Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01 Ran by Mistrz (administrator) on MISTRZ-KOMPUTER on 21-08-2014 12:27:24 Running from D:\Users\Mistrz\Desktop\rr Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) D:\Windows\System32\nvvsvc.exe (Microsoft Corporation) D:\Windows\System32\audiodg.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) D:\Windows\System32\nvvsvc.exe (ABBYY) D:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () D:\Windows\SysWOW64\ASDR.exe (Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe () D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () D:\Windows\System32\PnkBstrA.exe (Realtek Semiconductor) D:\Windows\RAVCpl64.exe (GoPro) D:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (Protexis Inc.) D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () D:\NTKernel\nt32.exe (Microsoft Corporation) D:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe (Microsoft Corporation) D:\Windows\SysWOW64\wscript.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile-based device management] => D:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Skytel] => D:\Windows\Skytel.exe [1822720 2007-03-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [RtHDVCpl] => D:\Windows\RAVCpl64.exe [5055488 2007-03-23] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NT Kernel Service] => D:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" HKU\.DEFAULT\...\CurrentVersion\Windows: [Load] D:\NTKernel\nt32.exe <===== ATTENTION HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\CurrentVersion\Windows: [Load] D:\ProgramData\NTKernel\nt32.exe <===== ATTENTION HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\MountPoints2: {3b7ef518-d628-11df-986a-0050c269d1d8} - M:\LaunchU3.exe -a HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\MountPoints2: {cd5e9f0b-9c82-11df-b8cd-0050c269d1d8} - K:\autorun.exe HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\MountPoints2: {d2d6e396-89aa-11df-92e8-0050c269d1d8} - J:\setup.exe HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\MountPoints2: {f764c6dd-2224-11df-a0ed-001fc669d1d8} - J:\Setup.exe HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\MountPoints2: {f764c6e0-2224-11df-a0ed-001fc669d1d8} - K:\Autorun.exe HKU\S-1-5-21-1993115423-2242944702-1643896210-1001\...\Winlogon: [Shell] D:\ProgramData\load32.exe [494592 2014-02-05] () <==== ATTENTION AppInit_DLLs-x32: d:\progra~2\browsetosave\sprotector.dll => "d:\progra~2\browsetosave\sprotector.dll" File Not Found AppInit_DLLs-x32: d:\progra~2\websearch\sprotector.dll => "d:\progra~2\websearch\sprotector.dll" File Not Found IFEO\AvastSvc.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\AvastUI.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avcenter.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avconfig.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avgcsrvx.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avgidsagent.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avgnt.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avgrsx.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avguard.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avgui.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avgwdsvc.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avp.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\avscan.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\bdagent.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\ccuac.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\ComboFix.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\egui.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\ekrn.exe: [Debugger] D:\Windows\system32\config\systemprofile\Documents\315load32.exe IFEO\hijackthis.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\instup.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\keyscrambler.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\mbam.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\mbamgui.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\mbampt.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\mbamscheduler.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\mbamservice.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\MpCmdRun.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\MSASCui.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\MsMpEng.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\msseces.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\rstrui.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\spybotsd.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\wireshark.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe IFEO\zlclient.exe: [Debugger] D:\Users\Mistrz\Documents\315load32.exe InternetURL: D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> D:\NTKernel\nt32.exe Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ShortcutTarget: CineForm Status.lnk -> D:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) Startup: D:\Users\Mistrz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j.jar () InternetURL: D:\Users\Mistrz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> 0 InternetURL: D:\Users\Mistrz1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> D:\NTKernel\nt32.exe ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140821 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140821 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140821 StartMenuInternet: IEXPLORE.EXE - D:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/04/30&hid=3252815262&lg=EN&cc=PL SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=B9870050C269D1D8 SearchScopes: HKCU - {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F <===== ATTENTION SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/04/30&hid=3252815262&lg=EN&cc=PL BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File Toolbar: HKCU - No Name - {00000000-5736-4205-0008-781CD0E19F00} - No File Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Hosts: Hosts file not detected in the default directory Tcpip\..\Interfaces\{6F1B8153-AE97-4400-9EE3-D5D275EE63D5}: [NameServer]192.168.2.1 FireFox: ======== FF ProfilePath: D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default FF NetworkProxy: "backup.ftp", "127.0.0.1" FF NetworkProxy: "backup.ftp_port", 9666 FF NetworkProxy: "backup.gopher", "127.0.0.1" FF NetworkProxy: "backup.gopher_port", 9666 FF NetworkProxy: "backup.socks", "127.0.0.1" FF NetworkProxy: "backup.socks_port", 9666 FF NetworkProxy: "backup.ssl", "127.0.0.1" FF NetworkProxy: "backup.ssl_port", 9666 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 9666 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 9666 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 9666 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 9666 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 9666 FF NetworkProxy: "type", 0 FF SearchEngineOrder.1: WebSearch FF DefaultSearchEngine: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF Homepage: www.wp.pl/?src01=dp220140821 FF Plugin: @adobe.com/FlashPlayer -> D:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> D:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> D:\Windows\system32\Wat\npWatWeb.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> D:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> D:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> D:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> D:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> D:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.96.0 -> D:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> D:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> D:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> D:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> D:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> D:\Windows\system32\Wat\npWatWeb.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.5-next -> D:\Users\Mistrz\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF Plugin HKCU: @bittorrent.com/BitTorrentDNA -> D:\Users\Mistrz\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc -> D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF user.js: detected! => D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\user.js FF SearchPlugin: D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\searchplugins\delta.xml FF SearchPlugin: D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\searchplugins\WebSearch.xml FF Extension: Delta Toolbar - D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\Extensions\ffxtlbr@delta.com [2013-04-12] FF Extension: BrowSee2saivE - D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\Extensions\kks2@tandjva.org [2013-04-30] FF Extension: DVDVideoSoft Toolbar - D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010-04-13] FF HKLM-x32\...\Firefox\Extensions: [kks2@tandjva.org] - D:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\2w01ajuw.default\extensions\kks2@tandjva.org FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - D:\Users\Mistrz\Program Files (x86)\DNA FF Extension: DNA - D:\Users\Mistrz\Program Files (x86)\DNA [2010-05-24] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - D:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [] CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - D:\Users\Mistrz\AppData\Roaming\BabSolution\CR\delta1.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Corporate.10.0; D:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2010-07-22] (ABBYY) R2 ASDR; D:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () [File not signed] S3 BrYNSvc; D:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] S3 IDriverT; D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 NVIDIA Performance Driver Service; D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4901888 2009-05-14] () [File not signed] R2 PnkBstrA; D:\Windows\system32\PnkBstrA.exe [76152 2014-06-30] () R2 PnkBstrA; D:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-15] () S3 SwitchBoard; D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [0 2014-03-05] () [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] S3 WatAdminSvc; D:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2010-04-01] () [File not signed] S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; D:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] () R3 AtcL001; D:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.) S2 atksgt; D:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-11-09] () [File not signed] R1 EIO64; D:\Windows\System32\DRIVERS\EIO64.sys [16384 2011-07-15] (ASUSTeK Computer Inc.) S3 ESETOlmarikOlmascoCleaner; D:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [157384 2014-08-21] () S3 kinonivd; D:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows (R) Win 7 DDK provider) S3 KINONI_Wave; D:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows (R) Win 7 DDK provider) S2 lirsgt; D:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-11-09] () [File not signed] S3 MarvinBus; D:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] R3 MTsensor; D:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 pwdrvio; D:\Windows\system32\pwdrvio.sys [19032 2013-03-07] () S3 pwdspio; D:\Windows\system32\pwdspio.sys [9584 2013-03-07] () R2 SecDrv; D:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2004-12-09] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S4 sptd; D:\Windows\System32\Drivers\sptd.sys [834544 2010-02-25] (Duplex Secure Ltd.) R1 StarEther; D:\Windows\System32\DRIVERS\StarEther.sys [43624 2008-10-09] (Rocket Division Software) S1 StarPort; D:\Windows\System32\DRIVERS\StarPort.sys [192104 2008-12-11] (Rocket Division Software) S3 VBoxUSB; D:\Windows\System32\Drivers\VBoxUSB.sys [43664 2010-05-09] (Sun Microsystems, Inc.) S3 WinRing0_1_2_0; D:\Program Files (x86)\IObi\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; D:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-27] (StdLib) R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64; D:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys [61112 2014-06-13] (StdLib) R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; D:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-07] (StdLib) S3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X] S1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [X] S1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [X] S3 CrystalSysInfo; \??\D:\Program Files\MediaCoder iPod Edition x64\SysInfoX64.sys [X] S3 hamachi; system32\DRIVERS\hamachi.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S0 vmci; system32\DRIVERS\vmci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 12:25 - 2014-08-21 12:27 - 00000000 ____D () D:\FRST 2014-08-21 12:20 - 2014-08-21 12:27 - 00000000 ____D () D:\Users\Mistrz\Desktop\rr 2014-08-21 12:20 - 2014-08-21 12:20 - 00000020 _____ () D:\Users\Mistrz\defogger_reenable 2014-08-21 02:52 - 2014-08-21 02:52 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014-08-21 02:52 - 2014-08-21 02:52 - 00000000 ____D () D:\Program Files (x86)\jv16 PowerTools 2014-08-21 02:43 - 2014-08-21 02:43 - 00001574 _____ () D:\Windows\PFRO.log 2014-08-21 02:06 - 2014-08-21 02:06 - 00000000 ____D () D:\ProgramData\ESET 2014-08-21 01:55 - 2014-08-21 01:55 - 02226922 _____ () D:\Users\Mistrz\Downloads\jv16pt_setup(dobreprogramy.pl).exe 2014-08-21 01:54 - 2014-08-21 01:55 - 00803112 _____ ( ) D:\Users\Mistrz\Downloads\jv16-PowerTools-1.3.0.195(11458).exe 2014-08-21 01:34 - 2014-08-21 01:35 - 78508032 _____ () D:\Users\Mistrz\Downloads\ess_nt64_plk.msi 2014-08-21 01:19 - 2014-08-21 01:19 - 00000000 ____D () D:\Program Files (x86)\Nowy folder 2014-08-21 01:18 - 2014-08-21 01:18 - 00157384 _____ () D:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys 2014-08-21 01:18 - 2014-08-21 01:18 - 00000000 ____D () D:\Users\Mistrz\Downloads\Speclean 2014-08-21 01:15 - 2014-08-21 01:15 - 01595776 _____ (ESET) D:\Users\Mistrz\Downloads\eset_smart_security_live_installer_.exe 2014-08-15 20:43 - 2014-08-15 20:43 - 02247976 _____ () D:\Users\Mistrz\Downloads\battlelog-web-plugins_2.4.0_145.exe 2014-08-06 15:39 - 2014-08-06 15:39 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Publish Providers 2014-08-06 15:38 - 2014-08-06 15:38 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-08-06 15:37 - 2014-08-06 15:37 - 00000000 ____D () D:\ProgramData\Sony 2014-08-06 15:37 - 2014-08-06 15:37 - 00000000 ____D () D:\Program Files\Sony 2014-08-06 15:37 - 2014-08-06 15:37 - 00000000 ____D () D:\Program Files (x86)\Sony 2014-08-06 15:25 - 2014-08-06 15:38 - 00013728 _____ () D:\Windows\system32\--traceoff 2014-08-06 15:25 - 2014-08-06 15:37 - 00000000 ____D () D:\Users\Mistrz\AppData\Local\Sony 2014-08-06 15:25 - 2014-08-06 15:25 - 00000000 _____ () D:\Windows\system32\--debugoff 2014-08-06 15:24 - 2014-08-06 15:46 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Sony 2014-08-06 15:05 - 2014-08-06 15:05 - 00014299 _____ () D:\Users\Mistrz\Downloads\Sony Vegas Pro 13 0 Build 310 x64 [PL][Patch][Torrenty.org].torrent 2014-08-04 10:45 - 2014-08-21 12:21 - 00001344 _____ () D:\Windows\setupact.log 2014-08-04 10:45 - 2014-08-04 10:46 - 05237296 _____ () D:\Windows\system32\FNTCACHE.DAT 2014-08-04 10:45 - 2014-08-04 10:45 - 00000000 _____ () D:\Windows\setuperr.log 2014-08-03 20:12 - 2014-08-03 20:12 - 00204664 _____ () D:\Users\Mistrz\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-29 23:46 - 2014-08-13 11:35 - 00000000 ____D () D:\Program Files (x86)\Battle.net 2014-07-29 23:46 - 2014-07-29 23:46 - 00001172 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk 2014-07-29 23:46 - 2014-07-29 23:46 - 00001158 _____ () D:\Users\Public\Desktop\Battle.net.lnk 2014-07-29 23:46 - 2014-07-29 23:46 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-07-29 23:46 - 2014-07-29 23:46 - 00000000 ____D () D:\ProgramData\Blizzard Entertainment 2014-07-29 23:44 - 2014-07-29 23:44 - 00000000 ____D () D:\ProgramData\Battle.net 2014-07-26 15:35 - 2014-07-26 15:35 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Steam 2014-07-26 15:35 - 2014-07-26 15:35 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\DarkSoulsII 2014-07-25 20:25 - 2014-07-25 20:25 - 00256462 _____ () D:\Users\Mistrz\Downloads\Dark Souls II Crown of the Sunken King v1 04 2014 [Multi10-PL] [CODEX] [ISO][Torrenty.org].torrent 2014-07-25 10:43 - 2014-07-25 10:43 - 00000000 _____ () D:\Users\Mistrz\Sti_Trace.log 2014-07-22 13:26 - 2014-07-22 13:26 - 00008683 _____ () D:\Users\Mistrz\Downloads\The_Big_Bang_Theory_[1x00]_Unaired_Pilot_-_x264_-_MKV_by_Riddler.5626635.TPB.torrent ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-21 12:27 - 2014-08-21 12:25 - 00000000 ____D () D:\FRST 2014-08-21 12:27 - 2014-08-21 12:20 - 00000000 ____D () D:\Users\Mistrz\Desktop\rr 2014-08-21 12:25 - 2014-07-09 14:42 - 00204319 _____ () D:\Windows\WindowsUpdate.log 2014-08-21 12:22 - 2014-02-05 17:54 - 00000000 ___HD () D:\ProgramData\NTKernel 2014-08-21 12:21 - 2014-08-04 10:45 - 00001344 _____ () D:\Windows\setupact.log 2014-08-21 12:20 - 2014-08-21 12:20 - 00000020 _____ () D:\Users\Mistrz\defogger_reenable 2014-08-21 12:20 - 2009-09-09 00:33 - 00000000 ____D () D:\Users\Mistrz 2014-08-21 11:07 - 2014-03-23 15:01 - 00000000 ____D () D:\Users\Mistrz\AppData\Local\Battle.net 2014-08-21 02:52 - 2014-08-21 02:52 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014-08-21 02:52 - 2014-08-21 02:52 - 00000000 ____D () D:\Program Files (x86)\jv16 PowerTools 2014-08-21 02:43 - 2014-08-21 02:43 - 00001574 _____ () D:\Windows\PFRO.log 2014-08-21 02:06 - 2014-08-21 02:06 - 00000000 ____D () D:\ProgramData\ESET 2014-08-21 01:55 - 2014-08-21 01:55 - 02226922 _____ () D:\Users\Mistrz\Downloads\jv16pt_setup(dobreprogramy.pl).exe 2014-08-21 01:55 - 2014-08-21 01:54 - 00803112 _____ ( ) D:\Users\Mistrz\Downloads\jv16-PowerTools-1.3.0.195(11458).exe 2014-08-21 01:52 - 2014-02-05 18:25 - 00000000 ___HD () D:\NTKernel 2014-08-21 01:35 - 2014-08-21 01:34 - 78508032 _____ () D:\Users\Mistrz\Downloads\ess_nt64_plk.msi 2014-08-21 01:19 - 2014-08-21 01:19 - 00000000 ____D () D:\Program Files (x86)\Nowy folder 2014-08-21 01:18 - 2014-08-21 01:18 - 00157384 _____ () D:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys 2014-08-21 01:18 - 2014-08-21 01:18 - 00000000 ____D () D:\Users\Mistrz\Downloads\Speclean 2014-08-21 01:15 - 2014-08-21 01:15 - 01595776 _____ (ESET) D:\Users\Mistrz\Downloads\eset_smart_security_live_installer_.exe 2014-08-20 16:51 - 2014-06-27 13:30 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\.ACEStream 2014-08-19 10:53 - 2014-03-31 13:32 - 00002360 _____ () D:\Users\Mistrz\Desktop\Google Chrome.lnk 2014-08-17 20:21 - 2013-04-02 18:50 - 00215416 _____ () D:\Windows\SysWOW64\PnkBstrB.exe 2014-08-17 18:03 - 2013-04-02 18:50 - 00215416 _____ () D:\Windows\SysWOW64\PnkBstrB.ex0 2014-08-17 18:01 - 2013-03-15 17:41 - 00000000 ____D () D:\Program Files (x86)\Origin 2014-08-17 17:48 - 2009-07-14 19:55 - 00751368 _____ () D:\Windows\system32\perfh015.dat 2014-08-17 17:48 - 2009-07-14 19:55 - 00159282 _____ () D:\Windows\system32\perfc015.dat 2014-08-17 17:48 - 2009-07-14 07:13 - 01691672 _____ () D:\Windows\system32\PerfStringBackup.INI 2014-08-17 12:23 - 2010-12-17 20:17 - 00000000 ____D () D:\ProgramData\Origin 2014-08-15 20:43 - 2014-08-15 20:43 - 02247976 _____ () D:\Users\Mistrz\Downloads\battlelog-web-plugins_2.4.0_145.exe 2014-08-15 20:43 - 2011-09-29 19:28 - 00000000 ____D () D:\Program Files (x86)\Battlelog Web Plugins 2014-08-13 11:35 - 2014-07-29 23:46 - 00000000 ____D () D:\Program Files (x86)\Battle.net 2014-08-06 19:32 - 2014-05-09 00:20 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\uTorrent 2014-08-06 15:46 - 2014-08-06 15:24 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Sony 2014-08-06 15:39 - 2014-08-06 15:39 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Publish Providers 2014-08-06 15:38 - 2014-08-06 15:38 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-08-06 15:38 - 2014-08-06 15:25 - 00013728 _____ () D:\Windows\system32\--traceoff 2014-08-06 15:37 - 2014-08-06 15:37 - 00000000 ____D () D:\ProgramData\Sony 2014-08-06 15:37 - 2014-08-06 15:37 - 00000000 ____D () D:\Program Files\Sony 2014-08-06 15:37 - 2014-08-06 15:37 - 00000000 ____D () D:\Program Files (x86)\Sony 2014-08-06 15:37 - 2014-08-06 15:25 - 00000000 ____D () D:\Users\Mistrz\AppData\Local\Sony 2014-08-06 15:25 - 2014-08-06 15:25 - 00000000 _____ () D:\Windows\system32\--debugoff 2014-08-06 15:05 - 2014-08-06 15:05 - 00014299 _____ () D:\Users\Mistrz\Downloads\Sony Vegas Pro 13 0 Build 310 x64 [PL][Patch][Torrenty.org].torrent 2014-08-05 12:13 - 2013-08-28 18:49 - 00000000 ____D () D:\ProgramData\TEMP 2014-08-05 00:43 - 2009-07-14 06:45 - 00014224 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-05 00:43 - 2009-07-14 06:45 - 00014224 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-04 10:46 - 2014-08-04 10:45 - 05237296 _____ () D:\Windows\system32\FNTCACHE.DAT 2014-08-04 10:45 - 2014-08-04 10:45 - 00000000 _____ () D:\Windows\setuperr.log 2014-08-03 20:12 - 2014-08-03 20:12 - 00204664 _____ () D:\Users\Mistrz\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-03 20:07 - 2012-12-08 13:01 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Media Player Classic 2014-08-03 18:38 - 2014-05-28 12:44 - 00120320 ___SH () D:\Users\Mistrz\Desktop\Thumbs.db 2014-08-03 18:31 - 2010-02-25 17:35 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\DAEMON Tools Lite 2014-08-03 18:28 - 2009-07-14 07:32 - 00000000 ___RD () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-29 23:46 - 2014-07-29 23:46 - 00001172 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk 2014-07-29 23:46 - 2014-07-29 23:46 - 00001158 _____ () D:\Users\Public\Desktop\Battle.net.lnk 2014-07-29 23:46 - 2014-07-29 23:46 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-07-29 23:46 - 2014-07-29 23:46 - 00000000 ____D () D:\ProgramData\Blizzard Entertainment 2014-07-29 23:44 - 2014-07-29 23:44 - 00000000 ____D () D:\ProgramData\Battle.net 2014-07-29 17:23 - 2010-03-10 01:29 - 00297088 _____ () D:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-29 17:14 - 2011-09-29 13:33 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-07-28 12:29 - 2011-04-26 23:18 - 00000000 ____D () D:\Users\Mistrz\Documents\gothic3 2014-07-26 15:35 - 2014-07-26 15:35 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Steam 2014-07-26 15:35 - 2014-07-26 15:35 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\DarkSoulsII 2014-07-25 20:25 - 2014-07-25 20:25 - 00256462 _____ () D:\Users\Mistrz\Downloads\Dark Souls II Crown of the Sunken King v1 04 2014 [Multi10-PL] [CODEX] [ISO][Torrenty.org].torrent 2014-07-25 10:43 - 2014-07-25 10:43 - 00000000 _____ () D:\Users\Mistrz\Sti_Trace.log 2014-07-24 11:03 - 2011-09-29 13:33 - 00000000 ____D () D:\Users\Mistrz\AppData\Roaming\Origin 2014-07-22 13:26 - 2014-07-22 13:26 - 00008683 _____ () D:\Users\Mistrz\Downloads\The_Big_Bang_Theory_[1x00]_Unaired_Pilot_-_x264_-_MKV_by_Riddler.5626635.TPB.torrent Files to move or delete: ==================== D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url D:\ProgramData\load32.exe D:\ProgramData\lsass.exe D:\ProgramData\NTKernel D:\Users\Mistrz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url D:\Users\Mistrz1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url D:\Users\Public\minecraft_server.1.7.4.exe D:\NTKernel Some content of TEMP: ==================== D:\Users\Mistrz\AppData\Local\Temp\InstHelper.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) D:\Windows\System32\winlogon.exe => File is digitally signed D:\Windows\System32\wininit.exe => File is digitally signed D:\Windows\SysWOW64\wininit.exe => File is digitally signed D:\Windows\explorer.exe => File is digitally signed D:\Windows\SysWOW64\explorer.exe => File is digitally signed D:\Windows\System32\svchost.exe => File is digitally signed D:\Windows\SysWOW64\svchost.exe => File is digitally signed D:\Windows\System32\services.exe => File is digitally signed D:\Windows\System32\User32.dll => MD5 is legit D:\Windows\SysWOW64\User32.dll => MD5 is legit D:\Windows\System32\userinit.exe => File is digitally signed D:\Windows\SysWOW64\userinit.exe => File is digitally signed D:\Windows\System32\rpcss.dll => File is digitally signed D:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-30 17:21 ==================== End Of Log ============================