Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by tds (administrator) on TDSXXX on 19-10-2013 15:43:21 Running from C:\Users\tds\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AQQ Sp. z o.o.) C:\Program Files (x86)\AQQ\AQQ.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE () C:\Program Files (x86)\RocketDock\RocketDock.exe () C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe () C:\Users\tds\AppData\Roaming\minerd\bfgminer.exe () C:\Users\tds\AppData\Roaming\minert\cgminer.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe (Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6325936 2012-11-26] (ESET) HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-01-31] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-01-31] (Saitek) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKCU\...\Run: [AQQ] - C:\Program Files (x86)\AQQ\AQQ.exe [12612096 2013-10-16] (AQQ Sp. z o.o.) HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Run: [WallPaper] - C:\PROGRA~2\WALLPA~1\WALLPA~1.EXE [246272 2001-06-10] () HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC) HKCU\...\Run: [Pokki] - "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKCU\...\Run: [Hoolapp Android] - "C:\Users\tds\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized HKCU\...\Run: [minerd] - "C:\Users\tds\AppData\Roaming\minerd\nircmd.exe" exec hide "C:\Users\tds\AppData\Roaming\minerd\start.bat" HKCU\...\Run: [minert] - "C:\Users\tds\AppData\Roaming\minert\nircmd.exe" exec hide "C:\Users\tds\AppData\Roaming\minert\start.bat" HKCU\...\Policies\Explorer: [NoSaveSettings] 0 HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKCU\...\Policies\Explorer: [NoResolveSearch] 1 HKCU\...\Policies\Explorer: [NoInternetOpenWith] 1 HKCU\...\Policies\Explorer: [NoStartMenuMyMusic] 1 HKCU\...\Policies\Explorer: [NoSMMyPictures] 1 HKCU\...\Policies\Explorer: [HideSCAHealth] 1 MountPoints2: N - N:\setup.exe MountPoints2: {271d79f9-ef5f-11e1-84c9-00242139113a} - G:\Setup.exe MountPoints2: {271d79fe-ef5f-11e1-84c9-00242139113a} - H:\DisneySplash.exe MountPoints2: {38455dc3-ad6d-11e1-8d28-00242139113a} - S:\DPFMate.exe MountPoints2: {75144e7a-ad71-11e1-9150-00242139113a} - N:\Setup.exe MountPoints2: {75144e7c-ad71-11e1-9150-00242139113a} - O:\setup.exe MountPoints2: {98b62a00-d235-11e1-99ba-00242139113a} - S:\DPFMate.exe MountPoints2: {f5621723-2663-11e2-a20a-00242139113a} - O:\Setup.exe HKLM-x32\...\Run: [P17RunE] - C:\Windows\\SysWOW64\P17RunE.dll [18432 2007-05-08] (Creative Technology Ltd.) HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [432952 2011-09-16] (QFX Software Corporation) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Ad Muncher] - C:\Program Files (x86)\Ad Muncher\AdMunch.exe [595144 2013-07-12] (Murray Hurps Software Pty Ltd) AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation) Startup: C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?searchsource=10&cui=un39948887164765202&um=2&ctid=ct3289847&sspv=tb_t5 URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File SearchScopes: HKLM-x32 - DefaultScope {1F6E33D8-5929-47E3-90E6-D269865FDE37} URL = SearchScopes: HKLM-x32 - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={searchTerms}&pid=658&src=ie2&r=2013/05/27&hid=504504536&lg=EN&cc=GB SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={BBDA8324-51B8-11E2-9285-00242139113A} SearchScopes: HKCU - DefaultScope {1F6E33D8-5929-47E3-90E6-D269865FDE37} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN39948887164765202&UM=2&SSPV=TB_T5 SearchScopes: HKCU - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={searchTerms}&pid=658&src=ie2&r=2013/05/27&hid=504504536&lg=EN&cc=GB SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A61D00242139113A&affID=119357&tt=110713_9126&tsp=4942 SearchScopes: HKCU - {1F6E33D8-5929-47E3-90E6-D269865FDE37} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN39948887164765202&UM=2&SSPV=TB_T5 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={BBDA8324-51B8-11E2-9285-00242139113A} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default FF user.js: detected! => C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\user.js FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html FF Homepage: chrome://fvd.speeddial/content/fvd_about_blank.html FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\searchplugins\Firefox.xml FF Extension: No Name - C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\Extensions\pavel.sherbakov@gmail.com FF Extension: Noia4Options - C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\Extensions\Noia4Options@ArisT2.xpi FF Extension: No Name - C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\Extensions\{69d0119c-32f1-4766-82d7-617f04d5643b}.xpi FF Extension: No Name - C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: No Name - C:\Users\tds\AppData\Roaming\Mozilla\Firefox\Profiles\wrqlud0v.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET) S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2013-05-29] () R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-03] () ==================== Drivers (Whitelisted) ==================== S3 2310_00; C:\Windows\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc.) S3 arcm_a64; C:\Windows\system32\drivers\arcm_a64.sys [52768 2009-11-09] (ARECA Technology Corporation) S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-02] (Asmedia Technology) S3 DC133; C:\Windows\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol GmbH) S3 DC150; C:\Windows\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol GmbH) S3 DC154; C:\Windows\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol GmbH) S3 DC300e; C:\Windows\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol GmbH) S3 DC324e; C:\Windows\system32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol GmbH) R0 DC3410; C:\Windows\System32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol GmbH) S3 DC4300; C:\Windows\system32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol GmbH) S3 DC600e; C:\Windows\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol GmbH) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-26] (DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET) S3 hptiop; C:\Windows\system32\drivers\hptiop.sys [17440 2009-05-25] (HighPoint Technologies, Inc.) S3 hptmv; C:\Windows\system32\drivers\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc.) S3 hptmv6; C:\Windows\system32\drivers\hptmv6.sys [152096 2007-11-01] (HighPoint Technologies, Inc.) S3 iteraid; C:\Windows\system32\drivers\iteraid.sys [32768 2007-05-02] (ITE Tech. Inc.) S3 johci; C:\Windows\system32\drivers\johci.sys [26712 2011-02-09] (JMicron Technology Corp.) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [274616 2011-09-14] (QFX Software Corporation) S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [465488 2010-06-15] (LSI Corporation, Inc.) S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [181040 2010-10-26] (Marvell Semiconductor, Inc.) S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation) R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] () S3 Pnp680; C:\Windows\system32\drivers\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc) S3 rr172x; C:\Windows\system32\drivers\rr172x.sys [124448 2007-11-01] (HighPoint Technologies, Inc.) S3 rr174x; C:\Windows\system32\drivers\rr174x.sys [159264 2007-11-01] (HighPoint Technologies, Inc.) S3 rr2210; C:\Windows\system32\drivers\rr2210.sys [153632 2007-11-01] (HighPoint Technologies, Inc.) S3 rr232x; C:\Windows\system32\drivers\rr232x.sys [152096 2008-05-05] (HighPoint Technologies, Inc.) S3 rr2340; C:\Windows\system32\drivers\rr2340.sys [162400 2009-12-31] (HighPoint Technologies, Inc.) S3 rr2522; C:\Windows\system32\drivers\rr2522.sys [168032 2009-12-31] (HighPoint Technologies, Inc.) S3 rr62x; C:\Windows\system32\drivers\rr62x.sys [155232 2009-12-21] (HighPoint Technologies, Inc.) S3 SaiHFF32; C:\Windows\System32\DRIVERS\SaiHFF32.sys [177536 2007-09-13] (Saitek) S3 SaiIFF32; C:\Windows\System32\DRIVERS\SaiIFF32.sys [20864 2007-09-13] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek) S3 SI3112r; C:\Windows\system32\drivers\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc) S3 SI3114; C:\Windows\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.) S3 SI3114r; C:\Windows\system32\drivers\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc) S3 SI3124; C:\Windows\system32\drivers\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc.) S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc) S3 SI3132; C:\Windows\system32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) S3 Si3531; C:\Windows\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-26] (Duplex Secure Ltd.) R2 UltraMonUtility; C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [20512 2008-11-14] (Realtime Soft Ltd) S3 viamrx64; C:\Windows\system32\drivers\viamrx64.sys [161904 2010-12-02] (VIA Technologies Inc.,Ltd) S3 videX64; C:\Windows\system32\drivers\videX64.sys [15000 2010-02-11] (VIA Technologies, Inc.) R0 xfiltx64; C:\Windows\System32\drivers\xfiltx64.sys [26776 2010-02-11] (VIA Technologies, Inc.) S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 Gmer; System32\DRIVERS\gmer.sys [x] S3 GPU-Z; \??\x:\temp\temp\GPU-Z.sys [x] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x] S3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [x] U5 NVStrap; C:\Windows\System32\Drivers\NVStrap.sys [13808 2012-07-01] () S1 StarOpen; No ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-19 15:42 - 2013-10-19 15:42 - 00000000 ____D C:\FRST 2013-10-19 15:41 - 2013-10-19 15:41 - 1040633430 _____ C:\Windows\MEMORY.DMP 2013-10-19 15:41 - 2013-10-19 15:41 - 00292248 _____ C:\Windows\Minidump\101913-10374-01.dmp 2013-10-19 15:40 - 2013-10-19 15:40 - 00891167 _____ C:\Users\tds\Desktop\SecurityCheck.exe 2013-10-19 15:34 - 2013-10-19 15:39 - 00038552 _____ C:\Users\tds\Desktop\gmer.txt 2013-10-19 15:24 - 2013-10-19 15:24 - 00368705 _____ C:\Users\tds\Desktop\gm.zip 2013-10-19 15:23 - 2013-10-19 15:23 - 00083064 _____ C:\Users\tds\Desktop\Extras.Txt 2013-10-19 15:22 - 2013-10-19 15:22 - 00173766 _____ C:\Users\tds\Desktop\OTL.Txt 2013-10-19 15:18 - 2013-10-19 15:18 - 01954124 _____ (Farbar) C:\Users\tds\Desktop\FRST64.exe 2013-10-19 15:11 - 2013-10-19 15:11 - 00602112 _____ (OldTimer Tools) C:\Users\tds\Desktop\OTL.scr 2013-10-19 15:00 - 2013-10-19 15:00 - 00050477 _____ C:\Users\tds\Desktop\Defogger.exe 2013-10-19 15:00 - 2013-10-19 15:00 - 00000648 _____ C:\Users\tds\Desktop\defogger_disable.log 2013-10-19 14:39 - 2013-10-19 14:39 - 00201802 _____ C:\Windows\SysWOW64\poclbm130302GeForce 8800 GTv1w256l4.bin 2013-10-19 14:33 - 2013-10-19 14:33 - 00000000 ____D C:\Users\tds\Documents\Multisoft 2013-10-19 14:30 - 2013-10-19 14:30 - 00001041 _____ C:\Windows\NLSDownlevelMapping.log 2013-10-19 14:30 - 2013-10-19 14:30 - 00000074 _____ C:\Users\tds\Desktop\Product activation info.url 2013-10-18 20:55 - 2013-10-18 20:55 - 00000000 ____D C:\Users\tds\AppData\Roaming\minert 2013-10-17 17:25 - 2013-10-17 17:25 - 00001393 _____ C:\Users\tds\Desktop\LEGOMarvelDemo.exe.lnk 2013-10-13 13:56 - 2013-10-13 13:56 - 00012123 _____ C:\Users\tds\Desktop\Cube.exe.lnk 2013-10-12 14:11 - 2013-10-19 15:16 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-12 14:11 - 2013-10-12 14:11 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-12 14:11 - 2013-10-12 14:11 - 00003786 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-10 21:28 - 2013-10-10 21:28 - 00201802 _____ C:\Windows\SysWOW64\poclbm130302GeForce8800GTv1w256l4pOpenCL1_1CUDA4_2_1.bin 2013-10-10 19:43 - 2013-10-10 19:43 - 00000000 ____D C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2013-10-10 19:43 - 2013-10-10 19:43 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2013-10-10 19:42 - 2013-10-10 19:42 - 00001052 _____ C:\Users\tds\Desktop\EVGA Precision X.lnk 2013-10-10 19:42 - 2013-10-10 19:42 - 00000000 ____D C:\Users\tds\AppData\Roaming\minerd 2013-10-10 19:42 - 2013-10-10 19:42 - 00000000 ____D C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X 2013-10-10 19:42 - 2013-10-10 19:42 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X 2013-10-10 19:12 - 2013-10-10 19:12 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll 2013-10-10 19:12 - 2013-10-10 19:12 - 00113543 _____ C:\Windows\SysWOW64\slmgr.vbs 2013-10-10 19:12 - 2013-10-10 19:12 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll 2013-10-09 21:44 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 21:44 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 21:44 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 21:44 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 21:44 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 21:44 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 21:44 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 21:44 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 21:44 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 21:44 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 21:44 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 21:44 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 21:43 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 21:43 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 21:31 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 21:31 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 21:31 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 21:31 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 21:31 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 21:31 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 21:31 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 21:31 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 21:31 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 21:31 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 21:31 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 21:31 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 21:31 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 21:31 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 21:31 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 21:31 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 21:31 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 21:31 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 21:31 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 21:31 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 21:31 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 21:31 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 21:31 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 21:31 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 21:31 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 09:37 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 09:37 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 09:37 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 09:37 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 09:37 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 09:37 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-09 09:37 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 09:37 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 09:37 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 09:37 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 09:37 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 09:37 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-09 09:37 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 09:37 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 09:37 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-09 09:37 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-09 09:37 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 09:37 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 09:37 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 09:37 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 09:37 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 09:37 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 09:37 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 09:37 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 09:37 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 09:37 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 09:37 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 09:37 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-05 13:38 - 2013-10-05 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-02 19:17 - 2013-10-02 19:23 - 00000000 ____D C:\Program Files\MailShare 2013-10-02 19:17 - 2013-10-02 19:17 - 00000824 _____ C:\Users\Public\Desktop\MailShare.lnk 2013-10-02 19:17 - 2009-12-12 16:15 - 00206848 _____ C:\Windows\system32\unrar.dll 2013-10-02 18:35 - 2013-10-02 18:35 - 00001058 _____ C:\Users\Public\Desktop\Scribblenauts Unmasked A DC Comics Adventure.lnk 2013-09-29 14:50 - 2013-09-29 14:54 - 00000000 ____D C:\Users\tds\Documents\ZootFly 2013-09-25 19:20 - 2013-09-26 18:05 - 00000000 ____D C:\Users\tds\Documents\Euro Truck Simulator 2 2013-09-23 22:42 - 2013-09-29 10:35 - 00000110 _____ C:\.dir 2013-09-23 22:12 - 2013-09-29 12:08 - 00000000 ____D C:\ProgramData\Conceiva 2013-09-23 22:12 - 2013-09-28 20:03 - 00000043 _____ C:\Windows\MezzmoMediaServer.INI 2013-09-23 21:02 - 2013-09-23 21:02 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-23 21:02 - 2013-09-23 21:02 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-09-22 11:15 - 2013-09-22 11:15 - 00001180 _____ C:\Users\tds\Desktop\Ekipa ratunkowa.lnk 2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar.pl 2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\ProgramData\rionix 2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files (x86)\Alawar.pl ==================== One Month Modified Files and Folders ======= 2013-10-19 15:43 - 2013-01-13 17:35 - 00000000 ____D C:\Program Files\PeerBlock 2013-10-19 15:42 - 2013-10-19 15:42 - 00000000 ____D C:\FRST 2013-10-19 15:42 - 2013-07-31 20:22 - 00001038 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-19 15:41 - 2013-10-19 15:41 - 1040633430 _____ C:\Windows\MEMORY.DMP 2013-10-19 15:41 - 2013-10-19 15:41 - 00292248 _____ C:\Windows\Minidump\101913-10374-01.dmp 2013-10-19 15:41 - 2013-03-17 11:59 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job 2013-10-19 15:41 - 2012-08-27 00:35 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-19 15:41 - 2012-06-06 19:07 - 00000000 ____D C:\Windows\Minidump 2013-10-19 15:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-19 15:41 - 2009-07-14 05:51 - 00145806 _____ C:\Windows\setupact.log 2013-10-19 15:40 - 2013-10-19 15:40 - 00891167 _____ C:\Users\tds\Desktop\SecurityCheck.exe 2013-10-19 15:39 - 2013-10-19 15:34 - 00038552 _____ C:\Users\tds\Desktop\gmer.txt 2013-10-19 15:39 - 2011-10-01 15:09 - 00004186 _____ C:\Windows\system32\notepad.ini 2013-10-19 15:28 - 2013-06-01 08:51 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-19 15:27 - 2012-06-03 11:15 - 01976609 _____ C:\Windows\WindowsUpdate.log 2013-10-19 15:27 - 2011-10-08 09:49 - 00003912 _____ C:\Windows\notepad.ini 2013-10-19 15:24 - 2013-10-19 15:24 - 00368705 _____ C:\Users\tds\Desktop\gm.zip 2013-10-19 15:23 - 2013-10-19 15:23 - 00083064 _____ C:\Users\tds\Desktop\Extras.Txt 2013-10-19 15:23 - 2012-08-25 13:00 - 00000249 _____ C:\Windows\gmer.ini 2013-10-19 15:22 - 2013-10-19 15:22 - 00173766 _____ C:\Users\tds\Desktop\OTL.Txt 2013-10-19 15:18 - 2013-10-19 15:18 - 01954124 _____ (Farbar) C:\Users\tds\Desktop\FRST64.exe 2013-10-19 15:16 - 2013-10-12 14:11 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-19 15:11 - 2013-10-19 15:11 - 00602112 _____ (OldTimer Tools) C:\Users\tds\Desktop\OTL.scr 2013-10-19 15:07 - 2010-11-21 13:53 - 00741116 _____ C:\Windows\system32\perfh015.dat 2013-10-19 15:07 - 2010-11-21 13:53 - 00155712 _____ C:\Windows\system32\perfc015.dat 2013-10-19 15:07 - 2009-07-14 06:13 - 01671464 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-19 15:00 - 2013-10-19 15:00 - 00050477 _____ C:\Users\tds\Desktop\Defogger.exe 2013-10-19 15:00 - 2013-10-19 15:00 - 00000648 _____ C:\Users\tds\Desktop\defogger_disable.log 2013-10-19 15:00 - 2012-08-25 12:46 - 00000356 _____ C:\Users\tds\defogger_reenable 2013-10-19 14:39 - 2013-10-19 14:39 - 00201802 _____ C:\Windows\SysWOW64\poclbm130302GeForce 8800 GTv1w256l4.bin 2013-10-19 14:33 - 2013-10-19 14:33 - 00000000 ____D C:\Users\tds\Documents\Multisoft 2013-10-19 14:31 - 2012-06-03 16:14 - 00621992 _____ C:\Windows\DirectX.log 2013-10-19 14:30 - 2013-10-19 14:30 - 00001041 _____ C:\Windows\NLSDownlevelMapping.log 2013-10-19 14:30 - 2013-10-19 14:30 - 00000074 _____ C:\Users\tds\Desktop\Product activation info.url 2013-10-19 13:34 - 2012-06-03 14:05 - 00000000 ____D C:\Users\tds\Documents\Pliki programu Outlook 2013-10-19 10:00 - 2010-11-21 04:47 - 00145962 _____ C:\Windows\PFRO.log 2013-10-18 20:55 - 2013-10-18 20:55 - 00000000 ____D C:\Users\tds\AppData\Roaming\minert 2013-10-18 20:45 - 2013-06-02 12:47 - 00000000 ____D C:\Users\tds\AppData\Roaming\deluge 2013-10-18 18:29 - 2012-10-14 13:47 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A9DB273-309A-4484-AC35-9EB068566B60} 2013-10-18 17:03 - 2013-08-30 21:22 - 00000000 ____D C:\ProgramData\Package Cache 2013-10-18 16:08 - 2012-06-03 14:31 - 00000000 ____D C:\Users\tds\AppData\Roaming\Skype 2013-10-18 15:47 - 2012-06-03 14:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-18 15:47 - 2012-06-03 14:31 - 00000000 ____D C:\ProgramData\Skype 2013-10-18 15:02 - 2013-03-17 20:42 - 00000292 _____ C:\Windows\Tasks\Registry Optimizer_DEFAULT.job 2013-10-17 19:35 - 2012-09-30 20:17 - 00000000 ____D C:\Users\tds\Documents\Telltale Games 2013-10-17 17:25 - 2013-10-17 17:25 - 00001393 _____ C:\Users\tds\Desktop\LEGOMarvelDemo.exe.lnk 2013-10-17 17:25 - 2013-05-29 19:45 - 00000000 ____D C:\Users\tds\AppData\Roaming\Warner Bros. Interactive Entertainment 2013-10-16 19:42 - 2013-03-17 20:42 - 00000300 _____ C:\Windows\Tasks\Registry Optimizer_UPDATES.job 2013-10-15 20:48 - 2013-07-28 19:45 - 00000000 ____D C:\Users\tds\AppData\Roaming\.minecraft 2013-10-13 15:43 - 2012-06-03 14:55 - 00000000 ____D C:\Users\tds\AppData\Roaming\AIMP3 2013-10-13 13:56 - 2013-10-13 13:56 - 00012123 _____ C:\Users\tds\Desktop\Cube.exe.lnk 2013-10-13 04:10 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-13 04:10 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-12 14:11 - 2013-10-12 14:11 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-12 14:11 - 2013-10-12 14:11 - 00003786 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-11 16:19 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-10 21:28 - 2013-10-10 21:28 - 00201802 _____ C:\Windows\SysWOW64\poclbm130302GeForce8800GTv1w256l4pOpenCL1_1CUDA4_2_1.bin 2013-10-10 19:43 - 2013-10-10 19:43 - 00000000 ____D C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2013-10-10 19:43 - 2013-10-10 19:43 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2013-10-10 19:43 - 2012-08-20 18:12 - 00000000 ____D C:\Windows\SysWOW64\directx 2013-10-10 19:42 - 2013-10-10 19:42 - 00001052 _____ C:\Users\tds\Desktop\EVGA Precision X.lnk 2013-10-10 19:42 - 2013-10-10 19:42 - 00000000 ____D C:\Users\tds\AppData\Roaming\minerd 2013-10-10 19:42 - 2013-10-10 19:42 - 00000000 ____D C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X 2013-10-10 19:42 - 2013-10-10 19:42 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X 2013-10-10 19:12 - 2013-10-10 19:12 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll 2013-10-10 19:12 - 2013-10-10 19:12 - 00113543 _____ C:\Windows\SysWOW64\slmgr.vbs 2013-10-10 19:12 - 2013-10-10 19:12 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll 2013-10-10 19:12 - 2010-11-21 04:24 - 00002048 _____ C:\Windows\SysWOW64\winver.exe 2013-10-09 23:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-09 22:22 - 2009-07-14 05:45 - 00421336 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 21:45 - 2012-06-03 13:34 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-09 21:42 - 2013-06-11 22:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 21:42 - 2012-06-03 11:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 21:41 - 2012-06-03 11:23 - 01646666 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-09 21:37 - 2013-08-03 20:16 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 21:36 - 2012-06-03 13:20 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 15:28 - 2013-06-01 08:51 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-09 14:28 - 2012-06-10 11:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 14:28 - 2012-06-03 11:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-06 10:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-06 09:52 - 2013-06-27 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-05 13:52 - 2013-10-05 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-02 19:23 - 2013-10-02 19:17 - 00000000 ____D C:\Program Files\MailShare 2013-10-02 19:17 - 2013-10-02 19:17 - 00000824 _____ C:\Users\Public\Desktop\MailShare.lnk 2013-10-02 18:35 - 2013-10-02 18:35 - 00001058 _____ C:\Users\Public\Desktop\Scribblenauts Unmasked A DC Comics Adventure.lnk 2013-09-29 14:54 - 2013-09-29 14:50 - 00000000 ____D C:\Users\tds\Documents\ZootFly 2013-09-29 12:08 - 2013-09-23 22:12 - 00000000 ____D C:\ProgramData\Conceiva 2013-09-29 12:08 - 2012-06-03 11:37 - 00000000 ___RD C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 10:35 - 2013-09-23 22:42 - 00000110 _____ C:\.dir 2013-09-28 20:03 - 2013-09-23 22:12 - 00000043 _____ C:\Windows\MezzmoMediaServer.INI 2013-09-26 18:05 - 2013-09-25 19:20 - 00000000 ____D C:\Users\tds\Documents\Euro Truck Simulator 2 2013-09-23 21:45 - 2012-11-05 21:46 - 00000000 ____D C:\Users\tds\AppData\Roaming\vlc 2013-09-23 21:02 - 2013-09-23 21:02 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-23 21:02 - 2013-09-23 21:02 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-09-23 00:28 - 2013-10-09 21:44 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 00:28 - 2013-10-09 21:44 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 00:27 - 2013-10-09 21:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 00:27 - 2013-10-09 21:43 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-22 23:55 - 2013-10-09 21:44 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-22 23:55 - 2013-10-09 21:44 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-22 23:55 - 2013-10-09 21:44 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-22 23:54 - 2013-10-09 21:44 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-22 23:54 - 2013-10-09 21:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-22 23:54 - 2013-10-09 21:43 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-22 17:50 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2013-09-22 17:49 - 2012-06-03 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-09-22 17:46 - 2013-09-01 19:28 - 00002052 _____ C:\Windows\epplauncher.mif 2013-09-22 17:04 - 2012-06-03 12:42 - 00000000 ____D C:\NVIDIA 2013-09-22 11:15 - 2013-09-22 11:15 - 00001180 _____ C:\Users\tds\Desktop\Ekipa ratunkowa.lnk 2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar.pl 2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\ProgramData\rionix 2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files (x86)\Alawar.pl 2013-09-21 04:38 - 2013-10-09 21:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-21 04:30 - 2013-10-09 21:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-21 03:48 - 2013-10-09 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-21 03:39 - 2013-10-09 21:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2011-09-28 17:18] - [2011-10-02 17:27] - 3331584 ____A (Microsoft Corporation) A5C29BFFF16F5685F06B9FA3D6F619C5 C:\Windows\SysWOW64\explorer.exe [2011-09-28 17:18] - [2011-10-02 14:39] - 3076096 ____A (Microsoft Corporation) D08A9A2955BCB86E8791961DE085FB05 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-14 15:40 ==================== End Of Log ============================