Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04 Ran by Piotr (administrator) on PTV01 on 20-01-2014 10:34:31 Running from C:\Program Files Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe () C:\Windows\runservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\schtasks.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe () C:\Program Files (x86)\Vtune\TBPANEL.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe () C:\Windows\Temp\svchost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2919168 2010-11-04] (ESET) HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.) HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [PowerDVD12DMREngine] - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink) HKLM-x32\...\Run: [PowerDVD12Agent] - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [371256 2012-01-12] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe] - C:\Users\Piotr\AppData\Roaming\Adobe\color.vbe [83402 2013-07-17] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Bonus.SSR.FR10] - C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2013-10-26] (ABBYY.) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKCU\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2158592 2010-09-02] () HKCU\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2013-01-10] (Tonec Inc.) HKCU\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.) HKCU\...\Run: [Adobe Updater] - C:\Users\Piotr\AppData\Roaming\flash_update.exe [694784 2014-01-06] (Adobe Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.) URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {73D36974-3479-47e9-9184-79AEE5B3DB41} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112185&tt=3612_4&babsrc=SP_ss&mntrId=0ed270e50000000000001c6f65910efc SearchScopes: HKCU - {73D36974-3479-47e9-9184-79AEE5B3DB41} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {9CB15BAF-27D8-472f-ABAB-64B57C777CA5} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 31.41.176.2 31.41.176.12 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-04-24] FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Piotr\AppData\Roaming\IDM\idmmzcc3 FF Extension: IDM CC - C:\Users\Piotr\AppData\Roaming\IDM\idmmzcc3 [2012-05-26] FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Piotr\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Piotr\AppData\Roaming\IDM\idmmzcc5 [2013-04-20] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Users\Piotr\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Piotr\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Piotr\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (Docs) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-29] CHR Extension: (Dysk Google) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-29] CHR Extension: (YouTube) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-29] CHR Extension: (Szukaj w Google) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-29] CHR Extension: (Gmail) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-29] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-10] (ABBYY) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2010-11-04] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2010-11-04] (ESET) R2 LicCtrlService; C:\Windows\runservice.exe [16384 2012-04-07] () S3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe [5029376 2010-05-15] (Moonware Studios) S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x] S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [x] ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2012-04-07] () R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170104 2010-09-03] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-07-29] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [126320 2010-07-29] (ESET) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-12-06] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2011-04-24] () R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-05-11] (Duplex Secure Ltd.) S3 TBPanel; No ImagePath R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 10:13 - 2014-01-20 10:13 - 00000582 _____ C:\Users\Piotr\Desktop\defogger_disable.log 2014-01-20 10:13 - 2014-01-20 10:13 - 00000020 _____ C:\Users\Piotr\defogger_reenable 2014-01-20 10:11 - 2014-01-20 10:11 - 00050477 _____ C:\Users\Piotr\Desktop\Defogger.exe 2014-01-20 10:02 - 2014-01-20 10:34 - 00018031 _____ C:\Program Files\FRST.txt 2014-01-20 10:01 - 2014-01-20 10:01 - 00001181 _____ C:\Users\Piotr\Desktop\FRST.lnk 2014-01-20 10:01 - 2014-01-20 10:00 - 02076672 _____ (Farbar) C:\Program Files\FRST64.exe 2014-01-15 17:01 - 2014-01-15 17:01 - 00000000 ____D C:\Program Files (x86)\Rovio 2014-01-15 15:58 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 15:58 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 15:58 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 15:58 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 15:58 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 15:58 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 15:58 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 15:58 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 15:58 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 20:46 - 2014-01-14 20:47 - 00000000 ____D C:\Users\Piotr\Downloads\Angry Birds Star Wars II 2014-01-14 20:45 - 2014-01-14 20:46 - 00000000 ____D C:\Users\Piotr\Downloads\Bad Piggies [RePack by KloneB@DGuY] 2014-01-06 18:44 - 2014-01-06 18:44 - 00694784 _____ (Adobe Corporation) C:\Users\Piotr\AppData\Roaming\flash_update.exe 2014-01-05 17:36 - 2014-01-05 17:36 - 00000000 ____D C:\Users\Piotr\Documents\Mount&Blade Warband Savegames 2014-01-05 17:35 - 2014-01-05 17:35 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Mount&Blade Warband 2014-01-05 17:33 - 2014-01-05 17:33 - 00000733 _____ C:\Users\UpdatusUser.PTV01\Desktop\Mount&Blade Warband.lnk 2014-01-05 17:33 - 2014-01-05 17:33 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband 2014-01-05 17:30 - 2014-01-05 17:35 - 00000000 ____D C:\Users\Piotr\Documents\Mount&Blade Warband 2013-12-31 13:11 - 2013-12-31 13:11 - 00000000 ____D C:\Windows\4F64A46D67F74497AEA2313D4305A5F6.TMP 2013-12-29 14:52 - 2013-12-29 14:52 - 00000000 ____D C:\Users\Piotr\Documents\Eador ==================== One Month Modified Files and Folders ======= 2014-01-20 10:34 - 2014-01-20 10:02 - 00018031 _____ C:\Program Files\FRST.txt 2014-01-20 10:32 - 2009-07-14 05:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-20 10:32 - 2009-07-14 05:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-20 10:28 - 2011-04-21 21:06 - 01311477 _____ C:\Windows\WindowsUpdate.log 2014-01-20 10:25 - 2012-04-07 15:24 - 00001361 ___SH C:\Windows\SysWOW64\mmf.sys 2014-01-20 10:25 - 2011-04-24 18:03 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-20 10:24 - 2011-04-24 18:44 - 00073534 _____ C:\Windows\PFRO.log 2014-01-20 10:24 - 2011-04-21 21:38 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-20 10:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-20 10:24 - 2009-07-14 05:51 - 00026596 _____ C:\Windows\setupact.log 2014-01-20 10:23 - 2012-05-26 16:04 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\DMCache 2014-01-20 10:13 - 2014-01-20 10:13 - 00000582 _____ C:\Users\Piotr\Desktop\defogger_disable.log 2014-01-20 10:13 - 2014-01-20 10:13 - 00000020 _____ C:\Users\Piotr\defogger_reenable 2014-01-20 10:13 - 2011-04-21 21:13 - 00000000 ____D C:\Users\Piotr 2014-01-20 10:11 - 2014-01-20 10:11 - 00050477 _____ C:\Users\Piotr\Desktop\Defogger.exe 2014-01-20 10:06 - 2011-04-24 18:03 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-20 10:01 - 2014-01-20 10:01 - 00001181 _____ C:\Users\Piotr\Desktop\FRST.lnk 2014-01-20 10:00 - 2014-01-20 10:01 - 02076672 _____ (Farbar) C:\Program Files\FRST64.exe 2014-01-19 22:02 - 2011-08-28 19:22 - 00000000 ___RD C:\Users\Piotr\Desktop\Gry 2014-01-19 21:33 - 2011-05-12 19:39 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\The Bat! 2014-01-19 13:07 - 2011-05-22 11:00 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\AIMP 2014-01-18 00:18 - 2013-10-29 20:09 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-15 20:01 - 2009-07-14 05:45 - 00428424 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 17:15 - 2013-06-29 09:34 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Rovio Entertainment Ltd 2014-01-15 17:15 - 2011-06-05 10:37 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Rovio 2014-01-15 17:01 - 2014-01-15 17:01 - 00000000 ____D C:\Program Files (x86)\Rovio 2014-01-15 16:01 - 2013-08-14 16:02 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 15:55 - 2011-04-24 18:14 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 21:03 - 2013-04-21 11:50 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\BitTorrent 2014-01-14 20:47 - 2014-01-14 20:46 - 00000000 ____D C:\Users\Piotr\Downloads\Angry Birds Star Wars II 2014-01-14 20:46 - 2014-01-14 20:45 - 00000000 ____D C:\Users\Piotr\Downloads\Bad Piggies [RePack by KloneB@DGuY] 2014-01-14 19:01 - 2012-03-13 17:16 - 00000000 ____D C:\Katalogi płyt 2014-01-06 18:44 - 2014-01-06 18:44 - 00694784 _____ (Adobe Corporation) C:\Users\Piotr\AppData\Roaming\flash_update.exe 2014-01-05 18:49 - 2009-08-07 13:03 - 00747552 _____ C:\Windows\system32\perfh015.dat 2014-01-05 18:49 - 2009-08-07 13:03 - 00160144 _____ C:\Windows\system32\perfc015.dat 2014-01-05 18:49 - 2009-07-14 06:13 - 01692112 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-05 17:36 - 2014-01-05 17:36 - 00000000 ____D C:\Users\Piotr\Documents\Mount&Blade Warband Savegames 2014-01-05 17:35 - 2014-01-05 17:35 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Mount&Blade Warband 2014-01-05 17:35 - 2014-01-05 17:30 - 00000000 ____D C:\Users\Piotr\Documents\Mount&Blade Warband 2014-01-05 17:33 - 2014-01-05 17:33 - 00000733 _____ C:\Users\UpdatusUser.PTV01\Desktop\Mount&Blade Warband.lnk 2014-01-05 17:33 - 2014-01-05 17:33 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband 2014-01-04 10:11 - 2011-11-12 21:10 - 00000000 ___RD C:\Users\Piotr\Desktop\Multimedia 2014-01-03 14:04 - 2011-08-28 19:11 - 00000000 ____D C:\Users\Piotr\AppData\Local\SKIDROW 2014-01-03 14:03 - 2011-04-21 21:35 - 00400162 _____ C:\Windows\DirectX.log 2014-01-03 14:02 - 2013-06-03 18:49 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-31 16:49 - 2013-01-13 09:49 - 00000000 __SHD C:\Users\Piotr\Phone Browser 2013-12-31 13:11 - 2013-12-31 13:11 - 00000000 ____D C:\Windows\4F64A46D67F74497AEA2313D4305A5F6.TMP 2013-12-31 13:10 - 2011-04-21 21:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-29 14:52 - 2013-12-29 14:52 - 00000000 ____D C:\Users\Piotr\Documents\Eador 2013-12-29 11:00 - 2013-04-01 15:01 - 00000000 ____D C:\NOD32v5 2013-12-24 21:46 - 2013-02-24 17:15 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\TeamViewer Files to move or delete: ==================== C:\Users\Piotr\AppData\Roaming\Origin\update.vbe Some content of TEMP: ==================== C:\Users\Piotr\AppData\Local\Temp\AngryBirdsSeasonsInstaller.exe C:\Users\Piotr\AppData\Local\Temp\libcurl-4.dll C:\Users\Piotr\AppData\Local\Temp\libcurl.dll C:\Users\Piotr\AppData\Local\Temp\libeay32.dll C:\Users\Piotr\AppData\Local\Temp\libidn-11.dll C:\Users\Piotr\AppData\Local\Temp\librtmp.dll C:\Users\Piotr\AppData\Local\Temp\libssh2.dll C:\Users\Piotr\AppData\Local\Temp\libusb-1.0.dll C:\Users\Piotr\AppData\Local\Temp\ssleay32.dll C:\Users\Piotr\AppData\Local\Temp\svchost.exe C:\Users\Piotr\AppData\Local\Temp\zlib1.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 13:39 ==================== End Of Log ============================