Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by Szarik (administrator) on SZARIK-PC on 03-11-2013 16:53:28 Running from C:\Users\Szarik\Downloads Windows Seven Black Edition (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\vVX3000.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe (Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-10-20] (COMODO) HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/pl.special-uninstallation-feedback-app?lic=SUFKUzMtQlFCUk4tVkczOTktQUxCTFUtOVM2U0YtWg"&"inst=NzYtMjA2NzQyNjc0My1TVDEwT0krMS1ERFQrMC1TVDEwQVBQKzEtVEJDMTArMi1JTExJRCsxMjgxOTQ4MDc0LUlJU1IrNS1JSVNSVEUrMy1JSVNSVCsx"&"prod=94"&"ver=10.0.1432 [x] HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-04-25] (NEXON Inc.) HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony) HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) MountPoints2: {1cb5b2c0-f6cb-11e2-a88d-806e6f6e6963} - H:\setup.exe MountPoints2: {a75d3228-1076-11e2-a73c-002215641aae} - I:\dvdcheck.exe MountPoints2: {e1bd4e50-cd03-11e2-b92c-002215641aae} - H:\Startme.exe MountPoints2: {e1bd4e6b-cd03-11e2-b92c-002215641aae} - H:\Startme.exe HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.) AppInit_DLLs-x32: [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (SearchGol) - http://www.google.com CHR DefaultSuggestURL: (SearchGol) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Battlefield Play4Free Updater) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\npBP4FUpdater.dll (EA Digital Illusions CE AB) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Heroes & Generals live) - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (YouTube) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Adblock Plus) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0 CHR Extension: (Google Search) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Search by Image (by Google)) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0 CHR Extension: (Tampermonkey) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.4.3568.10_0 CHR Extension: (avast! Online Security) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0 CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Battlefield Play4Free) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0 CHR Extension: (Gmail) - C:\Users\Szarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Szarik\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] () R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4230040 2013-04-14] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-13] () S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759248 2013-10-27] (Tunngle.net GmbH) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-09-24] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO) R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO) S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [131584 2008-09-12] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S0 sptd; \SystemRoot\System32\Drivers\sptd.sys [x] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x] U3 pfdiqpob; \??\C:\Users\Szarik\AppData\Local\Temp\pfdiqpob.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-03 16:52 - 2013-11-03 16:52 - 00076262 _____ C:\Users\Szarik\Downloads\Extras.Txt 2013-11-03 16:51 - 2013-11-03 16:51 - 00095252 _____ C:\Users\Szarik\Downloads\OTL.Txt 2013-11-03 16:33 - 2013-11-03 16:33 - 00621568 _____ (Duplex Secure Ltd.) C:\Users\Szarik\Downloads\SPTDinst-v184-x64.exe 2013-11-03 16:29 - 2013-11-03 16:53 - 00000000 ____D C:\Users\Szarik\Desktop\NOWE LOGI 2013-11-03 15:25 - 2013-11-03 15:25 - 00000000 ____D C:\_OTL 2013-11-03 14:56 - 2013-11-03 14:57 - 00275696 _____ C:\Windows\Minidump\110313-24086-01.dmp 2013-11-03 14:22 - 2013-11-03 14:22 - 01957098 _____ (Farbar) C:\Users\Szarik\Downloads\FRST64.exe 2013-11-03 13:58 - 2013-11-03 16:10 - 00000000 ____D C:\AdwCleaner 2013-11-03 13:58 - 2013-11-03 13:58 - 01060070 _____ C:\Users\Szarik\Downloads\adwcleaner.exe 2013-10-30 20:28 - 2013-10-30 20:28 - 00000000 ____D C:\Users\Szarik\Downloads\gmer 2013-10-30 15:38 - 2013-10-30 15:38 - 00000000 ____D C:\FRST 2013-10-30 14:28 - 2013-10-30 14:28 - 00602112 _____ (OldTimer Tools) C:\Users\Szarik\Downloads\OTL.com 2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Users\Szarik\AppData\Local\VirtualStore 2013-10-29 16:26 - 2013-10-29 16:56 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk 2013-10-28 21:52 - 2013-10-28 21:52 - 00003384 _____ C:\Windows\System32\Tasks\SidebarExecute 2013-10-28 21:52 - 2013-10-28 21:52 - 00000995 _____ C:\Users\Public\Desktop\Tunngle beta.lnk 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Public\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Program Files (x86)\Tunngle 2013-10-28 21:52 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys 2013-10-28 13:42 - 2013-10-28 13:42 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\SpaceEngineers 2013-10-28 13:18 - 2013-10-28 13:18 - 00262144 _____ C:\Windows\Minidump\102813-24304-01.dmp 2013-10-24 13:27 - 2013-10-24 13:27 - 00262144 _____ C:\Windows\Minidump\102413-23961-01.dmp 2013-10-23 13:57 - 2013-10-23 13:57 - 00001234 _____ C:\Users\Szarik\Desktop\KSP.exe — skrót.lnk 2013-10-21 21:55 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-21 21:54 - 2013-10-21 21:54 - 00004125 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-21 21:54 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-21 21:54 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-21 21:54 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-20 13:06 - 2013-10-20 13:48 - 00000000 ____D C:\Users\Szarik\Documents\Of Orcs and Men 2013-10-20 13:04 - 2013-10-20 13:06 - 00000972 _____ C:\Users\Public\Desktop\Of Orcs And Men.lnk 2013-10-18 18:00 - 2013-10-18 18:00 - 00000061 ___SH C:\Windows\cnerolf.bin 2013-10-17 18:27 - 2013-10-17 18:27 - 00000302 _____ C:\Users\Szarik\Desktop\vroute.info.appref-ms 2013-10-17 18:27 - 2013-10-17 18:27 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vroute 2013-10-17 12:36 - 2013-10-17 12:36 - 00262144 _____ C:\Windows\Minidump\101713-29577-01.dmp 2013-10-17 04:22 - 2013-10-17 04:23 - 00551368 _____ C:\Windows\Minidump\101713-35022-01.dmp 2013-10-16 15:04 - 2013-10-16 15:04 - 00000000 ____D C:\ProgramData\Saitek 2013-10-16 12:47 - 2013-10-16 12:52 - 00000000 ____D C:\Program Files (x86)\FSFDT 2013-10-16 12:47 - 2013-10-16 12:47 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSFDT 2013-10-15 15:14 - 2013-10-18 18:02 - 00000000 ____D C:\Users\Szarik\Documents\Pliki programu Flight Simulator X Demo 2013-10-15 15:07 - 2013-10-15 15:08 - 00000000 ____D C:\Users\Szarik\Documents\Flight Simulator X Files 2013-10-15 14:41 - 2013-10-15 14:41 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-14 17:51 - 2013-10-15 14:15 - 00001466 _____ C:\Users\Szarik\Desktop\fsx.exe — skrót.lnk 2013-10-14 17:48 - 2013-10-14 17:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-10-14 14:02 - 2013-10-14 14:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SaiK0836_01005.Wdf 2013-10-14 14:02 - 2008-09-12 08:31 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01005.dll 2013-10-14 14:01 - 2013-10-14 14:01 - 00000000 ____D C:\Users\Szarik\AppData\Local\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\ProgramData\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\Program Files\SmartTechnology 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Users\Szarik\AppData\Local\2K Games 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-10 16:47 - 2013-10-10 16:52 - 00000000 ____D C:\Users\Szarik\Desktop\AutoMapa 2013-10-07 06:17 - 2013-10-07 06:17 - 00014888 _____ C:\Windows\system32\Drivers\hmd.sys 2013-10-05 11:21 - 2007-07-02 13:21 - 23592960 _____ (Philips Medical Systems Nederland B.V.) C:\Users\Szarik\Desktop\PMSDVIEW.EXE ==================== One Month Modified Files and Folders ======= 2013-11-03 16:53 - 2013-11-03 16:29 - 00000000 ____D C:\Users\Szarik\Desktop\NOWE LOGI 2013-11-03 16:52 - 2013-11-03 16:52 - 00076262 _____ C:\Users\Szarik\Downloads\Extras.Txt 2013-11-03 16:51 - 2013-11-03 16:51 - 00095252 _____ C:\Users\Szarik\Downloads\OTL.Txt 2013-11-03 16:39 - 2012-10-02 15:38 - 01685542 _____ C:\Windows\WindowsUpdate.log 2013-11-03 16:36 - 2012-10-02 15:47 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-03 16:36 - 2012-10-02 15:30 - 00099942 _____ C:\Windows\setupact.log 2013-11-03 16:36 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-03 16:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-03 16:33 - 2013-11-03 16:33 - 00621568 _____ (Duplex Secure Ltd.) C:\Users\Szarik\Downloads\SPTDinst-v184-x64.exe 2013-11-03 16:26 - 2012-10-02 15:30 - 00132022 _____ C:\Windows\PFRO.log 2013-11-03 16:19 - 2012-10-02 15:47 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-03 16:10 - 2013-11-03 13:58 - 00000000 ____D C:\AdwCleaner 2013-11-03 16:10 - 2009-07-14 05:45 - 00013584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-03 16:10 - 2009-07-14 05:45 - 00013584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-03 16:02 - 2012-10-25 17:16 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-03 15:25 - 2013-11-03 15:25 - 00000000 ____D C:\_OTL 2013-11-03 14:57 - 2013-11-03 14:56 - 00275696 _____ C:\Windows\Minidump\110313-24086-01.dmp 2013-11-03 14:56 - 2012-11-17 01:21 - 00000000 ____D C:\Windows\Minidump 2013-11-03 14:22 - 2013-11-03 14:22 - 01957098 _____ (Farbar) C:\Users\Szarik\Downloads\FRST64.exe 2013-11-03 14:18 - 2013-09-18 13:24 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-11-03 14:18 - 2013-06-04 11:54 - 00223626 _____ C:\Windows\DPINST.LOG 2013-11-03 14:18 - 2012-10-11 13:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-03 14:00 - 2013-09-28 13:07 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2013-11-03 14:00 - 2012-10-02 15:47 - 00001031 _____ C:\Users\Szarik\Desktop\Google Chrome.lnk 2013-11-03 14:00 - 2012-10-02 15:38 - 00000933 _____ C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-03 14:00 - 2012-10-02 15:38 - 00000865 _____ C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-11-03 13:58 - 2013-11-03 13:58 - 01060070 _____ C:\Users\Szarik\Downloads\adwcleaner.exe 2013-11-03 13:56 - 2013-09-16 21:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-30 20:28 - 2013-10-30 20:28 - 00000000 ____D C:\Users\Szarik\Downloads\gmer 2013-10-30 15:38 - 2013-10-30 15:38 - 00000000 ____D C:\FRST 2013-10-30 14:52 - 2012-10-02 16:00 - 02019516 _____ C:\Windows\system32\perfh015.dat 2013-10-30 14:52 - 2012-10-02 16:00 - 00583754 _____ C:\Windows\system32\perfc015.dat 2013-10-30 14:52 - 2009-07-14 06:13 - 00005582 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-30 14:28 - 2013-10-30 14:28 - 00602112 _____ (OldTimer Tools) C:\Users\Szarik\Downloads\OTL.com 2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Users\Szarik\AppData\Local\VirtualStore 2013-10-29 22:49 - 2013-09-16 17:23 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Comodo 2013-10-29 22:30 - 2013-09-16 14:50 - 00413884 _____ C:\Windows\system32\Drivers\fvstore.dat 2013-10-29 16:56 - 2013-10-29 16:26 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk 2013-10-29 16:26 - 2013-09-16 14:46 - 00000000 ____D C:\ProgramData\Comodo 2013-10-29 16:26 - 2013-09-16 14:46 - 00000000 ____D C:\Program Files\COMODO 2013-10-29 16:23 - 2012-10-07 19:07 - 00001954 _____ C:\Users\Public\Desktop\31.lnk 2013-10-29 06:10 - 2012-10-02 15:30 - 00224816 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-28 21:52 - 2013-10-28 21:52 - 00003384 _____ C:\Windows\System32\Tasks\SidebarExecute 2013-10-28 21:52 - 2013-10-28 21:52 - 00000995 _____ C:\Users\Public\Desktop\Tunngle beta.lnk 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Users\Public\Documents\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Tunngle 2013-10-28 21:52 - 2013-10-28 21:52 - 00000000 ____D C:\Program Files (x86)\Tunngle 2013-10-28 21:52 - 2012-10-02 15:47 - 00048648 _____ C:\Users\Szarik\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-28 13:42 - 2013-10-28 13:42 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\SpaceEngineers 2013-10-28 13:18 - 2013-10-28 13:18 - 00262144 _____ C:\Windows\Minidump\102813-24304-01.dmp 2013-10-27 22:39 - 2012-11-18 17:31 - 00000000 ____D C:\Users\Szarik\Desktop\zd 2013-10-25 17:46 - 2013-02-04 14:24 - 00000000 ____D C:\Users\Szarik\AppData\Local\Unity 2013-10-24 13:27 - 2013-10-24 13:27 - 00262144 _____ C:\Windows\Minidump\102413-23961-01.dmp 2013-10-23 13:57 - 2013-10-23 13:57 - 00001234 _____ C:\Users\Szarik\Desktop\KSP.exe — skrót.lnk 2013-10-22 14:24 - 2013-09-21 09:43 - 00001598 _____ C:\Users\Szarik\Desktop\dragon.exe.lnk 2013-10-21 21:55 - 2013-09-18 05:59 - 00000000 ____D C:\ProgramData\Oracle 2013-10-21 21:54 - 2013-10-21 21:54 - 00004125 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-21 21:54 - 2013-09-18 05:59 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-20 13:48 - 2013-10-20 13:06 - 00000000 ____D C:\Users\Szarik\Documents\Of Orcs and Men 2013-10-20 13:06 - 2013-10-20 13:04 - 00000972 _____ C:\Users\Public\Desktop\Of Orcs And Men.lnk 2013-10-20 13:05 - 2012-10-02 15:37 - 00503263 _____ C:\Windows\DirectX.log 2013-10-18 18:02 - 2013-10-15 15:14 - 00000000 ____D C:\Users\Szarik\Documents\Pliki programu Flight Simulator X Demo 2013-10-18 18:00 - 2013-10-18 18:00 - 00000061 ___SH C:\Windows\cnerolf.bin 2013-10-17 18:27 - 2013-10-17 18:27 - 00000302 _____ C:\Users\Szarik\Desktop\vroute.info.appref-ms 2013-10-17 18:27 - 2013-10-17 18:27 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vroute 2013-10-17 18:27 - 2012-10-02 15:47 - 00000000 ____D C:\Users\Szarik\AppData\Local\Deployment 2013-10-17 12:36 - 2013-10-17 12:36 - 00262144 _____ C:\Windows\Minidump\101713-29577-01.dmp 2013-10-17 04:23 - 2013-10-17 04:22 - 00551368 _____ C:\Windows\Minidump\101713-35022-01.dmp 2013-10-16 18:04 - 2013-01-23 17:17 - 00000000 ____D C:\Program Files (x86)\Mumble 2013-10-16 18:01 - 2013-09-01 12:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-10-16 18:00 - 2013-05-26 17:30 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-16 18:00 - 2013-03-28 13:46 - 00000000 ____D C:\ProgramData\Skype 2013-10-16 17:58 - 2012-12-23 14:29 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\TS3Client 2013-10-16 17:57 - 2013-09-18 20:42 - 00000000 ____D C:\Program Files (x86)\Super Mouse Auto Clicker 2013-10-16 17:56 - 2013-04-15 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-16 17:53 - 2013-04-28 09:11 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2013-10-16 17:46 - 2013-06-16 12:18 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-10-16 15:04 - 2013-10-16 15:04 - 00000000 ____D C:\ProgramData\Saitek 2013-10-16 12:52 - 2013-10-16 12:47 - 00000000 ____D C:\Program Files (x86)\FSFDT 2013-10-16 12:47 - 2013-10-16 12:47 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSFDT 2013-10-15 15:08 - 2013-10-15 15:07 - 00000000 ____D C:\Users\Szarik\Documents\Flight Simulator X Files 2013-10-15 14:41 - 2013-10-15 14:41 - 00000000 ____D C:\Windows\PCHEALTH 2013-10-15 14:15 - 2013-10-14 17:51 - 00001466 _____ C:\Users\Szarik\Desktop\fsx.exe — skrót.lnk 2013-10-14 17:48 - 2013-10-14 17:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-10-14 14:02 - 2013-10-14 14:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SaiK0836_01005.Wdf 2013-10-14 14:01 - 2013-10-14 14:01 - 00000000 ____D C:\Users\Szarik\AppData\Local\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\ProgramData\SmartTechnology 2013-10-14 13:59 - 2013-10-14 13:59 - 00000000 ____D C:\Program Files\SmartTechnology 2013-10-14 09:05 - 2013-03-28 13:47 - 00000000 ____D C:\Users\Szarik\AppData\Roaming\Skype 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Users\Szarik\AppData\Local\2K Games 2013-10-11 18:09 - 2013-10-11 18:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-10 20:29 - 2013-09-16 14:50 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll 2013-10-10 20:29 - 2013-09-16 14:50 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll 2013-10-10 20:29 - 2013-09-16 14:50 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-10-10 16:52 - 2013-10-10 16:47 - 00000000 ____D C:\Users\Szarik\Desktop\AutoMapa 2013-10-08 06:50 - 2013-10-21 21:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-08 06:46 - 2013-10-21 21:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-08 06:46 - 2013-10-21 21:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-08 06:46 - 2013-10-21 21:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-08 05:02 - 2012-10-25 17:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 05:02 - 2012-10-25 17:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-08 05:02 - 2012-10-25 17:16 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-07 06:17 - 2013-10-07 06:17 - 00014888 _____ C:\Windows\system32\Drivers\hmd.sys 2013-10-07 06:14 - 2012-10-02 15:47 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-07 06:14 - 2012-10-02 15:47 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Szarik\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-03 15:49 ==================== End Of Log ============================