Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015 Ran by BASIA (administrator) on BASIAB on 10-07-2015 14:27:00 Running from C:\Users\BASIA\Downloads Loaded Profiles: BASIA (Available Profiles: BASIA) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe () C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-08] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102528 2012-09-25] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-26] (RealNetworks, Inc.) HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [472384 2011-07-04] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe [446720 2013-02-25] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-05] (Google Inc.) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] () HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [GG] => C:\Users\BASIA\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-06] (GG Network S.A.) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3582c417-4626-11e2-803c-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3582c42b-4626-11e2-803c-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c799a-6207-11e2-a4c5-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c79a7-6207-11e2-a4c5-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c79bc-6207-11e2-a4c5-4c8093665d4a} - G:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361eb4-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ec1-26a9-11e3-9368-4c8093665d4a} - I:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ed3-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ede-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361eef-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ef9-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361f04-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {6881d2aa-5c7c-11e4-8f23-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a41044-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a41050-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a4105e-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {ad88fe5c-4861-11e2-b2ed-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {b7025fae-47a8-11e2-a9d7-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {def49c6e-261b-11e3-a501-4c8093665d4a} - F:\AutoRun.exe Startup: C:\Users\BASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk [2014-08-31] ShortcutTarget: TorpedoCopy.lnk -> C:\Users\BASIA\AppData\Local\Torpedo\Torpedo.exe (No File) Startup: C:\Users\BASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2013-01-12] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-12-06] ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-12-06] ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-12-06] ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-12-06] ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1576861816-666788470-2069471701-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) Toolbar: HKU\S-1-5-21-1576861816-666788470-2069471701-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{72BD5B63-A6C5-4DC6-961C-89B78EC13397}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{92587C96-8EB4-429E-95F5-A2455059B16B}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{BED8604D-A9AA-4932-B7EE-03D120FC5685}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{E7A55052-1D8E-4CD5-9834-9C089575D9E8}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-26] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-26] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012-12-05] FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-26] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (RealDownloader) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-20] CHR Extension: (Google Wallet) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Locked "5940e4d7b3a1b797" service could not be unlocked. <===== ATTENTION R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-09-22] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] () R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-08] (FUJITSU LIMITED) [File not signed] S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-01-19] () R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-18] (FUJITSU LIMITED) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 5940e4d7b3a1b797; C:\Windows\System32\Drivers\5940e4d7b3a1b797.sys [98248 2015-06-23] () <===== ATTENTION Necurs Rootkit? S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-07] (Symantec Corporation) R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed] R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed] S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-02-03] () [File not signed] S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2014-12-19] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed] S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] () [File not signed] S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed] R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8507392 2011-01-04] () [File not signed] S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [185216 2011-01-15] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed] S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2015-02-03] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed] S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed] S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed] S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-17] () R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed] R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [245792 2010-05-07] () [File not signed] R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [412776 2010-12-28] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed] S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed] R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [766632 2014-10-08] () [File not signed] R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2014-10-08] () [File not signed] R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [29352 2014-10-08] () [File not signed] R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2014-10-08] () [File not signed] S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed] S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed] R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [299568 2009-11-19] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-11] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-21] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-17] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed] S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed] S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed] S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed] S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed] S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-12] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [70528 2011-01-15] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-02-25] () [File not signed] S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed] S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\system32\drivers\WinUsb.sys [41984 2010-11-21] () [File not signed] S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed] U5 5940e4d7b3a1b797; <===== ATTENTION Locked Service ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 14:27 - 2015-07-10 14:28 - 00037158 _____ C:\Users\BASIA\Downloads\FRST.txt 2015-07-10 14:26 - 2015-07-10 14:27 - 00000000 ____D C:\FRST 2015-07-10 14:26 - 2015-07-10 14:26 - 02112512 _____ (Farbar) C:\Users\BASIA\Downloads\FRST64.exe 2015-07-08 12:32 - 2015-07-08 12:32 - 00000000 ____D C:\Users\BASIA\Downloads\backups 2015-07-08 12:29 - 2015-07-08 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\BASIA\Downloads\HijackThis.exe 2015-07-08 11:30 - 2015-07-08 11:30 - 00380416 _____ C:\Users\BASIA\Downloads\2o5nox0m.exe 2015-07-08 11:02 - 2015-07-08 11:07 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\Solvusoft 2015-07-08 11:02 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe 2015-07-08 11:01 - 2015-07-08 11:01 - 03894696 _____ (solvusoft Corporation ) C:\Users\BASIA\Downloads\Setup_WinThruster_2015.exe 2015-07-08 10:28 - 2015-07-08 10:32 - 115397264 ____N (Symantec Corporation) C:\Users\BASIA\Downloads\NS-TW-22.0.0-PL.exe 2015-07-06 21:02 - 2015-07-06 21:02 - 00000000 ____D C:\ProgramData\Symantec 2015-07-06 20:03 - 2015-07-06 20:03 - 00779704 _____ (Symantec) C:\Users\BASIA\Downloads\Setup.exe 2015-07-06 19:54 - 2015-07-10 14:01 - 00000672 _____ C:\Windows\setupact.log 2015-07-06 19:54 - 2015-07-06 19:54 - 00000000 _____ C:\Windows\setuperr.log 2015-07-06 19:53 - 2015-07-08 13:34 - 01753710 _____ C:\Windows\PFRO.log 2015-07-06 18:05 - 2015-07-06 18:05 - 05481344 _____ (Avast Software s.r.o.) C:\Users\BASIA\Downloads\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-07-06 16:57 - 2015-07-06 17:26 - 00000000 ____D C:\Users\BASIA\Doctor Web 2015-07-06 16:54 - 2015-07-06 16:56 - 166187544 _____ C:\Users\BASIA\Downloads\c7ahka6x.exe 2015-07-06 16:37 - 2015-07-06 21:32 - 00000000 ____D C:\AdwCleaner 2015-07-06 16:36 - 2015-07-06 16:36 - 02244096 _____ C:\Users\BASIA\Downloads\AdwCleaner.pl 4.207.exe 2015-07-06 16:35 - 2015-07-06 16:35 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-07-06 16:35 - 2015-07-06 16:35 - 00000788 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-07-06 16:35 - 2015-07-06 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-07-06 16:35 - 2015-07-06 16:35 - 00000000 ____D C:\Program Files\CCleaner 2015-07-06 16:34 - 2015-07-06 16:34 - 06549184 _____ (Piriform Ltd) C:\Users\BASIA\Downloads\ccsetup506.exe 2015-07-06 16:34 - 2015-07-06 16:34 - 06549184 _____ (Piriform Ltd) C:\Users\BASIA\Downloads\ccsetup506 (1).exe 2015-07-06 09:15 - 2015-07-06 21:30 - 00003610 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003492 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003486 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003192 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_BASIA 2015-06-26 12:23 - 2015-06-27 22:20 - 00000000 ____D C:\Users\BASIA\Desktop\chrzest_na_spływie 2015-06-23 22:06 - 2015-06-23 22:06 - 00098248 _____ C:\Windows\system32\Drivers\5940e4d7b3a1b797.sys 2015-06-23 17:46 - 2015-06-23 17:46 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\BASIA\Downloads\flashplayer18axau_ga_install.exe 2015-06-23 17:38 - 2015-06-23 17:38 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2015-06-23 12:26 - 2015-06-23 19:03 - 00000000 ____D C:\Users\BASIA\Desktop\RRN 2015-06-23 11:27 - 2015-07-06 21:30 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-06-23 11:27 - 2015-07-06 21:30 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-06-21 21:48 - 2015-06-21 21:48 - 00147351 _____ C:\Users\BASIA\Desktop\i-stopien-konspekty-zip_517_121.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 14:10 - 2013-01-20 16:44 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-10 14:10 - 2012-12-05 19:31 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-10 14:10 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-10 14:10 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-10 14:03 - 2014-01-24 10:08 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\GG 2015-07-10 14:02 - 2012-12-05 20:54 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-10 14:01 - 2012-12-05 19:31 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-10 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-08 15:15 - 2012-12-05 19:31 - 00000000 ___RD C:\Users\BASIA 2015-07-08 12:33 - 2013-02-03 22:41 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-08 11:10 - 2011-05-12 09:21 - 00000000 ____D C:\ProgramData\Norton 2015-07-08 10:54 - 2014-01-24 10:08 - 00000000 ____D C:\Users\BASIA\AppData\Local\GG 2015-07-08 10:48 - 2011-04-12 19:08 - 00741124 _____ C:\Windows\system32\perfh015.dat 2015-07-08 10:48 - 2011-04-12 19:08 - 00156408 _____ C:\Windows\system32\perfc015.dat 2015-07-08 10:48 - 2009-07-14 07:13 - 01672134 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-06 21:31 - 2012-12-26 15:31 - 00003080 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask9819155S-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:31 - 2012-12-16 09:33 - 00003534 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask 2015-07-06 21:30 - 2015-06-06 22:08 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:30 - 2015-06-06 22:08 - 00003226 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:30 - 2012-12-26 16:05 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 19:34 - 2013-10-10 00:55 - 00000000 ____D C:\Windows\Minidump 2015-07-06 19:34 - 2012-12-05 19:54 - 00000000 ____D C:\Users\BASIA\AppData\Local\CrashDumps 2015-07-06 19:34 - 2011-04-12 02:18 - 00000000 ____D C:\Windows\Panther 2015-07-05 22:35 - 2012-12-05 19:32 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu 2015-07-05 21:58 - 2015-02-09 20:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-26 22:29 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-24 00:03 - 2012-12-05 20:54 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-24 00:02 - 2012-12-05 20:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-24 00:02 - 2012-12-05 20:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-23 22:51 - 2012-12-07 19:48 - 00002321 _____ C:\Users\BASIA\Desktop\Internet.lnk 2015-06-14 23:32 - 2012-12-07 19:33 - 00005632 _____ C:\Users\BASIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-10 21:07 - 2014-11-13 10:39 - 00000000 __SHD C:\Users\BASIA\AppData\Local\EmieBrowserModeList 2015-06-10 21:07 - 2014-04-22 22:08 - 00000000 __SHD C:\Users\BASIA\AppData\Local\EmieUserList 2015-06-10 21:07 - 2014-04-22 22:08 - 00000000 __SHD C:\Users\BASIA\AppData\Local\EmieSiteList 2015-06-10 06:39 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-10 06:37 - 2009-07-14 06:45 - 00408144 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-10 06:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions ==================== Files in the root of some directories ======= 2012-12-07 21:13 - 2014-06-02 20:23 - 0000453 _____ () C:\Users\BASIA\AppData\Roaming\burnaware.ini 2012-12-07 19:33 - 2015-06-14 23:32 - 0005632 _____ () C:\Users\BASIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-12-05 19:33 - 2012-12-05 19:34 - 0018940 _____ () C:\Users\BASIA\AppData\Local\IWDAudHelper.20121205.183359.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0000661 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183351.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0001579 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183353.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0001227 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183354.txt 2012-12-05 19:42 - 2012-12-05 19:42 - 0001526 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.184202.txt 2013-12-08 16:15 - 2013-12-08 16:15 - 0001526 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20131208.151502.txt Some files in TEMP: ==================== C:\Users\BASIA\AppData\Local\Temp\ggdrive-menu.exe C:\Users\BASIA\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\BASIA\AppData\Local\Temp\installstats.exe C:\Users\BASIA\AppData\Local\Temp\Quarantine.exe C:\Users\BASIA\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2011-05-12 08:51] - [2011-02-25 08:25] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-09-16 07:02 ==================== End of log ============================