Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Admin (administrator) on ASUSP8Z68VLX on 30-12-2013 21:14:29 Running from C:\Users\Admin\Downloads Windows 7 Enterprise Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (TeamSpeak Systems GmbH) D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (GG Network S.A.) C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Wargaming.net) D:\Games\World_of_Tanks\WorldOfTanks.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Gadu-Gadu 10\open-fm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4035152 2011-09-22] (ESET) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-19] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) MountPoints2: {ec52d79c-a81a-11e2-917d-c8600069c87c} - E:\NokiaPCIA_Autorun.exe AppInit_DLLs-x32: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{7349778E-8954-41F6-9B57-37C4FEF42861}: [NameServer]194.247.62.6 195.69.80.12 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mikus8mx.default FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=128 FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mikus8mx.default\searchplugins\safeguard-secure-search.xml FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: hxxp://www.google.pl/ CHR RestoreOnStartup: "hxxp://www.google.pl/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Application Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Admin\AppData\Local\Temp\ccex.crx ==================== Services (Whitelisted) ================= R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-09-22] (ESET) S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-03-31] () S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-09] () ==================== Drivers (Whitelisted) ==================== S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET) R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-03-29] (ASUSTeK Computer Inc.) S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-03-31] () R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) U3 ajgywa90; C:\Windows\System32\Drivers\ajgywa90.sys [0 ] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-30 21:14 - 2013-12-30 21:14 - 00016844 _____ C:\Users\Admin\Downloads\FRST.txt 2013-12-30 21:13 - 2013-12-30 21:13 - 01931302 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2013-12-30 21:13 - 2013-12-30 21:13 - 00000000 ____D C:\FRST 2013-12-29 17:55 - 2013-12-29 17:55 - 00018691 _____ C:\Users\Admin\Downloads\Confingi XVM.rar 2013-12-29 17:44 - 2013-12-29 17:44 - 00025920 _____ C:\Users\Admin\Downloads\RadialMenu_2.5.7_810.zip 2013-12-29 17:42 - 2013-12-29 17:42 - 01285273 _____ C:\Users\Admin\Downloads\sauron 8.10 +sound.zip 2013-12-29 17:33 - 2013-12-29 17:34 - 01859702 _____ C:\Users\Admin\Downloads\J1mB0_s_Crosshair_Mod_v1.35.zip 2013-12-28 12:16 - 2013-12-28 12:16 - 00086624 _____ C:\Users\Admin\Downloads\Extras.Txt 2013-12-28 12:15 - 2013-12-28 12:15 - 00088924 _____ C:\Users\Admin\Downloads\OTL.Txt 2013-12-28 12:08 - 2013-12-28 12:08 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Downloads\OTL.exe 2013-12-26 21:50 - 2013-12-26 21:50 - 00903832 _____ C:\Users\Admin\Downloads\yet_another_cleaner.exe 2013-12-25 16:27 - 2013-12-25 16:27 - 01050264 _____ (Unity Technologies ApS) C:\Users\Admin\Downloads\UnityWebPlayer (1).exe 2013-12-24 00:50 - 2013-12-24 00:50 - 07287268 _____ C:\Users\Admin\Downloads\xvm-5.0.2-test1.zip 2013-12-19 22:25 - 2013-12-19 22:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-07 08:45 - 2013-12-19 23:54 - 00002888 _____ C:\Windows\PFRO.log 2013-12-06 16:05 - 2013-12-06 16:05 - 03821064 _____ C:\Users\Admin\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-04 15:18 - 2013-12-04 15:18 - 00000000 ____D C:\Users\Admin\Desktop\sho 2013-12-01 19:40 - 2013-12-01 19:41 - 30348727 _____ C:\Users\Admin\Downloads\New Archiwum WinRARa.rar ==================== One Month Modified Files and Folders ======= 2013-12-30 21:14 - 2013-12-30 21:14 - 00016844 _____ C:\Users\Admin\Downloads\FRST.txt 2013-12-30 21:13 - 2013-12-30 21:13 - 01931302 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2013-12-30 21:13 - 2013-12-30 21:13 - 00000000 ____D C:\FRST 2013-12-30 21:10 - 2012-12-31 00:13 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-30 21:03 - 2012-03-29 20:38 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{82628F1C-6264-4803-A1A2-3A7A04150B0B} 2013-12-30 20:35 - 2012-12-05 18:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client 2013-12-30 20:30 - 2012-04-08 09:44 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-30 09:30 - 2012-04-08 09:44 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-30 08:04 - 2012-03-29 20:06 - 01075288 _____ C:\Windows\WindowsUpdate.log 2013-12-30 08:00 - 2013-11-09 18:33 - 00005492 _____ C:\Windows\setupact.log 2013-12-30 08:00 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-29 17:55 - 2013-12-29 17:55 - 00018691 _____ C:\Users\Admin\Downloads\Confingi XVM.rar 2013-12-29 17:44 - 2013-12-29 17:44 - 00025920 _____ C:\Users\Admin\Downloads\RadialMenu_2.5.7_810.zip 2013-12-29 17:42 - 2013-12-29 17:42 - 01285273 _____ C:\Users\Admin\Downloads\sauron 8.10 +sound.zip 2013-12-29 17:34 - 2013-12-29 17:33 - 01859702 _____ C:\Users\Admin\Downloads\J1mB0_s_Crosshair_Mod_v1.35.zip 2013-12-29 00:26 - 2013-08-09 21:05 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-12-29 00:26 - 2012-08-14 22:40 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2013-12-28 22:39 - 2012-07-14 15:21 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-12-28 12:16 - 2013-12-28 12:16 - 00086624 _____ C:\Users\Admin\Downloads\Extras.Txt 2013-12-28 12:15 - 2013-12-28 12:15 - 00088924 _____ C:\Users\Admin\Downloads\OTL.Txt 2013-12-28 12:08 - 2013-12-28 12:08 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Downloads\OTL.exe 2013-12-27 22:48 - 2012-03-31 19:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype 2013-12-27 22:28 - 2012-12-12 19:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tibia 2013-12-27 14:00 - 2012-12-13 18:23 - 00000000 ____D C:\Users\Admin\Desktop\Nowy folder 2013-12-27 02:31 - 2009-07-14 05:45 - 00010528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-27 02:31 - 2009-07-14 05:45 - 00010528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-26 21:50 - 2013-12-26 21:50 - 00903832 _____ C:\Users\Admin\Downloads\yet_another_cleaner.exe 2013-12-25 16:27 - 2013-12-25 16:27 - 01050264 _____ (Unity Technologies ApS) C:\Users\Admin\Downloads\UnityWebPlayer (1).exe 2013-12-24 00:50 - 2013-12-24 00:50 - 07287268 _____ C:\Users\Admin\Downloads\xvm-5.0.2-test1.zip 2013-12-23 13:27 - 2013-05-29 22:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2013-12-23 13:27 - 2012-04-01 15:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment 2013-12-19 23:54 - 2013-12-07 08:45 - 00002888 _____ C:\Windows\PFRO.log 2013-12-19 22:26 - 2013-12-19 22:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-18 19:21 - 2012-11-06 16:39 - 00000000 ____D C:\ProgramData\WarThunder 2013-12-14 11:41 - 2009-07-14 13:43 - 00701244 _____ C:\Windows\system32\perfh015.dat 2013-12-14 11:41 - 2009-07-14 13:43 - 00136262 _____ C:\Windows\system32\perfc015.dat 2013-12-14 11:41 - 2009-07-14 06:13 - 01558616 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-11 15:10 - 2012-12-31 00:13 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 15:10 - 2012-03-29 20:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 15:10 - 2012-03-29 20:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 07:31 - 2012-04-08 09:44 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-08 20:16 - 2012-04-04 19:18 - 00000000 ____D C:\Users\Admin\Documents\FIFA 11 2013-12-07 11:49 - 2012-04-04 15:40 - 00000077 _____ C:\Users\Admin\AppData\default.pls 2013-12-07 08:45 - 2012-08-14 22:36 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-12-06 16:05 - 2013-12-06 16:05 - 03821064 _____ C:\Users\Admin\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-04 21:47 - 2012-04-19 08:00 - 00000000 ____D C:\Users\Admin\Documents\Pliki programu Outlook 2013-12-04 15:18 - 2013-12-04 15:18 - 00000000 ____D C:\Users\Admin\Desktop\sho 2013-12-02 16:58 - 2012-04-01 19:58 - 00000000 ____D C:\Users\Admin\Desktop\NSP 2013-12-01 19:41 - 2013-12-01 19:40 - 30348727 _____ C:\Users\Admin\Downloads\New Archiwum WinRARa.rar Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\gg10.upgr.exe C:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 08:50 ==================== End Of Log ============================