Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01 Ran by Michał 2 (administrator) on 27-08-2013 13:38:23 Running from C:\Users\Michał 2\Desktop\Nowy folder Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Razer USA Ltd) F:\Program Files (x86)\Razer\Razer Game Booster\gamebooster.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Windows\system32\locator.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (BitTorrent Inc.) C:\Users\Michał 2\AppData\Roaming\uTorrent\uTorrent.exe (Razer USA Ltd) F:\Program Files (x86)\Razer\Razer Game Booster\gbtray.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.) HKCU\...\Run: [uTorrent] - C:\Users\Michał 2\AppData\Roaming\uTorrent\uTorrent.exe [1044560 2013-05-12] (BitTorrent Inc.) MountPoints2: {c29781a1-acef-11e2-946d-000074040a00} - G:\_AUTORUN\AUTORUN.EXE MountPoints2: {d79dbbc0-cf78-11e2-8a2c-806e6f6e6963} - G:\setup.exe MountPoints2: {fb2ca3e5-9378-11e1-b863-002522063b9c} - H:\Setup.exe ==================== Internet (Whitelisted) ==================== BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 190.160.20.1 FireFox: ======== FF ProfilePath: C:\Users\Michał 2\AppData\Roaming\Mozilla\Firefox\Profiles\wbkzynph.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Michał 2\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Michał 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= S4 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2011-12-13] (Protection Technology) S2 libusbd; C:\Windows\SysWow64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-04] () S2 SkypeUpdate; F:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies) ==================== Drivers (Whitelisted) ==================== R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2011-12-13] (Protection Technology) S3 BioNTDrv; C:\Program Files (x86)\Paragon_Software\Partition_Manager_12_Professional_Demo\program\BioNTDrv.SYS [19760 2012-07-13] (Paragon Software GmbH) S3 BioNTDrv; C:\Program Files (x86)\Paragon_Software\Partition_Manager_12_Professional_Demo\program\BioNTDrv.SYS [19760 2012-07-13] (Paragon Software GmbH) S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.) S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies) R3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20024 2010-02-20] (Deon van der Westhuysen) R3 PPortJoystick; C:\Windows\System32\DRIVERS\PPortJoy64.sys [39992 2010-02-20] (Deon van der Westhuysen) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SPC1030; C:\Windows\System32\DRIVERS\spc1030.sys [3251456 2008-06-11] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-07] (Duplex Secure Ltd.) R3 WinRing0_1_2_0; F:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org) R3 WinRing0_1_2_0; F:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org) U3 alt9lovk; C:\Windows\System32\Drivers\alt9lovk.sys [0 ] (Advanced Micro Devices) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-27 12:01 - 2013-08-27 12:05 - 00000000 ____D C:\AdwCleaner 2013-08-27 12:00 - 2013-08-27 12:01 - 00994642 _____ C:\Users\Michał 2\Desktop\AdwCleaner.exe 2013-08-27 11:58 - 2013-08-27 11:59 - 00000000 ____D C:\Users\Michał 2\Desktop\Nowy folder 2013-08-27 04:06 - 2013-08-27 04:06 - 00044582 _____ C:\Users\Michał 2\Desktop\FRST.txt 2013-08-27 04:06 - 2013-08-27 04:06 - 00026533 _____ C:\Users\Michał 2\Desktop\Addition.txt 2013-08-27 04:04 - 2013-08-27 04:05 - 00002225 _____ C:\Users\Michał 2\Desktop\FSS.txt 2013-08-27 04:03 - 2013-08-27 11:59 - 00000000 ____D C:\FRST 2013-08-27 04:03 - 2013-08-27 04:03 - 00111026 _____ C:\Users\Michał 2\Desktop\Extras.Txt 2013-08-27 03:57 - 2013-08-27 03:57 - 00117798 _____ C:\Users\Michał 2\Desktop\OTL.Txt 2013-08-27 03:29 - 2013-08-27 03:29 - 00358507 _____ (Farbar) C:\Users\Michał 2\Desktop\FSS.exe 2013-08-27 02:12 - 2013-08-27 02:12 - 00007605 _____ C:\Users\Michał 2\AppData\Local\Resmon.ResmonCfg 2013-08-27 02:10 - 2013-08-27 12:45 - 00000448 _____ C:\Windows\setupact.log 2013-08-27 02:10 - 2013-08-27 12:03 - 00012976 _____ C:\Windows\PFRO.log 2013-08-27 02:10 - 2013-08-27 02:10 - 00000000 _____ C:\Windows\setuperr.log 2013-08-26 21:52 - 2013-08-26 21:52 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Wayforward Technologies 2013-08-26 21:52 - 2013-08-26 21:52 - 00000000 ____D C:\ProgramData\Steam 2013-08-26 21:51 - 2013-08-26 21:51 - 00001018 _____ C:\Users\Public\Desktop\DuckTales Remastered.lnk 2013-08-26 21:50 - 2013-08-26 21:51 - 00000000 ____D C:\Program Files (x86)\DuckTales Remastered 2013-08-26 18:18 - 2013-08-26 18:19 - 19273460 _____ (Opera Software ASA) C:\Users\Michał 2\Desktop\Opera_Next_16.0.1196.55_Setup.exe 2013-08-26 17:25 - 2013-08-26 17:25 - 00393458 _____ C:\Users\Michał 2\Desktop\Bez naaaaazwy.xcf 2013-08-26 17:25 - 2013-08-26 17:25 - 00005307 _____ C:\Users\Michał 2\AppData\Local\recently-used.xbel 2013-08-25 02:32 - 2013-08-27 02:46 - 00001004 _____ C:\Users\Michał 2\Desktop\kp.txt 2013-08-22 03:27 - 2013-08-22 03:27 - 00519012 _____ (SkaWit - Witold Skałka ) C:\Users\Michał 2\Desktop\aws-setup.exe 2013-08-22 03:27 - 2013-08-22 03:27 - 00001010 _____ C:\Users\Michał 2\Desktop\Automatyczny Wyłącznik Systemu.lnk 2013-08-21 14:02 - 2013-08-21 14:37 - 00000000 ____D C:\Users\Michał 2\Desktop\WinSetup_1_0_beta8 2013-08-21 13:02 - 2013-08-21 13:02 - 00001011 _____ C:\Users\Public\Desktop\UltraISO.lnk 2013-08-21 13:01 - 2013-08-21 13:02 - 00000000 ____D C:\Program Files (x86)\UltraISO 2013-08-21 13:01 - 2013-08-21 13:01 - 00000000 ____D C:\Users\Michał 2\Documents\My ISO Files 2013-08-21 12:59 - 2013-08-21 12:59 - 04001621 _____ (EZB Systems, Inc. ) C:\Users\Michał 2\Downloads\uiso9_pe.exe 2013-08-21 12:58 - 2013-08-21 12:58 - 00659824 _____ C:\Users\Michał 2\Desktop\uiso9_pe_Installer.exe 2013-08-21 12:52 - 2013-08-21 12:52 - 00320952 _____ (StarApp) C:\Users\Michał 2\Desktop\usbm10.rar.exe 2013-08-21 01:59 - 2013-08-21 01:59 - 00000000 ____D C:\Users\Michał 2\Downloads\ChomikBox 2013-08-21 01:53 - 2013-08-27 12:22 - 00000000 ____D C:\Users\Michał 2\.gstreamer-0.10 2013-08-21 01:52 - 2013-08-27 12:22 - 00000000 ____D C:\Users\Michał 2\AppData\Local\ChomikBox 2013-08-21 01:52 - 2013-08-21 01:52 - 00000662 _____ C:\Users\Public\Desktop\ChomikBox.lnk 2013-08-21 01:51 - 2013-08-21 01:52 - 00000000 ____D C:\Program Files (x86)\ChomikBox 2013-08-21 01:48 - 2013-08-21 01:49 - 28002816 _____ C:\Users\Michał 2\Desktop\ChomikBox.msi 2013-08-21 01:44 - 2013-08-21 01:44 - 00000000 ____D C:\Users\Michał 2\Desktop\cast[bractwocienia.com] 2013-08-21 01:41 - 2013-08-21 01:41 - 00026322 _____ C:\Users\Michał 2\Desktop\cast[bractwocienia.com].zip 2013-08-21 00:35 - 2013-08-21 00:35 - 00000563 _____ C:\Users\Michał 2\Desktop\Mineshafter-proxy — skrót.lnk 2013-08-20 22:37 - 2013-08-20 22:37 - 00602112 _____ (OldTimer Tools) C:\Users\Michał 2\Desktop\OTL.exe 2013-08-19 12:40 - 2013-08-19 12:40 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-18 16:21 - 2013-08-18 16:21 - 00000000 ____D C:\Users\Michał 2\Documents\PDF Architect Files 2013-08-18 16:21 - 2013-08-18 16:21 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-08-18 16:20 - 2013-08-18 16:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-08-18 16:20 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2013-08-18 16:20 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-08-18 16:20 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-08-18 10:47 - 2013-08-18 10:47 - 00000000 __SHD C:\found.000 2013-08-18 02:29 - 2013-08-18 02:29 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\PDF Architect 2013-08-18 01:41 - 2013-08-18 01:41 - 00000111 ____H C:\Users\Public\Documents\sys62945.bin 2013-08-18 01:31 - 2013-08-18 01:31 - 38966928 _____ (Adobe Systems Incorporated) C:\Users\Michał 2\Downloads\AdbeRdr11000_pl_PL.exe 2013-08-18 01:10 - 2013-08-18 01:10 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\PDFEditorSDK 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\JAWS PDF Editor SDK 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 ____D C:\Users\Michał 2\AppData\Local\JAWS PDF Editor SDK 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 ____D C:\Program Files (x86)\Global Graphics 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 _____ C:\Users\UpdatusUser\AppData\Local\C 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 _____ C:\Users\Michał 2\AppData\Local\C 2013-08-18 01:03 - 2013-08-18 01:03 - 00000000 ____D C:\Users\Michał 2\Downloads\JawsPDFEditor(dobreprogramy.pl) 2013-08-18 01:00 - 2013-08-18 01:00 - 21454726 _____ C:\Users\Michał 2\Downloads\JawsPDFEditor(dobreprogramy.pl).zip 2013-08-18 00:47 - 2013-08-18 00:47 - 00000000 ____D C:\Output 2013-08-18 00:46 - 2013-08-18 00:45 - 02673560 _____ (PDF Password Remover ) C:\Users\Michał 2\Downloads\PDF Password Remover 1.1.0.2.exe 2013-08-18 00:44 - 2013-08-18 00:44 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visage 2013-08-18 00:44 - 2013-08-18 00:44 - 00000000 ____D C:\Program Files (x86)\Visagesoft 2013-08-15 01:08 - 2013-08-22 23:46 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Battle.net 2013-08-15 01:08 - 2013-08-15 01:09 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Battle.net 2013-08-15 01:08 - 2013-08-15 01:08 - 00000835 _____ C:\Users\Public\Desktop\Battle.net.lnk 2013-08-15 01:08 - 2013-08-15 01:08 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Blizzard Entertainment 2013-08-14 23:35 - 2013-08-14 23:35 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dargon 2013-08-14 23:34 - 2013-08-14 23:35 - 00000000 ____D C:\Dargon 2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Users\Michał 2\Documents\DargonMods 2013-08-11 21:06 - 2013-08-11 21:06 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\ps3psarc 2013-08-03 19:35 - 2013-08-03 19:35 - 00000000 ____D C:\ProgramData\GarenaPlus 2013-08-03 12:34 - 2013-08-03 12:35 - 00000000 ____D C:\DXFBDF.tmp 2013-08-01 05:31 - 2013-08-01 05:31 - 00000000 ____D C:\Users\Micha� 2\AppData\Roaming\GameRanger 2013-08-01 05:21 - 2013-08-27 12:46 - 00007888 _____ C:\autoupdate.log 2013-07-31 17:37 - 2013-07-31 17:37 - 00003178 _____ C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate 2013-07-31 17:37 - 2013-07-31 17:37 - 00000000 ____D C:\Users\Michał 2\Documents\Razer 2013-07-31 16:56 - 2013-07-31 16:56 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Razer 2013-07-31 16:55 - 2013-08-27 12:46 - 00003102 _____ C:\Windows\System32\Tasks\Game_Booster_Startup 2013-07-31 16:54 - 2013-07-31 16:54 - 00000000 ____D C:\ProgramData\Razer 2013-07-31 16:31 - 2013-07-31 16:31 - 00000000 ____D C:\ProgramData\LogiShrd 2013-07-31 16:30 - 2013-07-31 16:30 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Leadertech 2013-07-31 16:30 - 2013-07-31 16:30 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Logitech 2013-07-31 16:29 - 2013-07-31 16:29 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2013-07-31 16:28 - 2013-07-31 16:29 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2013-07-31 16:27 - 2013-07-31 16:27 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Logitech 2013-07-31 16:27 - 2013-07-31 16:27 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Logishrd 2013-07-30 06:44 - 2013-07-30 06:44 - 00000219 _____ C:\Users\Michał 2\Desktop\Dota 2.url 2013-07-29 12:53 - 2013-07-29 12:53 - 00000000 ____D C:\Program Files (x86)\Garena Plus 2013-07-29 12:49 - 2013-07-29 12:49 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\GarenaPlus 2013-07-29 11:21 - 2013-07-29 11:21 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-07-28 15:45 - 2013-08-03 21:34 - 00000000 ____D C:\Users\Michał 2\AppData\Local\LogMeIn Hamachi 2013-07-28 12:06 - 2013-07-28 12:06 - 00001072 _____ C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk 2013-07-28 12:06 - 2013-07-28 12:06 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\GameRanger ==================== One Month Modified Files and Folders ======= 2013-08-27 13:19 - 2012-08-23 10:38 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-27 12:53 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-27 12:53 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-27 12:46 - 2013-08-01 05:21 - 00007888 _____ C:\autoupdate.log 2013-08-27 12:46 - 2013-07-31 16:55 - 00003102 _____ C:\Windows\System32\Tasks\Game_Booster_Startup 2013-08-27 12:45 - 2013-08-27 02:10 - 00000448 _____ C:\Windows\setupact.log 2013-08-27 12:45 - 2011-11-13 20:22 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-27 12:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-27 12:44 - 2011-11-13 20:04 - 01974863 _____ C:\Windows\WindowsUpdate.log 2013-08-27 12:22 - 2013-08-21 01:53 - 00000000 ____D C:\Users\Michał 2\.gstreamer-0.10 2013-08-27 12:22 - 2013-08-21 01:52 - 00000000 ____D C:\Users\Michał 2\AppData\Local\ChomikBox 2013-08-27 12:05 - 2013-08-27 12:01 - 00000000 ____D C:\AdwCleaner 2013-08-27 12:04 - 2012-10-27 19:41 - 00000963 _____ C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-08-27 12:04 - 2012-10-27 19:40 - 00000000 ____D C:\Users\Michał 2 2013-08-27 12:04 - 2012-02-03 05:09 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-27 12:03 - 2013-08-27 02:10 - 00012976 _____ C:\Windows\PFRO.log 2013-08-27 12:01 - 2013-08-27 12:00 - 00994642 _____ C:\Users\Michał 2\Desktop\AdwCleaner.exe 2013-08-27 11:59 - 2013-08-27 11:58 - 00000000 ____D C:\Users\Michał 2\Desktop\Nowy folder 2013-08-27 11:59 - 2013-08-27 04:03 - 00000000 ____D C:\FRST 2013-08-27 08:23 - 2012-02-03 05:09 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-27 04:06 - 2013-08-27 04:06 - 00044582 _____ C:\Users\Michał 2\Desktop\FRST.txt 2013-08-27 04:06 - 2013-08-27 04:06 - 00026533 _____ C:\Users\Michał 2\Desktop\Addition.txt 2013-08-27 04:05 - 2013-08-27 04:04 - 00002225 _____ C:\Users\Michał 2\Desktop\FSS.txt 2013-08-27 04:03 - 2013-08-27 04:03 - 00111026 _____ C:\Users\Michał 2\Desktop\Extras.Txt 2013-08-27 03:57 - 2013-08-27 03:57 - 00117798 _____ C:\Users\Michał 2\Desktop\OTL.Txt 2013-08-27 03:29 - 2013-08-27 03:29 - 00358507 _____ (Farbar) C:\Users\Michał 2\Desktop\FSS.exe 2013-08-27 02:46 - 2013-08-25 02:32 - 00001004 _____ C:\Users\Michał 2\Desktop\kp.txt 2013-08-27 02:12 - 2013-08-27 02:12 - 00007605 _____ C:\Users\Michał 2\AppData\Local\Resmon.ResmonCfg 2013-08-27 02:10 - 2013-08-27 02:10 - 00000000 _____ C:\Windows\setuperr.log 2013-08-26 21:52 - 2013-08-26 21:52 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Wayforward Technologies 2013-08-26 21:52 - 2013-08-26 21:52 - 00000000 ____D C:\ProgramData\Steam 2013-08-26 21:51 - 2013-08-26 21:51 - 00001018 _____ C:\Users\Public\Desktop\DuckTales Remastered.lnk 2013-08-26 21:51 - 2013-08-26 21:50 - 00000000 ____D C:\Program Files (x86)\DuckTales Remastered 2013-08-26 21:46 - 2009-07-14 19:55 - 00886594 _____ C:\Windows\system32\perfh015.dat 2013-08-26 21:46 - 2009-07-14 19:55 - 00204930 _____ C:\Windows\system32\perfc015.dat 2013-08-26 21:46 - 2009-07-14 07:13 - 00006252 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-26 20:33 - 2012-10-28 10:52 - 00000000 ____D C:\Users\Michał 2\.gimp-2.8 2013-08-26 18:19 - 2013-08-26 18:18 - 19273460 _____ (Opera Software ASA) C:\Users\Michał 2\Desktop\Opera_Next_16.0.1196.55_Setup.exe 2013-08-26 17:25 - 2013-08-26 17:25 - 00393458 _____ C:\Users\Michał 2\Desktop\Bez naaaaazwy.xcf 2013-08-26 17:25 - 2013-08-26 17:25 - 00005307 _____ C:\Users\Michał 2\AppData\Local\recently-used.xbel 2013-08-26 02:08 - 2012-10-27 20:23 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\TS3Client 2013-08-25 22:23 - 2012-11-18 03:48 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Skype 2013-08-24 01:15 - 2013-07-19 02:55 - 00009368 _____ C:\Users\Michał 2\Desktop\SESJA.txt 2013-08-22 23:46 - 2013-08-15 01:08 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Battle.net 2013-08-22 03:43 - 2013-03-16 03:06 - 00000226 _____ C:\Windows\AWS.ini 2013-08-22 03:27 - 2013-08-22 03:27 - 00519012 _____ (SkaWit - Witold Skałka ) C:\Users\Michał 2\Desktop\aws-setup.exe 2013-08-22 03:27 - 2013-08-22 03:27 - 00001010 _____ C:\Users\Michał 2\Desktop\Automatyczny Wyłącznik Systemu.lnk 2013-08-21 21:31 - 2013-04-19 15:13 - 00000310 _____ C:\Users\Michał\osname.txt 2013-08-21 21:31 - 2013-04-19 15:13 - 00000110 _____ C:\Users\Michał\productid.txt 2013-08-21 21:31 - 2013-04-19 15:13 - 00000106 _____ C:\Users\Michał\bios.txt 2013-08-21 21:31 - 2013-04-19 15:13 - 00000066 _____ C:\Users\Michał\board.txt 2013-08-21 21:31 - 2013-04-19 15:13 - 00000050 _____ C:\Users\Michał\osversion.txt 2013-08-21 21:31 - 2013-04-19 15:13 - 00000011 _____ C:\Users\Michał\user.txt 2013-08-21 21:31 - 2013-04-19 15:13 - 00000000 _____ C:\Users\Michał\id.ini 2013-08-21 14:37 - 2013-08-21 14:02 - 00000000 ____D C:\Users\Michał 2\Desktop\WinSetup_1_0_beta8 2013-08-21 13:02 - 2013-08-21 13:02 - 00001011 _____ C:\Users\Public\Desktop\UltraISO.lnk 2013-08-21 13:02 - 2013-08-21 13:01 - 00000000 ____D C:\Program Files (x86)\UltraISO 2013-08-21 13:01 - 2013-08-21 13:01 - 00000000 ____D C:\Users\Michał 2\Documents\My ISO Files 2013-08-21 12:59 - 2013-08-21 12:59 - 04001621 _____ (EZB Systems, Inc. ) C:\Users\Michał 2\Downloads\uiso9_pe.exe 2013-08-21 12:58 - 2013-08-21 12:58 - 00659824 _____ C:\Users\Michał 2\Desktop\uiso9_pe_Installer.exe 2013-08-21 12:52 - 2013-08-21 12:52 - 00320952 _____ (StarApp) C:\Users\Michał 2\Desktop\usbm10.rar.exe 2013-08-21 01:59 - 2013-08-21 01:59 - 00000000 ____D C:\Users\Michał 2\Downloads\ChomikBox 2013-08-21 01:52 - 2013-08-21 01:52 - 00000662 _____ C:\Users\Public\Desktop\ChomikBox.lnk 2013-08-21 01:52 - 2013-08-21 01:51 - 00000000 ____D C:\Program Files (x86)\ChomikBox 2013-08-21 01:49 - 2013-08-21 01:48 - 28002816 _____ C:\Users\Michał 2\Desktop\ChomikBox.msi 2013-08-21 01:44 - 2013-08-21 01:44 - 00000000 ____D C:\Users\Michał 2\Desktop\cast[bractwocienia.com] 2013-08-21 01:41 - 2013-08-21 01:41 - 00026322 _____ C:\Users\Michał 2\Desktop\cast[bractwocienia.com].zip 2013-08-21 00:37 - 2013-07-13 13:25 - 01890646 _____ C:\Users\Michał\output-client.log 2013-08-21 00:37 - 2013-07-13 13:25 - 00000000 ____D C:\Users\Michał\stats 2013-08-21 00:37 - 2011-11-13 20:15 - 00000000 ____D C:\Users\Michał 2013-08-21 00:36 - 2013-07-13 13:25 - 00000978 _____ C:\Users\Michał\options.txt 2013-08-21 00:35 - 2013-08-21 00:35 - 00000563 _____ C:\Users\Michał 2\Desktop\Mineshafter-proxy — skrót.lnk 2013-08-20 22:37 - 2013-08-20 22:37 - 00602112 _____ (OldTimer Tools) C:\Users\Michał 2\Desktop\OTL.exe 2013-08-19 12:40 - 2013-08-19 12:40 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-19 02:49 - 2012-09-21 13:16 - 00000000 ____D C:\fat32format 2013-08-18 16:32 - 2013-08-18 16:20 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-08-18 16:21 - 2013-08-18 16:21 - 00000000 ____D C:\Users\Michał 2\Documents\PDF Architect Files 2013-08-18 16:21 - 2013-08-18 16:21 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-08-18 10:47 - 2013-08-18 10:47 - 00000000 __SHD C:\found.000 2013-08-18 02:29 - 2013-08-18 02:29 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\PDF Architect 2013-08-18 01:41 - 2013-08-18 01:41 - 00000111 ____H C:\Users\Public\Documents\sys62945.bin 2013-08-18 01:40 - 2012-10-28 08:51 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Adobe 2013-08-18 01:33 - 2011-12-21 17:35 - 00000000 ____D C:\ProgramData\Adobe 2013-08-18 01:33 - 2011-11-15 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-18 01:31 - 2013-08-18 01:31 - 38966928 _____ (Adobe Systems Incorporated) C:\Users\Michał 2\Downloads\AdbeRdr11000_pl_PL.exe 2013-08-18 01:10 - 2013-08-18 01:10 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\PDFEditorSDK 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\JAWS PDF Editor SDK 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 ____D C:\Users\Michał 2\AppData\Local\JAWS PDF Editor SDK 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 ____D C:\Program Files (x86)\Global Graphics 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 _____ C:\Users\UpdatusUser\AppData\Local\C 2013-08-18 01:08 - 2013-08-18 01:08 - 00000000 _____ C:\Users\Michał 2\AppData\Local\C 2013-08-18 01:08 - 2012-09-05 16:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-18 01:03 - 2013-08-18 01:03 - 00000000 ____D C:\Users\Michał 2\Downloads\JawsPDFEditor(dobreprogramy.pl) 2013-08-18 01:00 - 2013-08-18 01:00 - 21454726 _____ C:\Users\Michał 2\Downloads\JawsPDFEditor(dobreprogramy.pl).zip 2013-08-18 00:47 - 2013-08-18 00:47 - 00000000 ____D C:\Output 2013-08-18 00:45 - 2013-08-18 00:46 - 02673560 _____ (PDF Password Remover ) C:\Users\Michał 2\Downloads\PDF Password Remover 1.1.0.2.exe 2013-08-18 00:44 - 2013-08-18 00:44 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visage 2013-08-18 00:44 - 2013-08-18 00:44 - 00000000 ____D C:\Program Files (x86)\Visagesoft 2013-08-17 21:33 - 2013-07-10 12:56 - 00000000 ____D C:\Users\Michał 2\AppData\Local\WMTools Downloaded Files 2013-08-17 00:00 - 2012-10-27 19:41 - 00000000 ___RD C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-17 00:00 - 2012-01-21 00:25 - 00000000 ____D C:\Windows\pss 2013-08-16 15:17 - 2013-07-16 18:58 - 00000000 ____D C:\Users\Michał\screenshots 2013-08-15 20:33 - 2013-07-13 13:26 - 00000318 _____ C:\Users\Michał\servers.dat 2013-08-15 01:09 - 2013-08-15 01:08 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Battle.net 2013-08-15 01:08 - 2013-08-15 01:08 - 00000835 _____ C:\Users\Public\Desktop\Battle.net.lnk 2013-08-15 01:08 - 2013-08-15 01:08 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Blizzard Entertainment 2013-08-14 23:37 - 2012-10-27 19:41 - 00000000 ____D C:\Users\Michał 2\AppData\Local\VirtualStore 2013-08-14 23:35 - 2013-08-14 23:35 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dargon 2013-08-14 23:35 - 2013-08-14 23:34 - 00000000 ____D C:\Dargon 2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Users\Michał 2\Documents\DargonMods 2013-08-14 17:16 - 2013-07-27 17:16 - 00007601 _____ C:\Users\Michał\output-server.log 2013-08-14 16:39 - 2013-07-13 13:25 - 00000000 ____D C:\Users\Michał\saves 2013-08-11 21:06 - 2013-08-11 21:06 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\ps3psarc 2013-08-10 22:23 - 2013-07-16 18:24 - 00081384 _____ C:\Users\Michał\output-client.log.1 2013-08-06 20:40 - 2013-07-25 09:08 - 00506948 _____ C:\Users\Michał 2\Desktop\Dungeon Mapa.xcf 2013-08-04 21:01 - 2011-11-15 21:25 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-08-03 21:34 - 2013-07-28 15:45 - 00000000 ____D C:\Users\Michał 2\AppData\Local\LogMeIn Hamachi 2013-08-03 19:35 - 2013-08-03 19:35 - 00000000 ____D C:\ProgramData\GarenaPlus 2013-08-03 12:35 - 2013-08-03 12:34 - 00000000 ____D C:\DXFBDF.tmp 2013-08-01 05:31 - 2013-08-01 05:31 - 00000000 ____D C:\Users\Micha� 2\AppData\Roaming\GameRanger 2013-08-01 05:31 - 2013-07-27 19:58 - 00000000 ____D C:\Users\Micha� 2 2013-07-31 17:37 - 2013-07-31 17:37 - 00003178 _____ C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate 2013-07-31 17:37 - 2013-07-31 17:37 - 00000000 ____D C:\Users\Michał 2\Documents\Razer 2013-07-31 17:08 - 2013-06-08 23:12 - 00000000 ____D C:\Users\Michał 2\Desktop\nutki smutki 2013-07-31 16:56 - 2013-07-31 16:56 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Razer 2013-07-31 16:54 - 2013-07-31 16:54 - 00000000 ____D C:\ProgramData\Razer 2013-07-31 16:31 - 2013-07-31 16:31 - 00000000 ____D C:\ProgramData\LogiShrd 2013-07-31 16:30 - 2013-07-31 16:30 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Leadertech 2013-07-31 16:30 - 2013-07-31 16:30 - 00000000 ____D C:\Users\Michał 2\AppData\Local\Logitech 2013-07-31 16:29 - 2013-07-31 16:29 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2013-07-31 16:29 - 2013-07-31 16:28 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2013-07-31 16:28 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-31 16:27 - 2013-07-31 16:27 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Logitech 2013-07-31 16:27 - 2013-07-31 16:27 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\Logishrd 2013-07-30 06:44 - 2013-07-30 06:44 - 00000219 _____ C:\Users\Michał 2\Desktop\Dota 2.url 2013-07-29 12:53 - 2013-07-29 12:53 - 00000000 ____D C:\Program Files (x86)\Garena Plus 2013-07-29 12:49 - 2013-07-29 12:49 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\GarenaPlus 2013-07-29 12:49 - 2012-07-16 23:00 - 00000000 ____D C:\ProgramData\GarenaMessenger 2013-07-29 11:21 - 2013-07-29 11:21 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-07-28 12:06 - 2013-07-28 12:06 - 00001072 _____ C:\Users\Michał 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk 2013-07-28 12:06 - 2013-07-28 12:06 - 00000000 ____D C:\Users\Michał 2\AppData\Roaming\GameRanger Files to move or delete: ==================== C:\Users\Michał\servers.dat C:\Users\Michał 2\AppData\Local\Temp\bi_cleaner.exe C:\Users\Michał 2\AppData\Local\Temp\Quarantine.exe C:\Users\Michał 2\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2013-08-23 00:24 ==================== End Of Log ============================