Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Marek (administrator) on MAREK-PC on 07-02-2014 21:09:24
Running from C:\Users\Marek\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTE.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKU\S-1-5-21-529494264-2027220663-80010077-1001\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTE.EXE [241280 2013-03-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-529494264-2027220663-80010077-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-529494264-2027220663-80010077-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP30047E86-1BF0-49F1-A05F-8F44DCCB89C6&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP30047E86-1BF0-49F1-A05F-8F44DCCB89C6&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\No1 Video Converter\msdxm.ocx (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-05-15] ()

==================== Drivers (Whitelisted) ====================

S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm))
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [13704 2010-08-25] ()
S3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U2 V2iMount; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 21:09 - 2014-02-07 21:09 - 00007535 _____ () C:\Users\Marek\Desktop\FRST.txt
2014-02-07 21:09 - 2014-02-07 21:09 - 00000000 ____D () C:\FRST
2014-02-07 21:08 - 2014-02-07 21:08 - 02079744 _____ (Farbar) C:\Users\Marek\Desktop\FRST64.exe
2014-02-07 20:18 - 2014-02-07 20:28 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Freemore Video Joiner
2014-02-07 20:16 - 2014-02-07 20:20 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-02-07 19:45 - 2014-02-07 19:45 - 128894764 ____N () C:\Users\Marek\Desktop\MVI_0170.MOV
2014-02-07 19:45 - 2014-02-07 19:45 - 08319796 ____N () C:\Users\Marek\Desktop\MVI_0171.MOV
2014-02-06 02:12 - 2014-02-06 02:12 - 00077902 _____ () C:\Users\Marek\Desktop\Roster Week 6.xlsx
2014-02-04 19:05 - 2014-02-05 02:00 - 01519196 _____ () C:\Users\Marek\Desktop\Presentation1OutlookAlicja.pptx
2014-02-04 18:38 - 2014-02-04 18:53 - 00093975 _____ () C:\Users\Marek\Desktop\Presentation1Outlook.pptx
2014-02-01 21:31 - 2014-02-02 15:27 - 00199186 _____ () C:\Users\Marek\Desktop\OkladkaPsycho.pptx
2014-01-31 20:54 - 2014-02-05 23:27 - 00000000 ____D () C:\Users\Marek\Desktop\Nowy Projekt
2014-01-30 22:04 - 2014-02-01 16:04 - 06372613 _____ () C:\Users\Marek\Desktop\PersonalityTypesPresentation.pptx
2014-01-30 14:45 - 2014-01-30 14:45 - 00078422 _____ () C:\Users\Marek\Desktop\RosterWeek 5.xlsx
2014-01-28 14:23 - 2014-01-28 14:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 14:23 - 2014-01-28 14:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 14:21 - 2014-01-28 14:21 - 00840584 _____ (Adobe Systems Incorporated) C:\Users\Marek\Desktop\uninstall_flash_player.exe
2014-01-27 11:58 - 2014-01-30 21:59 - 00000000 ____D () C:\Users\Marek\Desktop\Personality Development presentationNASZARobotaWYDRUK
2014-01-26 02:57 - 2014-01-26 02:57 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx
2014-01-25 20:33 - 2014-02-07 20:27 - 00000000 ____D () C:\Users\Marek\Desktop\AssessmentLO5
2014-01-22 20:00 - 2014-01-26 23:03 - 00000000 ____D () C:\Users\Marek\Desktop\02_12_2013
2014-01-21 13:01 - 2014-01-21 13:01 - 00078027 _____ () C:\Users\Marek\Desktop\Roster Week 4.xlsx
2014-01-19 12:47 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-19 12:47 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-19 12:47 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-19 12:47 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-19 12:47 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-19 12:47 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-19 12:47 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-19 12:47 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-07 21:09 - 2014-02-07 21:09 - 00007535 _____ () C:\Users\Marek\Desktop\FRST.txt
2014-02-07 21:09 - 2014-02-07 21:09 - 00000000 ____D () C:\FRST
2014-02-07 21:09 - 2012-02-24 22:15 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 21:09 - 2012-02-24 22:15 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 21:08 - 2014-02-07 21:08 - 02079744 _____ (Farbar) C:\Users\Marek\Desktop\FRST64.exe
2014-02-07 21:06 - 2009-07-14 04:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 21:06 - 2009-07-14 04:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 21:03 - 2010-10-24 14:20 - 00742550 _____ () C:\Windows\system32\perfh015.dat
2014-02-07 21:03 - 2010-10-24 14:20 - 00157024 _____ () C:\Windows\system32\perfc015.dat
2014-02-07 21:03 - 2009-07-14 05:13 - 01677238 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 21:02 - 2012-11-27 12:27 - 01355894 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 21:02 - 2012-11-23 15:07 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-02-07 20:59 - 2013-03-09 19:33 - 00050349 _____ () C:\Windows\setupact.log
2014-02-07 20:59 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 20:44 - 2013-04-09 19:06 - 00228780 _____ () C:\Windows\PFRO.log
2014-02-07 20:28 - 2014-02-07 20:18 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Freemore Video Joiner
2014-02-07 20:28 - 2012-03-11 20:39 - 00000000 ____D () C:\Windows\pss
2014-02-07 20:28 - 2010-10-24 13:48 - 00000000 ___RD () C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 20:27 - 2014-01-25 20:33 - 00000000 ____D () C:\Users\Marek\Desktop\AssessmentLO5
2014-02-07 20:27 - 2012-10-27 22:14 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\AIMP3
2014-02-07 20:20 - 2014-02-07 20:16 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-02-07 20:11 - 2013-10-17 19:27 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\avidemux
2014-02-07 19:46 - 2013-09-13 21:48 - 00000000 ___RD () C:\Users\Marek\Dropbox
2014-02-07 19:45 - 2014-02-07 19:45 - 128894764 ____N () C:\Users\Marek\Desktop\MVI_0170.MOV
2014-02-07 19:45 - 2014-02-07 19:45 - 08319796 ____N () C:\Users\Marek\Desktop\MVI_0171.MOV
2014-02-07 19:45 - 2013-09-13 21:48 - 00001017 _____ () C:\Users\Marek\Desktop\Dropbox.lnk
2014-02-07 19:45 - 2013-09-13 21:45 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-07 19:45 - 2013-09-13 19:26 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Dropbox
2014-02-06 02:12 - 2014-02-06 02:12 - 00077902 _____ () C:\Users\Marek\Desktop\Roster Week 6.xlsx
2014-02-05 23:27 - 2014-01-31 20:54 - 00000000 ____D () C:\Users\Marek\Desktop\Nowy Projekt
2014-02-05 02:00 - 2014-02-04 19:05 - 01519196 _____ () C:\Users\Marek\Desktop\Presentation1OutlookAlicja.pptx
2014-02-04 18:53 - 2014-02-04 18:38 - 00093975 _____ () C:\Users\Marek\Desktop\Presentation1Outlook.pptx
2014-02-04 00:22 - 2013-10-24 10:26 - 00000000 ____D () C:\Users\Marek\Desktop\Excel2013
2014-02-02 15:27 - 2014-02-01 21:31 - 00199186 _____ () C:\Users\Marek\Desktop\OkladkaPsycho.pptx
2014-02-01 16:04 - 2014-01-30 22:04 - 06372613 _____ () C:\Users\Marek\Desktop\PersonalityTypesPresentation.pptx
2014-01-30 21:59 - 2014-01-27 11:58 - 00000000 ____D () C:\Users\Marek\Desktop\Personality Development presentationNASZARobotaWYDRUK
2014-01-30 14:45 - 2014-01-30 14:45 - 00078422 _____ () C:\Users\Marek\Desktop\RosterWeek 5.xlsx
2014-01-28 14:23 - 2014-01-28 14:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 14:23 - 2014-01-28 14:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 14:23 - 2010-10-26 23:58 - 00000000 ____D () C:\Users\Marek\AppData\Local\Adobe
2014-01-28 14:21 - 2014-01-28 14:21 - 00840584 _____ (Adobe Systems Incorporated) C:\Users\Marek\Desktop\uninstall_flash_player.exe
2014-01-26 23:03 - 2014-01-22 20:00 - 00000000 ____D () C:\Users\Marek\Desktop\02_12_2013
2014-01-26 02:57 - 2014-01-26 02:57 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx
2014-01-22 20:07 - 2012-07-15 23:24 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\vlc
2014-01-22 20:07 - 2012-07-15 23:23 - 00001062 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-21 13:01 - 2014-01-21 13:01 - 00078027 _____ () C:\Users\Marek\Desktop\Roster Week 4.xlsx
2014-01-19 13:03 - 2013-01-10 15:40 - 00000000 ____D () C:\Users\Marek\Desktop\Okladki
2014-01-19 12:52 - 2012-11-27 12:45 - 05112808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-19 12:49 - 2013-07-18 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-19 12:47 - 2010-10-24 13:58 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 07:33 - 2010-10-24 14:04 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 20:13

==================== End Of Log ============================