAudigy2\SB Audigy Control Panel\CTHKCtrl.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd.) C:\Windows\System32\AMBSpiE.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Users\Spider\Desktop\gmer\gmer.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2014-10-04] (FNet Co., Ltd.) HKLM-x32\...\Run: [Bonus.SSR.FR10] => C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2010-01-18] (ABBYY.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink) HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [371256 2012-03-14] (CyberLink Corp.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis True Image 2014\TrueImageHome\TrueImageMonitor.exe [7805824 2013-11-22] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKLM-x32\...\Run: [Creative Hot Key Control] => C:\Program Files (x86)\Creative\SBAudigy2\SB Audigy Control Panel\CTHKCtrl.exe [650752 2013-07-19] (Creative Technology Ltd) HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.) HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKU\S-1-5-21-1400040647-3413486666-1744970339-1000\...\Run: [uTorrent] => C:\Users\Spider\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.) Startup: C:\Users\Spider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2015-01-06] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis True Image 2014\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis True Image 2014\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis True Image 2014\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1400040647-3413486666-1744970339-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1400040647-3413486666-1744970339-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1400040647-3413486666-1744970339-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-11] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-11] (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{169E8C7C-2429-44C3-A53A-C8B9FF9EDA59}: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: C:\Users\Spider\AppData\Roaming\Mozilla\Firefox\Profiles\ysh52seh.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll [2014-10-04] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-11] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2009-10-09] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2008-12-18] (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2009-10-09] (RealNetworks, Inc.) FF Extension: DOM Inspector - C:\Program Files (x86)\Mozilla Firefox\extensions\inspector@mozilla.org [2014-10-04] Chrome: ======= CHR Profile: C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-04] CHR Extension: (Google Docs) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-04] CHR Extension: (Google Drive) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-04] CHR Extension: (YouTube) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-04] CHR Extension: (Google Search) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-04] CHR Extension: (Google Sheets) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-04] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06] CHR Extension: (Google Wallet) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-04] CHR Extension: (Gmail) - C:\Users\Spider\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-04] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://www.istartsurf.com/?type=sc&ts=1412530661&from=smt&uid=SAMSUNGXHD203WI_S1UYJDWZ717316 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY) S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-06] () R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-03-14] (CyberLink Corp.) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-10-03] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed] R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-03-14] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-03-14] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed] R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [File not signed] S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-11-22] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2015-03-15] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2014-10-04] (FNet Co., Ltd.) S3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV64.sys [770816 2010-09-08] (Line 6) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.) R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-10-05] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-10-05] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-10-05] (Acronis International GmbH) R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-02-16] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 COMMONFX.DLL; system32\COMMONFX.DLL [X] S3 CT20XUT.DLL; system32\CT20XUT.DLL [X] S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X] S3 CTEAPSFX.DLL; system32\CTEAPSFX.DLL [X] S3 CTEDSPFX.DLL; system32\CTEDSPFX.DLL [X] S3 CTEDSPIO.DLL; system32\CTEDSPIO.DLL [X] S3 CTEDSPSY.DLL; system32\CTEDSPSY.DLL [X] S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X] S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X] S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X] S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 kwrdipog; \??\C:\Users\Spider\AppData\Local\Temp\kwrdipog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 21:58 - 2015-07-21 21:58 - 00023336 _____ C:\Users\Spider\Desktop\FRST.txt 2015-07-21 21:56 - 2015-07-21 21:58 - 00000000 ____D C:\FRST 2015-07-21 21:51 - 2015-07-21 21:51 - 00370943 _____ C:\Users\Spider\Desktop\gmer.zip 2015-07-21 21:51 - 2015-07-21 21:51 - 00000000 ____D C:\Users\Spider\Desktop\gmer 2015-07-21 17:45 - 2015-07-21 17:45 - 02135552 _____ (Farbar) C:\Users\Spider\Desktop\FRST64.exe 2015-07-20 21:24 - 2015-07-20 21:24 - 28271816 _____ C:\Users\Spider\Desktop\2015 - Babia Góra.rar 2015-07-18 21:17 - 2015-07-18 21:17 - 00000000 ____D C:\Users\Spider\AppData\Roaming\Media Player Classic 2015-07-18 21:15 - 2015-07-18 21:15 - 00001352 _____ C:\Users\Public\Desktop\Media Player Classic.lnk 2015-07-18 21:15 - 2015-07-18 21:15 - 00001300 _____ C:\Users\Public\Desktop\ACE Mega CoDecS Pack DashBoard.lnk 2015-07-18 21:15 - 2015-07-18 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACE Mega CoDecS Pack 2015-07-18 21:15 - 2015-07-18 21:15 - 00000000 ____D C:\Program Files (x86)\ACE Mega CoDecS Pack 2015-07-18 21:15 - 2004-05-25 16:06 - 00417792 _____ () C:\Windows\SysWOW64\ac3filter.cpl 2015-07-18 21:15 - 2001-10-31 10:14 - 01650688 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplva6.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 01581056 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplvw7.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 01552384 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplvm6.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 01122304 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplvpx.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 00077824 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplaw7.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 00077824 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplaa6.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 00065536 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplapx.dll 2015-07-18 21:15 - 2001-10-31 10:14 - 00065536 _____ (Ligos Corporation) C:\Windows\SysWOW64\mplam6.dll 2015-07-18 21:15 - 2001-09-17 12:20 - 00019968 _____ C:\Windows\SysWOW64\cpuinf32.dll 2015-07-18 21:13 - 2015-07-18 21:14 - 51622242 _____ (ACE DESIGN Software ) C:\Users\Spider\Desktop\ACEMCP603PRO.exe 2015-07-18 20:58 - 2015-07-18 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack 2015-07-18 20:58 - 2015-07-18 20:58 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack 2015-07-18 15:23 - 2015-07-18 15:34 - 00021504 _____ C:\Users\Spider\Desktop\koszt paliwa.xls 2015-07-16 23:02 - 2015-07-16 23:01 - 02248704 _____ C:\Users\Spider\Downloads\AdwCleaner 4.208.exe 2015-07-16 23:01 - 2015-07-16 23:01 - 00820648 _____ (Web Soft ) C:\Users\Spider\Desktop\AdwCleaner 4.exe 2015-07-16 20:22 - 2015-07-16 20:22 - 00000000 ____D C:\Users\Spider\Desktop\JS-SS-2015 2015-07-16 20:21 - 2015-07-16 20:21 - 91674358 _____ C:\Users\Spider\Desktop\JS-SS-2015.rar 2015-07-13 10:07 - 2015-07-16 13:55 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-12 17:46 - 2015-07-12 17:46 - 08400896 _____ C:\Users\Spider\Desktop\Akordy - 2014.xls 2015-07-12 17:46 - 2015-07-12 17:46 - 03520512 _____ C:\Users\Spider\Desktop\Akordy - I kw 2015.xls 2015-07-12 17:45 - 2015-07-13 01:23 - 21226496 _____ C:\Users\Spider\Desktop\wmidami_2013-2015 !!!.xls 2015-07-11 13:04 - 2015-07-11 13:04 - 36499753 _____ ( ) C:\Users\Spider\Desktop\K-Lite_Codec_Pack_1120-Full.exe 2015-07-09 22:00 - 2015-07-13 20:47 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-09 22:00 - 2015-07-13 20:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-09 20:31 - 2015-07-09 20:31 - 00602112 _____ (OldTimer Tools) C:\Users\Spider\Desktop\OTL.exe 2015-07-09 20:24 - 2015-07-09 20:24 - 00021985 _____ C:\ComboFix.txt 2015-07-09 20:03 - 2015-07-09 20:05 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2015-07-07 19:26 - 2015-07-07 19:26 - 03520512 _____ C:\Users\Spider\Downloads\Akordy - I kw 2015 (3).xls 2015-07-07 19:18 - 2015-07-07 23:31 - 00000000 ____D C:\Users\Spider\Desktop\AKORDY 13-15 2015-06-24 19:44 - 2015-06-28 22:20 - 00779827 _____ C:\Users\Spider\Desktop\!!!.bak 2015-06-24 19:16 - 2015-06-24 19:17 - 61018414 _____ C:\Users\Spider\Desktop\Dream Theater - Octavarium - Drum Track Only.mp4 2015-06-21 21:46 - 2015-06-21 21:58 - 00000298 _____ C:\Users\Spider\Desktop\DT albumy.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 21:56 - 2014-10-04 15:02 - 00000000 ____D C:\Users\Spider\AppData\Roaming\uTorrent 2015-07-21 21:56 - 2014-10-03 21:38 - 01891446 _____ C:\Windows\WindowsUpdate.log 2015-07-21 21:53 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-21 21:53 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-21 21:51 - 2011-02-04 19:55 - 00739694 _____ C:\Windows\system32\perfh015.dat 2015-07-21 21:51 - 2011-02-04 19:55 - 00155268 _____ C:\Windows\system32\perfc015.dat 2015-07-21 21:51 - 2009-07-14 07:13 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-21 21:46 - 2014-10-04 14:02 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-21 21:46 - 2014-10-03 22:08 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-21 21:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-21 21:46 - 2009-07-14 06:51 - 00079364 _____ C:\Windows\setupact.log 2015-07-21 21:45 - 2014-10-04 14:02 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-21 21:44 - 2010-11-21 05:47 - 00045684 _____ C:\Windows\PFRO.log 2015-07-21 17:20 - 2014-10-04 11:34 - 00000000 ____D C:\Users\Spider\AppData\Roaming\GG 2015-07-20 23:01 - 2014-10-04 13:01 - 00000000 ____D C:\Users\Spider\AppData\Local\Last.fm 2015-07-16 23:05 - 2014-10-06 18:57 - 00000000 ____D C:\AdwCleaner 2015-07-16 17:40 - 2014-10-04 14:02 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 17:40 - 2014-10-04 14:02 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-16 13:56 - 2014-10-04 14:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-07-15 22:24 - 2014-10-03 22:09 - 00000000 ____D C:\Users\Spider\AppData\Local\NVIDIA 2015-07-15 22:24 - 2014-10-03 22:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-07-14 17:38 - 2014-10-04 14:02 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-09 20:24 - 2014-10-05 14:20 - 00000000 ____D C:\Qoobox 2015-07-09 20:23 - 2009-07-14 04:34 - 00000241 _____ C:\Windows\system.ini 2015-07-09 20:22 - 2014-10-05 14:20 - 00000000 ____D C:\Windows\erdnt 2015-07-09 20:22 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\SOFTWARE.bak 2015-07-09 20:22 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\SYSTEM.bak 2015-07-09 20:22 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak 2015-07-09 20:22 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2015-07-09 20:22 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2015-07-08 21:25 - 2015-04-02 00:03 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm 2015-07-08 21:25 - 2015-04-02 00:03 - 00001080 _____ C:\Windows\system32\settings.sfm 2015-07-08 20:52 - 2014-10-03 23:22 - 00000000 ____D C:\Users\Spider\Documents\REAPER Media 2015-07-08 20:09 - 2015-05-07 19:38 - 00779978 _____ C:\Users\Spider\Desktop\!!!.cpr 2015-07-07 12:55 - 2015-05-09 22:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-07-07 12:55 - 2015-05-09 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-07-06 22:04 - 2015-05-09 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-06-24 19:44 - 2015-05-07 19:53 - 00780866 _____ C:\Users\Spider\Desktop\!!!-02.bak ==================== Files in the root of some directories ======= 2015-03-08 19:27 - 2015-03-08 19:27 - 0003266 _____ () C:\Users\Spider\AppData\Local\unins000.dat 2015-03-08 19:27 - 2015-03-08 19:27 - 0011761 _____ () C:\Users\Spider\AppData\Local\unins000.msg Some files in TEMP: ==================== C:\Users\Spider\AppData\Local\Temp\Quarantine.exe C:\Users\Spider\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 19:15 ==================== End of log ============================