Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2013 04 Ran by SYSTEM on 27-04-2013 15:08:37 Running from D:\ Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4805936 2012-08-23] (Intel(R) Corporation) HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.) HKLM\...\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.) HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [6325936 2012-11-26] (ESET) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.) HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [2041192 2012-12-06] () Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKLM-x32\...\Run: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [1708048 2011-02-27] (Trend Micro Inc.) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [290688 2012-10-24] (Intel Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255360 2012-12-14] (LogMeIn Inc.) HKU\Mariusz\...\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" [868352 2007-05-30] () HKU\Mariusz\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd) HKU\UpdatusUser\...\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" [868352 2007-05-30] () HKU\UpdatusUser\...\RunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s [81920 2006-10-02] (Creative Technology Ltd) HKU\UpdatusUser\...\RunOnce: [InetReg] "C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6 [x] HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [481200 2007-01-04] (Creative Technology Ltd) HKU\UpdatusUser\...\RunOnce: [CTPostBootSequencer] "C:\Users\Mariusz\AppData\Local\Temp\CTPBSEQ.EXE" /reglaunch /self_destruct [65536 2007-03-12] (Creative Technology Ltd.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245432 2012-12-06] (NVIDIA Corporation) Lsa: [Authentication Packages] msv1_0 wvauth Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) ==================== Services (Whitelisted) ================= S2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) S2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.) S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET) S2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] () S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-19] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] () S2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1836616 2011-02-19] (Trend Micro Inc.) S2 NX I-DEAS Resource Locking Service; C:\Program Files (x86)\UGS\I-DEAS\Resource Locking\lmgrd.exe [1327104 2007-02-02] (Macrovision Corporation) S2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International) S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () S2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () S2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060896 2011-02-19] (Trend Micro Inc.) S3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [596032 2010-07-21] (Trend Micro Inc.) S3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917840 2010-07-21] (Trend Micro Inc.) S2 UGS License Server (ugslmd); C:\UGS\UGSLicensing\lmgrd.exe [1510152 2009-07-07] (Acresso Software Inc.) S2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) S2 IT iona_services.config_rep.mariuszaid cfr-NX_IDEAS_6; "C:\UGS\IONA\asp\6.3\bin\itconfig_rep.exe" -ORBproduct_dir "C:\UGS\IONA" -ORBlicense_file "C:\UGS\IONA\etc\Licenses.txt" -ORBconfig_dir "C:\UGS\IONA\etc" -ORBconfig_domains_dir "C:\UGS\IONA\etc\domains" -ORBdomain_name cfr-NX_IDEAS_6 -ORBname iona_services.config_rep.mariuszaid -plugin=config_rep it_jump_start [x] S2 IT iona_services.locator.mariuszaid NX_IDEAS_6; "C:\UGS\IONA\asp\6.3\bin\itlocator.exe" -ORBproduct_dir "C:\UGS\IONA" -ORBlicense_file "C:\UGS\IONA\etc\Licenses.txt" -ORBconfig_dir "C:\UGS\IONA\etc" -ORBconfig_domains_dir "C:\UGS\IONA\etc\domains" -ORBdomain_name NX_IDEAS_6 -ORBname iona_services.locator.mariuszaid -plugin=locator it_jump_start [x] S2 IT iona_services.naming.mariuszaid NX_IDEAS_6; "C:\UGS\IONA\asp\6.3\bin\itnaming.exe" -ORBproduct_dir "C:\UGS\IONA" -ORBlicense_file "C:\UGS\IONA\etc\Licenses.txt" -ORBconfig_dir "C:\UGS\IONA\etc" -ORBconfig_domains_dir "C:\UGS\IONA\etc\domains" -ORBdomain_name NX_IDEAS_6 -ORBname iona_services.naming.mariuszaid -plugin=naming it_jump_start [x] S2 IT iona_services.node_daemon.mariuszaid NX_IDEAS_6; "C:\UGS\IONA\asp\6.3\bin\itnode_daemon.exe" -ORBproduct_dir "C:\UGS\IONA" -ORBlicense_file "C:\UGS\IONA\etc\Licenses.txt" -ORBconfig_dir "C:\UGS\IONA\etc" -ORBconfig_domains_dir "C:\UGS\IONA\etc\domains" -ORBdomain_name NX_IDEAS_6 -ORBname iona_services.node_daemon.mariuszaid -plugin=node_daemon it_jump_start [x] ==================== Drivers (Whitelisted) ==================== S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-01-14] (Broadcom Corporation.) S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-23] (DT Soft Ltd) S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET) S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET) S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET) S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET) S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [29672 2013-02-23] (REALiX(tm)) S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11523072 2012-09-30] (Intel Corporation) S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-12-06] (NVIDIA Corporation) S3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics) S2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [310032 2011-03-25] (Trend Micro Inc.) S1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-09] (Trend Micro Inc.) S2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42768 2011-03-25] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-09] (Trend Micro Inc.) S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-09] (Trend Micro Inc.) S2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [1988368 2011-03-24] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-27 15:08 - 2013-04-27 15:08 - 00000000 ____D C:\FRST 2013-04-15 07:32 - 2013-04-15 07:32 - 06721411 ____A C:\pending.xml 2013-04-13 09:25 - 2013-04-15 07:29 - 00000000 ____D C:\Users\Mariusz\AppData\Local\LogMeIn Hamachi 2013-04-13 09:25 - 2013-04-13 09:25 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-04-13 09:21 - 2013-04-13 09:22 - 04295168 ____A C:\Users\Mariusz\Downloads\hamachi.msi 2013-04-10 20:47 - 2013-04-10 21:18 - 00008192 ____A C:\Windows\SysWOW64\ideas6836.aux 2013-04-10 20:47 - 2013-04-10 20:47 - 00000000 ____A C:\Windows\SysWOW64\ideas6836.und 2013-04-10 20:46 - 2013-04-10 21:18 - 00835584 ____A C:\Windows\SysWOW64\ideas6836.sf1 2013-04-10 20:46 - 2013-04-10 21:03 - 00032768 ____A C:\Windows\SysWOW64\ideas6836.sf2 2013-04-10 20:46 - 2013-04-10 20:47 - 00212992 ____A C:\Windows\SysWOW64\ideas6836.dsp 2013-04-10 20:46 - 2013-04-10 20:46 - 00046858 ____A C:\Windows\SysWOW64\ideas6836.psf 2013-04-10 20:46 - 2013-04-10 20:46 - 00024576 ____A C:\Windows\SysWOW64\ideas6836.app 2013-04-10 20:45 - 2013-04-10 20:45 - 03392352 ____A C:\Users\Mariusz\Downloads\BOW.zip 2013-04-10 20:40 - 2013-04-10 20:40 - 00000000 ____D C:\Users\Mariusz\Desktop\Nowy folder (2) 2013-04-10 20:13 - 2013-02-15 07:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 20:13 - 2013-02-15 07:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 20:13 - 2013-02-15 07:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 20:13 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-10 20:13 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-10 20:13 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-10 20:11 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 20:11 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 20:11 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-10 20:11 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-10 20:11 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-10 20:11 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 20:11 - 2013-03-02 07:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 20:11 - 2013-03-01 04:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 20:06 - 2013-02-22 07:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 20:06 - 2013-02-22 07:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 20:06 - 2013-02-22 07:27 - 02312704 ____A C:\Windows\System32\jscript9.dll 2013-04-10 20:06 - 2013-02-22 07:21 - 01346560 ____A C:\Windows\System32\urlmon.dll 2013-04-10 20:06 - 2013-02-22 07:20 - 01392128 ____A C:\Windows\System32\wininet.dll 2013-04-10 20:06 - 2013-02-22 07:19 - 01494528 ____A C:\Windows\System32\inetcpl.cpl 2013-04-10 20:06 - 2013-02-22 07:18 - 00237056 ____A C:\Windows\System32\url.dll 2013-04-10 20:06 - 2013-02-22 07:17 - 00085504 ____A C:\Windows\System32\jsproxy.dll 2013-04-10 20:06 - 2013-02-22 07:15 - 00816640 ____A C:\Windows\System32\jscript.dll 2013-04-10 20:06 - 2013-02-22 07:15 - 00599040 ____A C:\Windows\System32\vbscript.dll 2013-04-10 20:06 - 2013-02-22 07:15 - 00173056 ____A C:\Windows\System32\ieUnatt.exe 2013-04-10 20:06 - 2013-02-22 07:14 - 00729088 ____A C:\Windows\System32\msfeeds.dll 2013-04-10 20:06 - 2013-02-22 07:13 - 02147840 ____A C:\Windows\System32\iertutil.dll 2013-04-10 20:06 - 2013-02-22 07:13 - 00096768 ____A C:\Windows\System32\mshtmled.dll 2013-04-10 20:06 - 2013-02-22 07:12 - 02382848 ____A C:\Windows\System32\mshtml.tlb 2013-04-10 20:06 - 2013-02-22 07:09 - 00248320 ____A C:\Windows\System32\ieui.dll 2013-04-10 20:06 - 2013-02-22 05:05 - 12324352 ____A C:\Windows\SysWOW64\mshtml.dll 2013-04-10 20:06 - 2013-02-22 04:47 - 09738752 ____A C:\Windows\SysWOW64\ieframe.dll 2013-04-10 20:06 - 2013-02-22 04:46 - 01800704 ____A C:\Windows\SysWOW64\jscript9.dll 2013-04-10 20:06 - 2013-02-22 04:38 - 01129472 ____A C:\Windows\SysWOW64\wininet.dll 2013-04-10 20:06 - 2013-02-22 04:38 - 01104384 ____A C:\Windows\SysWOW64\urlmon.dll 2013-04-10 20:06 - 2013-02-22 04:37 - 01427968 ____A C:\Windows\SysWOW64\inetcpl.cpl 2013-04-10 20:06 - 2013-02-22 04:36 - 00231936 ____A C:\Windows\SysWOW64\url.dll 2013-04-10 20:06 - 2013-02-22 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 20:06 - 2013-02-22 04:34 - 00717824 ____A C:\Windows\SysWOW64\jscript.dll 2013-04-10 20:06 - 2013-02-22 04:34 - 00420864 ____A C:\Windows\SysWOW64\vbscript.dll 2013-04-10 20:06 - 2013-02-22 04:34 - 00142848 ____A C:\Windows\SysWOW64\ieUnatt.exe 2013-04-10 20:06 - 2013-02-22 04:33 - 00607744 ____A C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 20:06 - 2013-02-22 04:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 20:06 - 2013-02-22 04:31 - 02382848 ____A C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 20:06 - 2013-02-22 04:31 - 00073216 ____A C:\Windows\SysWOW64\mshtmled.dll 2013-04-10 20:06 - 2013-02-22 04:28 - 00176640 ____A C:\Windows\SysWOW64\ieui.dll 2013-04-10 19:59 - 2013-04-10 20:06 - 00655360 ____A C:\Windows\SysWOW64\ideas7188.sf1 2013-04-10 19:59 - 2013-04-10 20:06 - 00008192 ____A C:\Windows\SysWOW64\ideas7188.sf2 2013-04-10 19:59 - 2013-04-10 20:06 - 00008192 ____A C:\Windows\SysWOW64\ideas7188.aux 2013-04-10 19:59 - 2013-04-10 20:06 - 00000000 ____A C:\Windows\SysWOW64\ideas7188.und 2013-04-10 19:59 - 2013-04-10 19:59 - 00212992 ____A C:\Windows\SysWOW64\ideas7188.dsp 2013-04-10 19:59 - 2013-04-10 19:59 - 00046858 ____A C:\Windows\SysWOW64\ideas7188.psf 2013-04-10 19:59 - 2013-04-10 19:59 - 00024576 ____A C:\Windows\SysWOW64\ideas7188.app 2013-04-10 19:59 - 2013-04-10 19:59 - 00000047 ____A C:\Windows\SysWOW64\exec7188.bat 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\output7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\foutput7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\ferror7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\coutput7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\clog7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\cerror7188.out 2013-04-10 19:58 - 2013-04-10 19:59 - 00000141 ____A C:\Windows\SysWOW64\.STOP_PRC7188.CMD 2013-04-10 19:58 - 2013-04-10 19:58 - 00000651 ____A C:\Windows\SysWOW64\STOP_SDRC7188.CMD 2013-04-10 19:58 - 2013-04-10 19:58 - 00000000 ____A C:\Windows\SysWOW64\error7188.out 2013-04-09 17:45 - 2013-04-09 17:45 - 00000000 ____D C:\Users\Mariusz\AppData\Local\Unigraphics Solutions 2013-04-09 17:43 - 2013-04-09 17:43 - 00001466 ____A C:\Windows\SysWOW64\setacl.bat 2013-04-09 17:38 - 2013-04-09 17:38 - 00000000 ____D C:\Program Files\UGS 2013-04-09 01:10 - 2013-04-09 01:10 - 00000000 ____D C:\Users\Mariusz\AppData\Local\GHISLER 2013-04-08 16:39 - 2013-04-08 21:28 - 2226644023 ____A C:\Users\Mariusz\Downloads\nx-7.5.0-64bit.zip 2013-03-28 12:03 - 2013-03-28 12:04 - 02804823 ____A C:\Users\Mariusz\Desktop\uwagi.www.logo.20130326.pptx 2013-03-28 11:56 - 2013-02-12 05:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys ==================== One Month Modified Files and Folders ======= 2013-04-27 15:08 - 2013-04-27 15:08 - 00000000 ____D C:\FRST 2013-04-15 10:20 - 2013-01-13 19:12 - 01681093 ____A C:\Windows\WindowsUpdate.log 2013-04-15 10:17 - 2010-11-21 13:53 - 00749076 ____A C:\Windows\System32\perfh015.dat 2013-04-15 10:17 - 2010-11-21 13:53 - 00158220 ____A C:\Windows\System32\perfc015.dat 2013-04-15 10:17 - 2009-07-14 06:13 - 01692536 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-15 10:16 - 2009-07-14 05:51 - 00041660 ____A C:\Windows\setupact.log 2013-04-15 09:58 - 2013-03-05 16:25 - 00000000 ____D C:\COVERY 2013-04-15 09:56 - 2013-01-14 02:17 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-15 07:35 - 2009-07-14 05:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-15 07:35 - 2009-07-14 05:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-15 07:32 - 2013-04-15 07:32 - 06721411 ____A C:\pending.xml 2013-04-15 07:29 - 2013-04-13 09:25 - 00000000 ____D C:\Users\Mariusz\AppData\Local\LogMeIn Hamachi 2013-04-15 07:28 - 2013-01-14 02:52 - 00000031 ____A C:\tmuninst.ini 2013-04-15 07:27 - 2013-01-14 02:34 - 00000000 ____D C:ProgramData\NVIDIA 2013-04-15 07:27 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-13 09:25 - 2013-04-13 09:25 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-04-13 09:25 - 2013-03-19 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-13 09:22 - 2013-04-13 09:21 - 04295168 ____A C:\Users\Mariusz\Downloads\hamachi.msi 2013-04-13 09:16 - 2009-07-14 05:45 - 00339584 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 21:18 - 2013-04-10 20:47 - 00008192 ____A C:\Windows\SysWOW64\ideas6836.aux 2013-04-10 21:18 - 2013-04-10 20:46 - 00835584 ____A C:\Windows\SysWOW64\ideas6836.sf1 2013-04-10 21:03 - 2013-04-10 20:46 - 00032768 ____A C:\Windows\SysWOW64\ideas6836.sf2 2013-04-10 20:47 - 2013-04-10 20:47 - 00000000 ____A C:\Windows\SysWOW64\ideas6836.und 2013-04-10 20:47 - 2013-04-10 20:46 - 00212992 ____A C:\Windows\SysWOW64\ideas6836.dsp 2013-04-10 20:46 - 2013-04-10 20:46 - 00046858 ____A C:\Windows\SysWOW64\ideas6836.psf 2013-04-10 20:46 - 2013-04-10 20:46 - 00024576 ____A C:\Windows\SysWOW64\ideas6836.app 2013-04-10 20:46 - 2013-03-01 18:40 - 00000000 ____D C:\Siemens 2013-04-10 20:45 - 2013-04-10 20:45 - 03392352 ____A C:\Users\Mariusz\Downloads\BOW.zip 2013-04-10 20:40 - 2013-04-10 20:40 - 00000000 ____D C:\Users\Mariusz\Desktop\Nowy folder (2) 2013-04-10 20:06 - 2013-04-10 19:59 - 00655360 ____A C:\Windows\SysWOW64\ideas7188.sf1 2013-04-10 20:06 - 2013-04-10 19:59 - 00008192 ____A C:\Windows\SysWOW64\ideas7188.sf2 2013-04-10 20:06 - 2013-04-10 19:59 - 00008192 ____A C:\Windows\SysWOW64\ideas7188.aux 2013-04-10 20:06 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\ideas7188.und 2013-04-10 19:59 - 2013-04-10 19:59 - 00212992 ____A C:\Windows\SysWOW64\ideas7188.dsp 2013-04-10 19:59 - 2013-04-10 19:59 - 00046858 ____A C:\Windows\SysWOW64\ideas7188.psf 2013-04-10 19:59 - 2013-04-10 19:59 - 00024576 ____A C:\Windows\SysWOW64\ideas7188.app 2013-04-10 19:59 - 2013-04-10 19:59 - 00000047 ____A C:\Windows\SysWOW64\exec7188.bat 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\output7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\foutput7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\ferror7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\coutput7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\clog7188.out 2013-04-10 19:59 - 2013-04-10 19:59 - 00000000 ____A C:\Windows\SysWOW64\cerror7188.out 2013-04-10 19:59 - 2013-04-10 19:58 - 00000141 ____A C:\Windows\SysWOW64\.STOP_PRC7188.CMD 2013-04-10 19:58 - 2013-04-10 19:58 - 00000651 ____A C:\Windows\SysWOW64\STOP_SDRC7188.CMD 2013-04-10 19:58 - 2013-04-10 19:58 - 00000000 ____A C:\Windows\SysWOW64\error7188.out 2013-04-09 17:45 - 2013-04-09 17:45 - 00000000 ____D C:\Users\Mariusz\AppData\Local\Unigraphics Solutions 2013-04-09 17:43 - 2013-04-09 17:43 - 00001466 ____A C:\Windows\SysWOW64\setacl.bat 2013-04-09 17:38 - 2013-04-09 17:38 - 00000000 ____D C:\Program Files\UGS 2013-04-09 01:10 - 2013-04-09 01:10 - 00000000 ____D C:\Users\Mariusz\AppData\Local\GHISLER 2013-04-08 21:28 - 2013-04-08 16:39 - 2226644023 ____A C:\Users\Mariusz\Downloads\nx-7.5.0-64bit.zip 2013-04-08 17:48 - 2013-02-01 19:57 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\GHISLER 2013-03-28 12:04 - 2013-03-28 12:03 - 02804823 ____A C:\Users\Mariusz\Desktop\uwagi.www.logo.20130326.pptx 2013-03-28 11:49 - 2010-11-21 04:47 - 00028666 ____A C:\Windows\PFRO.log ==================== Known DLLs (Whitelisted) ================ [2013-04-10 20:06] - [2013-02-22 07:13] - 2147840 ____A () C:\Windows\System32\IERTUTIL.dll [2013-04-10 20:06] - [2013-02-22 07:21] - 1346560 ____A () C:\Windows\System32\URLMON.dll [2013-04-10 20:06] - [2013-02-22 04:38] - 1104384 ____A () C:\Windows\SysWOW64\URLMON.dll [2013-04-10 20:06] - [2013-02-22 07:20] - 1392128 ____A () C:\Windows\System32\WININET.dll [2013-04-10 20:06] - [2013-02-22 04:38] - 1129472 ____A () C:\Windows\SysWOW64\WININET.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8065.85 MB Available physical RAM: 7239.94 MB Total Pagefile: 8064.05 MB Available Pagefile: 7233.24 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:89.85 GB) (Free:29 GB) NTFS (Disk=0 Partition=3) Drive d: (Nowy) (Fixed) (Total:147.46 GB) (Free:147.37 GB) NTFS (Disk=0 Partition=4) Drive e: (Nowy) (Fixed) (Total:60 GB) (Free:59.91 GB) NTFS Drive g: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF Drive h: (KINGSTON) (Removable) (Total:1.86 GB) (Free:0.65 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 298 GB 2048 KB Dysk 1 Online 1908 MB 0 B Partitions of Disk 0: =============== Identyfikator dysku: E5456A35 Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 OEM 39 MB 31 KB Partycja 2 Podstawowy 752 MB 40 MB Partycja 3 Podstawowy 89 GB 792 MB Partycja 0 Rozszerzony 207 GB 90 GB Partycja 4 Logiczny 147 GB 90 GB Partycja 5 Logiczny 60 GB 238 GB ================================================================================== Disk: 0 Partycja 1 Typ : DE Ukryta : Tak Aktywna : Nie Przesuni©cie w bajtach: 32256 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 6 FAT Partycja 39 MB Zdrowy Ukryty ========================================================= Disk: 0 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 41943040 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 Y RECOVERY NTFS Partycja 752 MB Zdrowy ========================================================= Disk: 0 Partycja 3 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 830472192 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 C OS NTFS Partycja 89 GB Zdrowy ========================================================= Disk: 0 Partycja 4 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 97306804224 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 3 D Nowy NTFS Partycja 147 GB Zdrowy ========================================================= Disk: 0 Partycja 5 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 255642828800 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 4 E Nowy NTFS Partycja 60 GB Zdrowy ========================================================= Partitions of Disk 1: =============== Identyfikator dysku: 00000000 Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 1907 MB 64 KB ================================================================================== Disk: 1 Partycja 1 Typ : 06 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 66048 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 5 H KINGSTON FAT Wymienny 1907 MB Zdrowy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 298 GB) (Disk ID: E5456A35) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=752 MB) - (Type=07) (NTFS) Partition 3: (Not Active) - (Size=90 GB) - (Type=07) (NTFS) Partition 4: (Not Active) - (Size=207 GB) - (Type=OF) (Extended) ==================================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) Last Boot: 2013-04-08 19:35 ==================== End Of Log ============================