Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013 Ran by Szarik (administrator) on SZARIK-PC on 30-10-2013 15:38:08 Running from C:\Users\Szarik\Downloads Windows Seven Black Edition (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\userinit.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-10-20] (COMODO) HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/pl.special-uninstallation-feedback-app?lic=SUFKUzMtQlFCUk4tVkczOTktQUxCTFUtOVM2U0YtWg"&"inst=NzYtMjA2NzQyNjc0My1TVDEwT0krMS1ERFQrMC1TVDEwQVBQKzEtVEJDMTArMi1JTExJRCsxMjgxOTQ4MDc0LUlJU1IrNS1JSVNSVEUrMy1JSVNSVCsx"&"prod=94"&"ver=10.0.1432 [x] HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-04-25] (NEXON Inc.) HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony) HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKCU\...\Run: [SpeedUpMyComputer] - C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as MountPoints2: {1cb5b2c0-f6cb-11e2-a88d-806e6f6e6963} - H:\setup.exe MountPoints2: {a75d3228-1076-11e2-a73c-002215641aae} - I:\dvdcheck.exe MountPoints2: {e1bd4e50-cd03-11e2-b92c-002215641aae} - H:\Startme.exe MountPoints2: {e1bd4e6b-cd03-11e2-b92c-002215641aae} - H:\Startme.exe HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.) AppInit_DLLs-x32: c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=E6FE002215641AAE&affID=124742&tsp=5019 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=1367751374 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=1367751374 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=1367751374 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=1367751374 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=95&r=2013/05/08&hid=287001818&lg=EN&cc=PL&unqvl=14 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=1367751374 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=3407924 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=3407924 SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=3407924 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=95&r=2013/05/08&hid=287001818&lg=EN&cc=PL&unqvl=14 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E6FE002215641AAE&affID=124742&tsp=5019 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=vltnew&from=vltnew&uid=SAMSUNGXHD250HJ_S0URJ90P908526&ts=3407924 SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=95&r=2013/05/08&hid=287001818&lg=EN&cc=PL&unqvl=14 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Chrome: ======= CHR Extension: (YouTube) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Adblock Plus) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0 CHR Extension: (Google Search) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Search by Image (by Google)) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0 CHR Extension: (Tampermonkey) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.4.3568.10_0 CHR Extension: (Delta Toolbar) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.6_0 CHR Extension: (avast! Online Security) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0 CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0 CHR Extension: (Helper extension) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Battlefield Play4Free) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0 CHR Extension: (Gmail) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Szarik\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO) S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] () S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4230040 2013-04-14] (INCA Internet Co., Ltd.) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-13] () S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759248 2013-10-27] (Tunngle.net GmbH) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-09-24] (COMODO) S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-07] (DT Soft Ltd) S1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-04] () S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO) S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [131584 2008-09-12] (Saitek) S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-27] (Duplex Secure Ltd.) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 15:38 - 2013-10-30 15:38 - 00000000 ____D C:\FRST 2013-10-30 14:28 - 2013-10-30 14:28 - 00602112 _____ (OldTimer Tools) C:\Users\Szarik\Downloads\OTL.com 2013-10-30 14:27 - 2013-10-30 14:28 - 01956614 _____ (Farbar) C:\Users\Szarik\Downloads\FRST64.exe 2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Users\Szarik\AppData\Local\VirtualStore 2013-10-29 18:45 - 2013-10-29 18:45 - 00434560 _____ (Playtech) C:\Users\Szarik\Downloads\SetupCasino_ec7e1a.exe 2013-10-29 16:26 - 2013-10-29 16:56 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk 2013-10-28 21:52 - 2013-10-28 21:52 - 00003384 _____ C:\Windows\System32\Tasks\SidebarExecute 2013-10-28 21:52 - 2013-10-28 21:52 - 00000995 _____ C:\Users\Public\Desktop\Tunngle beta.lnk 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Public\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Program Files (x86)\Tunngle 2013-10-28 21:52 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys 2013-10-28 13:42 - 2013-10-28 13:42 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\SpaceEngineers 2013-10-28 13:18 - 2013-10-28 13:18 - 00262144 _____ C:\Windows\Minidump\102813-24304-01.dmp 2013-10-24 13:27 - 2013-10-24 13:27 - 00262144 _____ C:\Windows\Minidump\102413-23961-01.dmp 2013-10-23 13:57 - 2013-10-23 13:57 - 00001234 _____ C:\Users\Szarik\Desktop\KSP.exe — skrót.lnk 2013-10-21 21:55 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-21 21:54 - 2013-10-21 21:54 - 00004125 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-21 21:54 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-21 21:54 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-21 21:54 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-20 13:06 - 2013-10-20 13:48 - 00000000 ____D C:\Users\Szarik\Documents\Of Orcs and Men 2013-10-20 13:04 - 2013-10-20 13:06 - 00000972 _____ C:\Users\Public\Desktop\Of Orcs And Men.lnk 2013-10-18 18:00 - 2013-10-18 18:00 - 00000061 ___SH C:\Windows\cnerolf.bin 2013-10-17 18:27 - 2013-10-17 18:27 - 00000302 _____ C:\Users\Szarik\Desktop\vroute.info.appref-ms 2013-10-17 18:27 - 2013-10-17 18:27 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vroute 2013-10-17 12:36 - 2013-10-17 12:36 - 00262144 _____ C:\Windows\Minidump\101713-29577-01.dmp 2013-10-17 04:22 - 2013-10-17 04:23 - 00551368 _____ C:\Windows\Minidump\101713-35022-01.dmp 2013-10-16 15:04 - 2013-10-16 15:04 - 00000000 ____D C:\ProgramData\Saitek 2013-10-16 12:47 - 2013-10-16 12:52 - 00000000 ____D C:\Program Files (x86)\FSFDT 2013-10-16 12:47 - 2013-10-16 12:47 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSFDT 2013-10-15 15:14 - 2013-10-18 18:02 - 00000000 ____D C:\Users\Szarik\Documents\Pliki programu Flight Simulator X Demo 2013-10-15 15:07 - 2013-10-15 15:08 - 00000000 ____D C:\Users\Szarik\Documents\Flight Simulator X Files 2013-10-15 14:41 - 2013-10-15 14:41 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-14 17:51 - 2013-10-15 14:15 - 00001466 _____ C:\Users\Szarik\Desktop\fsx.exe — skrót.lnk 2013-10-14 17:48 - 2013-10-14 17:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-10-14 14:02 - 2013-10-14 14:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SaiK0836_01005.Wdf 2013-10-14 14:02 - 2008-09-12 08:31 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01005.dll 2013-10-14 14:01 - 2013-10-14 14:01 - 00000000 ____D C:\Users\Szarik\AppData\Local\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\ProgramData\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\Program Files\SmartTechnology 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Users\Szarik\AppData\Local\2K Games 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-10 16:47 - 2013-10-10 16:52 - 00000000 ____D C:\Users\Szarik\Desktop\AutoMapa 2013-10-05 11:21 - 2007-07-02 13:21 - 23592960 _____ (Philips Medical Systems Nederland B.V.) C:\Users\Szarik\Desktop\PMSDVIEW.EXE 2013-10-04 09:15 - 2013-10-04 09:15 - 00014888 _____ C:\Windows\system32\Drivers\hmd.sys ==================== One Month Modified Files and Folders ======= 2013-10-30 15:38 - 2013-10-30 15:38 - 00000000 ____D C:\FRST 2013-10-30 15:19 - 2012-10-02 15:47 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-30 15:02 - 2012-10-25 17:16 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-30 14:52 - 2012-10-02 16:00 - 02019516 _____ C:\Windows\system32\perfh015.dat 2013-10-30 14:52 - 2012-10-02 16:00 - 00583754 _____ C:\Windows\system32\perfc015.dat 2013-10-30 14:52 - 2009-07-14 06:13 - 00005582 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-30 14:50 - 2012-10-02 15:38 - 01665068 _____ C:\Windows\WindowsUpdate.log 2013-10-30 14:47 - 2013-06-02 22:17 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-10-30 14:47 - 2013-01-24 21:47 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2013-10-30 14:47 - 2012-10-02 15:47 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-30 14:46 - 2012-10-02 15:30 - 00099438 _____ C:\Windows\setupact.log 2013-10-30 14:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-30 14:42 - 2009-07-14 05:45 - 00013584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-30 14:42 - 2009-07-14 05:45 - 00013584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 14:28 - 2013-10-30 14:28 - 00602112 _____ (OldTimer Tools) C:\Users\Szarik\Downloads\OTL.com 2013-10-30 14:28 - 2013-10-30 14:27 - 01956614 _____ (Farbar) C:\Users\Szarik\Downloads\FRST64.exe 2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Users\Szarik\AppData\Local\VirtualStore 2013-10-30 08:43 - 2013-09-16 21:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-29 22:49 - 2013-09-16 17:23 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Comodo 2013-10-29 22:30 - 2013-09-16 14:50 - 00413884 _____ C:\Windows\system32\Drivers\fvstore.dat 2013-10-29 18:45 - 2013-10-29 18:45 - 00434560 _____ (Playtech) C:\Users\Szarik\Downloads\SetupCasino_ec7e1a.exe 2013-10-29 16:56 - 2013-10-29 16:26 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk 2013-10-29 16:26 - 2013-09-16 14:46 - 00000000 ____D C:\ProgramData\Comodo 2013-10-29 16:26 - 2013-09-16 14:46 - 00000000 ____D C:\Program Files\COMODO 2013-10-29 16:23 - 2012-10-07 19:07 - 00001954 _____ C:\Users\Public\Desktop\31.lnk 2013-10-29 06:10 - 2012-10-02 15:30 - 00224816 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-28 21:52 - 2013-10-28 21:52 - 00003384 _____ C:\Windows\System32\Tasks\SidebarExecute 2013-10-28 21:52 - 2013-10-28 21:52 - 00000995 _____ C:\Users\Public\Desktop\Tunngle beta.lnk 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Public\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Program Files (x86)\Tunngle 2013-10-28 21:52 - 2012-10-02 15:47 - 00048648 _____ C:\Users\Szarik\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-28 13:42 - 2013-10-28 13:42 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\SpaceEngineers 2013-10-28 13:18 - 2013-10-28 13:18 - 00262144 _____ C:\Windows\Minidump\102813-24304-01.dmp 2013-10-28 13:18 - 2012-11-17 01:21 - 00000000 ____D C:\Windows\Minidump 2013-10-27 22:39 - 2012-11-18 17:31 - 00000000 ____D C:\Users\Szarik\Desktop\zd 2013-10-25 17:46 - 2013-02-04 14:24 - 00000000 ____D C:\Users\Szarik\AppData\Local\Unity 2013-10-24 13:27 - 2013-10-24 13:27 - 00262144 _____ C:\Windows\Minidump\102413-23961-01.dmp 2013-10-23 13:57 - 2013-10-23 13:57 - 00001234 _____ C:\Users\Szarik\Desktop\KSP.exe — skrót.lnk 2013-10-23 04:24 - 2013-09-18 13:24 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-10-23 04:24 - 2013-06-04 11:54 - 00215154 _____ C:\Windows\DPINST.LOG 2013-10-23 04:23 - 2012-10-11 13:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-22 14:24 - 2013-09-21 09:43 - 00001598 _____ C:\Users\Szarik\Desktop\dragon.exe.lnk 2013-10-21 21:55 - 2013-09-18 05:59 - 00000000 ____D C:\ProgramData\Oracle 2013-10-21 21:54 - 2013-10-21 21:54 - 00004125 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-21 21:54 - 2013-09-18 05:59 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-20 13:48 - 2013-10-20 13:06 - 00000000 ____D C:\Users\Szarik\Documents\Of Orcs and Men 2013-10-20 13:06 - 2013-10-20 13:04 - 00000972 _____ C:\Users\Public\Desktop\Of Orcs And Men.lnk 2013-10-20 13:05 - 2012-10-02 15:37 - 00503263 _____ C:\Windows\DirectX.log 2013-10-18 18:02 - 2013-10-15 15:14 - 00000000 ____D C:\Users\Szarik\Documents\Pliki programu Flight Simulator X Demo 2013-10-18 18:00 - 2013-10-18 18:00 - 00000061 ___SH C:\Windows\cnerolf.bin 2013-10-17 18:27 - 2013-10-17 18:27 - 00000302 _____ C:\Users\Szarik\Desktop\vroute.info.appref-ms 2013-10-17 18:27 - 2013-10-17 18:27 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vroute 2013-10-17 18:27 - 2012-10-02 15:47 - 00000000 ____D C:\Users\Szarik\AppData\Local\Deployment 2013-10-17 12:36 - 2013-10-17 12:36 - 00262144 _____ C:\Windows\Minidump\101713-29577-01.dmp 2013-10-17 04:23 - 2013-10-17 04:22 - 00551368 _____ C:\Windows\Minidump\101713-35022-01.dmp 2013-10-17 04:22 - 2012-10-02 15:30 - 00131166 _____ C:\Windows\PFRO.log 2013-10-16 18:04 - 2013-01-23 17:17 - 00000000 ____D C:\Program Files (x86)\Mumble 2013-10-16 18:01 - 2013-09-01 12:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-10-16 18:00 - 2013-05-26 17:30 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-16 18:00 - 2013-03-28 13:46 - 00000000 ____D C:\ProgramData\Skype 2013-10-16 17:58 - 2012-12-23 14:29 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\TS3Client 2013-10-16 17:57 - 2013-09-18 20:42 - 00000000 ____D C:\Program Files (x86)\Super Mouse Auto Clicker 2013-10-16 17:56 - 2013-07-27 15:43 - 00000000 ____D C:\Users\Szarik\AppData\Local\Lollipop 2013-10-16 17:56 - 2013-04-15 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-16 17:53 - 2013-04-28 09:11 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2013-10-16 17:46 - 2013-06-16 12:18 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-10-16 15:04 - 2013-10-16 15:04 - 00000000 ____D C:\ProgramData\Saitek 2013-10-16 12:52 - 2013-10-16 12:47 - 00000000 ____D C:\Program Files (x86)\FSFDT 2013-10-16 12:47 - 2013-10-16 12:47 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSFDT 2013-10-15 15:08 - 2013-10-15 15:07 - 00000000 ____D C:\Users\Szarik\Documents\Flight Simulator X Files 2013-10-15 14:41 - 2013-10-15 14:41 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-15 14:15 - 2013-10-14 17:51 - 00001466 _____ C:\Users\Szarik\Desktop\fsx.exe — skrót.lnk 2013-10-14 17:48 - 2013-10-14 17:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-10-14 14:02 - 2013-10-14 14:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SaiK0836_01005.Wdf 2013-10-14 14:01 - 2013-10-14 14:01 - 00000000 ____D C:\Users\Szarik\AppData\Local\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\ProgramData\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\Program Files\SmartTechnology 2013-10-14 09:05 - 2013-03-28 13:47 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Skype 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Users\Szarik\AppData\Local\2K Games 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-10 20:29 - 2013-09-16 14:50 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll 2013-10-10 20:29 - 2013-09-16 14:50 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll 2013-10-10 20:29 - 2013-09-16 14:50 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-10-10 16:52 - 2013-10-10 16:47 - 00000000 ____D C:\Users\Szarik\Desktop\AutoMapa 2013-10-08 06:50 - 2013-10-21 21:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-08 06:46 - 2013-10-21 21:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-08 06:46 - 2013-10-21 21:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-08 06:46 - 2013-10-21 21:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-08 05:02 - 2012-10-25 17:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 05:02 - 2012-10-25 17:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-08 05:02 - 2012-10-25 17:16 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-07 06:14 - 2012-10-02 15:47 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-07 06:14 - 2012-10-02 15:47 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-04 09:15 - 2013-10-04 09:15 - 00014888 _____ C:\Windows\system32\Drivers\hmd.sys 2013-10-03 18:04 - 2013-09-16 19:39 - 00001090 _____ C:\Users\Szarik\Desktop\MSI Afterburner.lnk 2013-09-30 14:56 - 2012-12-23 14:29 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-09-30 14:54 - 2013-09-28 13:07 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software Some content of TEMP: ==================== C:\Users\Szarik\AppData\Local\Temp\12-8_vista_win7_win8_64_dd_ccc.exe C:\Users\Szarik\AppData\Local\Temp\appshat-distribution.exe C:\Users\Szarik\AppData\Local\Temp\AskToolbarInstaller.exe C:\Users\Szarik\AppData\Local\Temp\AVG.exe C:\Users\Szarik\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Szarik\AppData\Local\Temp\conduitinstaller.exe C:\Users\Szarik\AppData\Local\Temp\DELA009.EXE C:\Users\Szarik\AppData\Local\Temp\DeltaTB.exe C:\Users\Szarik\AppData\Local\Temp\detectionapi_rd.dll C:\Users\Szarik\AppData\Local\Temp\detectionui_r.exe C:\Users\Szarik\AppData\Local\Temp\directx10tests_rd.dll C:\Users\Szarik\AppData\Local\Temp\directx11tests_rd.dll C:\Users\Szarik\AppData\Local\Temp\directx9tests_rd.dll C:\Users\Szarik\AppData\Local\Temp\drm_dialogs.dll C:\Users\Szarik\AppData\Local\Temp\drm_dyndata_7330014.dll C:\Users\Szarik\AppData\Local\Temp\DTLite4461-0327.exe C:\Users\Szarik\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Szarik\AppData\Local\Temp\GomEncDnInstaller.exe C:\Users\Szarik\AppData\Local\Temp\ICReinstall_Alcohol120_trial_Downloader.exe C:\Users\Szarik\AppData\Local\Temp\ICReinstall_VuuPC_setup.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Szarik\AppData\Local\Temp\local.dll C:\Users\Szarik\AppData\Local\Temp\mconduitinstaller.exe C:\Users\Szarik\AppData\Local\Temp\mism.exe C:\Users\Szarik\AppData\Local\Temp\NGM.exe C:\Users\Szarik\AppData\Local\Temp\NGMDll.dll C:\Users\Szarik\AppData\Local\Temp\NGMResource.dll C:\Users\Szarik\AppData\Local\Temp\SkypeSetup.exe C:\Users\Szarik\AppData\Local\Temp\SpeedUpMyComputer.exe C:\Users\Szarik\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Szarik\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Szarik\AppData\Local\Temp\tmp6C87.exe C:\Users\Szarik\AppData\Local\Temp\tmpD94E.exe C:\Users\Szarik\AppData\Local\Temp\ubi7A5E.tmp.exe C:\Users\Szarik\AppData\Local\Temp\ubiAA63.tmp.exe C:\Users\Szarik\AppData\Local\Temp\unicows.dll C:\Users\Szarik\AppData\Local\Temp\uninst1.exe C:\Users\Szarik\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Szarik\AppData\Local\Temp\Uninstaller-4672.exe C:\Users\Szarik\AppData\Local\Temp\_is1FA2.exe C:\Users\Szarik\AppData\Local\Temp\_is256A.exe C:\Users\Szarik\AppData\Local\Temp\_is29ED.exe C:\Users\Szarik\AppData\Local\Temp\_is2B74.exe C:\Users\Szarik\AppData\Local\Temp\_is2EEC.exe C:\Users\Szarik\AppData\Local\Temp\_is3DCA.exe C:\Users\Szarik\AppData\Local\Temp\_is5F30.exe C:\Users\Szarik\AppData\Local\Temp\_is619F.exe C:\Users\Szarik\AppData\Local\Temp\_is6400.exe C:\Users\Szarik\AppData\Local\Temp\_is7149.exe C:\Users\Szarik\AppData\Local\Temp\_is730D.exe C:\Users\Szarik\AppData\Local\Temp\_is9EBE.exe C:\Users\Szarik\AppData\Local\Temp\_isC265.exe C:\Users\Szarik\AppData\Local\Temp\_isC5F.exe C:\Users\Szarik\AppData\Local\Temp\_isD6FD.exe C:\Users\Szarik\AppData\Local\Temp\_isD816.exe C:\Users\Szarik\AppData\Local\Temp\_isEC90.exe C:\Users\Szarik\AppData\Local\Temp\_isFF45.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-22 06:34 ==================== End Of Log ============================