Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 02 Ran by Igor (administrator) on 16-07-2013 11:33:28 Running from D:\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (LogMeIn Inc.) D:\Gry\Hamachi\hamachi-2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (LogMeIn Inc.) D:\Gry\Hamachi\hamachi-2-ui.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (ASUS) C:\Windows\AsScrPro.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Nullsoft, Inc.) D:\Programy\Winamp\winampa.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-05-17] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] () HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] HKCU\...\Run: [Google Update] - "C:\Users\Igor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-21] (Google Inc.) HKCU\...\Run: [ALLUpdate] - "D:\Programy\ALLPlayer\ALLUpdate.exe" "sleep" [x] MountPoints2: {c408f2b0-5c85-11e1-baa3-806e6f6e6963} - E:\InstAll.exe HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] () HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WinampAgent] - D:\Programy\Winamp\winampa.exe [x] HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SMessaging] - C:\Users\Igor\AppData\Local\Strongvault Online Backup\SMessaging.exe [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "D:\Gry\Hamachi\hamachi-2-ui.exe" --auto-start [x] AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-08-30] (NVIDIA Corporation) AppInit_DLLs-x32: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll c:\windows\syswow64\nvinit.dll [202600 2012-08-30] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=117452&tt=4712_5&babsrc=SP_ss&mntrId=0a9341e7000000000000162f68f710cd SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=117452&tt=4712_5&babsrc=SP_ss&mntrId=0a9341e7000000000000162f68f710cd BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 FireFox: ======== FF ProfilePath: C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\m33eo44q.default FF user.js: detected! => C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\m33eo44q.default\user.js FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://www.claro-search.com/?affID=117452&tt=4712_5&babsrc=KW_ss&mntrId=0a9341e7000000000000162f68f710cd&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll () FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: Adobe Reader - D:\Programy\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Igor\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Igor\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Igor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\m33eo44q.default\searchplugins\mngr.xml FF Extension: No Name - C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\m33eo44q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF StartMenuInternet: FIREFOX.EXE - D:\Programy\Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.claro-search.com/?affID=117452&tt=4712_5&babsrc=HP_ss&mntrId=0a9341e7000000000000162f68f710cd CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Igor\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Igor\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Igor\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - D:\Programy\Adobe\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Google Update) - C:\Users\Igor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Extension: (YouTube) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Eliminator Slajd\u00F3w) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eplekpmdodlgejgogbojajncdlapamff\1.5.2_0 CHR Extension: (AdBlock) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (Hola Unblocker) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.1.338_0 CHR Extension: (Gmail) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR StartMenuInternet: Google Chrome - "C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe" ==================== Services (Whitelisted) ================= R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) R2 Hamachi2Svc; D:\Gry\Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] () S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] () S3 TunngleService; D:\Programy\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] () ==================== Drivers (Whitelisted) ==================== R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] () S1 gvmvkgic; \??\C:\Windows\system32\drivers\gvmvkgic.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 6666 2013-07-16 11:32 - 2013-07-16 11:32 - 00000000 ____D C:\FRST 2013-07-14 12:23 - 2013-07-14 12:23 - 00000850 _____ C:\Windows\PFRO.log 2013-07-13 21:35 - 2013-07-13 21:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-07-13 19:32 - 2013-07-13 19:32 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec 2013-07-13 19:32 - 2013-07-13 19:32 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-07-13 18:58 - 2013-07-13 19:00 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Gygan 2013-07-11 23:54 - 2013-07-11 23:54 - 00000684 _____ C:\Users\Igor\Desktop\Thomas Was Alone.lnk 2013-07-11 23:54 - 2013-07-11 23:54 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thomas Was Alone 2013-07-11 14:45 - 2013-07-11 14:45 - 00000000 ____D C:\Users\Igor\Documents\SavedGames 2013-07-11 14:45 - 2013-07-11 14:45 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Rogue Legacy 2013-07-11 14:42 - 2013-07-11 14:42 - 00000723 _____ C:\Users\Public\Desktop\Rogue Legacy.lnk 2013-07-11 01:28 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 01:28 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 01:28 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 01:28 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 01:28 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 01:28 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 01:28 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 01:28 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 01:28 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 01:28 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 01:28 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 01:28 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 01:28 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 01:28 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 01:28 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 01:28 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 01:28 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 01:28 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 01:28 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 01:28 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 01:28 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 01:28 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 00:10 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 00:10 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 00:10 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 00:10 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 00:10 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 00:09 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 00:09 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-09 14:38 - 2013-07-16 11:07 - 00002380 _____ C:\Windows\setupact.log 2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 _____ C:\Windows\setuperr.log 2013-06-27 12:49 - 2013-06-27 17:06 - 00000000 ____D C:\Users\Igor\Desktop\biofizyka 2013-06-22 13:39 - 2013-06-22 13:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-22 13:39 - 2013-06-22 13:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-20 23:42 - 2013-06-20 23:42 - 00001262 _____ C:\Users\Igor\Desktop\HotlineMiami.lnk ==================== One Month Modified Files and Folders ======= 2013-07-16 11:34 - 2012-02-21 15:37 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882613928-3123229556-3840966827-1000UA.job 2013-07-16 11:32 - 2013-07-16 11:32 - 00000000 ____D C:\FRST 2013-07-16 11:14 - 2009-07-14 06:45 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-16 11:14 - 2009-07-14 06:45 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-16 11:12 - 2012-02-21 14:19 - 01490884 _____ C:\Windows\WindowsUpdate.log 2013-07-16 11:08 - 2012-11-23 20:12 - 00000352 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-07-16 11:08 - 2012-08-11 14:09 - 00000000 ____D C:\Users\Igor\AppData\Local\LogMeIn Hamachi 2013-07-16 11:08 - 2012-02-21 14:55 - 00000000 ____D C:\Users\Igor\Documents\Bluetooth Folder 2013-07-16 11:07 - 2013-07-09 14:38 - 00002380 _____ C:\Windows\setupact.log 2013-07-16 11:07 - 2012-02-21 15:15 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2013-07-16 11:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-16 00:31 - 2012-07-13 23:04 - 00000000 ____D C:\Users\Igor\AppData\Roaming\BitTorrent 2013-07-15 22:42 - 2012-02-21 15:37 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882613928-3123229556-3840966827-1000Core.job 2013-07-15 14:26 - 2013-03-17 01:32 - 00001686 _____ C:\Users\Igor\Desktop\filmy.txt 2013-07-14 22:19 - 2011-04-12 15:21 - 00709558 _____ C:\Windows\system32\perfh015.dat 2013-07-14 22:19 - 2011-04-12 15:21 - 00138976 _____ C:\Windows\system32\perfc015.dat 2013-07-14 22:19 - 2009-07-14 07:13 - 01580692 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-14 22:18 - 2013-04-26 20:53 - 00000000 ____D C:\Users\Igor\AppData\Roaming\EurekaLog 2013-07-14 12:41 - 2012-02-22 22:53 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Winamp 2013-07-14 12:23 - 2013-07-14 12:23 - 00000850 _____ C:\Windows\PFRO.log 2013-07-13 22:36 - 2012-02-21 15:41 - 00002363 _____ C:\Users\Igor\Desktop\Google Chrome.lnk 2013-07-13 21:36 - 2012-02-21 20:43 - 00000000 ____D C:\Users\Igor\AppData\Local\PMB Files 2013-07-13 21:36 - 2012-02-21 20:43 - 00000000 ____D C:\ProgramData\PMB Files 2013-07-13 21:35 - 2013-07-13 21:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-07-13 19:33 - 2012-11-23 20:13 - 00000000 ____D C:\Users\Igor\AppData\Roaming\vlc 2013-07-13 19:33 - 2009-07-14 01:19 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2013-07-13 19:32 - 2013-07-13 19:32 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec 2013-07-13 19:32 - 2013-07-13 19:32 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-07-13 19:00 - 2013-07-13 18:58 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Gygan 2013-07-13 18:54 - 2012-03-09 21:46 - 00000000 ____D C:\Users\Igor\AppData\Local\CrashDumps 2013-07-12 22:29 - 2012-02-21 15:37 - 00004022 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1882613928-3123229556-3840966827-1000UA 2013-07-12 22:29 - 2012-02-21 15:37 - 00003626 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1882613928-3123229556-3840966827-1000Core 2013-07-11 23:54 - 2013-07-11 23:54 - 00000684 _____ C:\Users\Igor\Desktop\Thomas Was Alone.lnk 2013-07-11 23:54 - 2013-07-11 23:54 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thomas Was Alone 2013-07-11 14:45 - 2013-07-11 14:45 - 00000000 ____D C:\Users\Igor\Documents\SavedGames 2013-07-11 14:45 - 2013-07-11 14:45 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Rogue Legacy 2013-07-11 14:42 - 2013-07-11 14:42 - 00000723 _____ C:\Users\Public\Desktop\Rogue Legacy.lnk 2013-07-11 07:59 - 2012-02-21 14:15 - 00000000 ____D C:\Windows\Panther 2013-07-11 07:59 - 2009-07-14 06:45 - 00424128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 07:58 - 2011-04-12 15:32 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 07:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 07:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-11 07:57 - 2013-03-14 01:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 07:57 - 2013-03-14 01:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 01:30 - 2012-09-20 11:08 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-11 01:30 - 2012-02-27 14:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 00:02 - 2012-03-15 17:25 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Skype 2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 _____ C:\Windows\setuperr.log 2013-06-27 17:06 - 2013-06-27 12:49 - 00000000 ____D C:\Users\Igor\Desktop\biofizyka 2013-06-26 21:07 - 2012-10-01 19:19 - 00000000 ____D C:\Users\Igor\Desktop\internet 2013-06-24 17:18 - 2013-06-12 17:43 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Tunngle 2013-06-24 17:18 - 2013-06-12 17:43 - 00000000 ____D C:\ProgramData\Tunngle 2013-06-24 17:18 - 2012-06-10 17:52 - 00000000 ____D C:\Users\Igor\AppData\Roaming\.minecraft 2013-06-22 23:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-06-22 13:39 - 2013-06-22 13:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-22 13:39 - 2013-06-22 13:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 13:39 - 2013-05-23 20:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-22 13:39 - 2013-05-23 20:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-22 13:39 - 2012-06-21 13:01 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-06-22 13:39 - 2012-06-21 13:01 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-22 13:39 - 2012-03-06 22:35 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-20 23:42 - 2013-06-20 23:42 - 00001262 _____ C:\Users\Igor\Desktop\HotlineMiami.lnk 2013-06-19 16:27 - 2012-06-29 20:15 - 00000000 ____D C:\Users\Igor\Desktop\zdjęcie ZeroAccess: C:\Windows\Installer\{bb362e9b-49ab-c408-940e-10e1a8cdaccd} C:\Windows\Installer\{bb362e9b-49ab-c408-940e-10e1a8cdaccd}\L C:\Windows\Installer\{bb362e9b-49ab-c408-940e-10e1a8cdaccd}\U ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client LastRegBack: 2013-07-13 14:38 ==================== End Of Log ============================