Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01 Ran by luq92 (administrator) on LUQ92-KOMPUTER on 29-01-2014 18:22:28 Running from C:\Users\luq92\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ATTENTION: If processes are not listed WMI should be repaired. ==================== Processes (Whitelisted) ================= ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.) HKLM\...\Run: [Creative SB Monitoring Utility] - C:\Windows\system32\sbavmon.dll [109056 2009-06-22] (Creative Technology Ltd.) HKLM\...\Run: [COMODO Internet Security] - D:\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO) HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] - D:\Programy\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [GoogleChromeAutoLaunch_C7FD05FA7125740A8AA3196FEF241B17] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-23] (Google Inc.) HKCU\...\Run: [DAEMON Tools Lite] - D:\Programy\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) MountPoints2: H - H:\AutoRun.exe MountPoints2: {0e2a6cfb-f4fe-11e2-8fa2-eb1490374a56} - H:\AutoRun.exe MountPoints2: {0e2a6d09-f4fe-11e2-8fa2-eb1490374a56} - H:\AutoRun.exe MountPoints2: {7f14129d-1195-11e3-a5b9-f04da2d1c4dc} - H:\AutoRun.exe MountPoints2: {7f1412cb-1195-11e3-a5b9-f04da2d1c4dc} - H:\AutoRun.exe MountPoints2: {958e7836-e6d6-11e2-a0a6-aabb02ddc357} - H:\iLinker.exe MountPoints2: {a92b2e0c-580b-11e2-9741-e1a7a449054e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\setup.hta AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [390392 2012-11-07] (COMODO) AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-07] (COMODO) Startup: C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> D:\Programy\Rainmeter.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=889F8CA98206FCFD BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.113.243.6 8.8.8.8 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Extension: (Dysk Google) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-16] CHR Extension: (Turn Off the Lights) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2012-12-16] CHR Extension: (YouTube) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-16] CHR Extension: (SmoothScroll) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2013-07-08] CHR Extension: (Szukaj w Google) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-16] CHR Extension: (QR Code Generator) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-12-16] CHR Extension: (AdBlock) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-16] CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-03-14] CHR Extension: (Barcode Generator) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkhkkdihamgncpphbkidijapnccgbmp [2012-12-16] CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2012-12-16] CHR Extension: (Google Wallet) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Gmail) - C:\Users\luq92\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-16] ==================== Services (Whitelisted) ================= R2 cmdAgent; D:\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO) R2 MySql; c:\usr/MYSQL/bin/mysqld.exe [2928700 2003-09-14] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] () R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-06-21] () R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22736 2012-11-07] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-21] (DT Soft Ltd) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO) R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2009-12-15] (Creative Technology Ltd.) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-06-21] () R3 ALSysIO; \??\C:\Users\luq92\AppData\Local\Temp\ALSysIO64.sys [x] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x] S3 WinRing0_1_2_0; \??\D:\Programy\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] U3 uwddqkow; \??\C:\Users\luq92\AppData\Local\Temp\uwddqkow.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-29 18:22 - 2014-01-29 18:22 - 00067374 _____ C:\Users\luq92\Desktop\Extras.Txt 2014-01-29 18:22 - 2014-01-29 18:22 - 00009229 _____ C:\Users\luq92\Desktop\FRST.txt 2014-01-29 18:20 - 2014-01-29 18:20 - 00095226 _____ C:\Users\luq92\Desktop\OTL.Txt 2014-01-29 18:07 - 2014-01-29 18:07 - 00380416 _____ C:\Users\luq92\Desktop\lfb0qp35.exe 2014-01-29 18:02 - 2014-01-29 18:22 - 00000000 ____D C:\FRST 2014-01-29 18:01 - 2014-01-29 18:01 - 02079744 _____ (Farbar) C:\Users\luq92\Desktop\FRST64.exe 2014-01-29 17:59 - 2014-01-29 17:59 - 00602112 _____ (OldTimer Tools) C:\Users\luq92\Desktop\OTL.exe 2014-01-27 23:16 - 2014-01-27 23:16 - 00000000 ____D C:\Users\luq92\Documents\Codemasters 2014-01-27 23:12 - 2008-04-28 15:53 - 00805400 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp182E.tmp 2014-01-27 23:10 - 2008-04-28 15:53 - 00805400 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp182D.tmp 2014-01-27 12:03 - 2014-01-29 14:04 - 00000616 _____ C:\Windows\setupact.log 2014-01-27 12:03 - 2014-01-27 12:03 - 00000000 _____ C:\Windows\setuperr.log 2014-01-26 21:16 - 2014-01-26 21:16 - 00000000 ____D C:\ProgramData\Creative Labs 2014-01-26 21:01 - 2014-01-26 21:01 - 00000000 ____D C:\Program Files (x86)\BRS 2014-01-26 21:01 - 2009-10-16 11:19 - 00872448 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 03485696 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 02793472 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p3.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 02441216 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_def.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 02174976 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_lapack32.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 02125824 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_lapack64.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 00839680 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_vml_p4.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 00532480 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_vml_p3.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 00512000 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_vml_def.dll 2014-01-26 21:01 - 2009-07-13 19:04 - 00184320 _____ (Intel Corporation) C:\Windows\SysWOW64\libguide40.dll 2014-01-26 20:59 - 2014-01-26 21:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2014-01-26 20:58 - 2014-01-27 23:12 - 00000000 ____D C:\Program Files (x86)\OpenAL 2014-01-26 20:58 - 2009-10-15 12:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp5992.tmp 2014-01-26 20:57 - 2014-01-27 23:12 - 00280789 _____ C:\Windows\DirectX.log 2014-01-26 20:55 - 2009-10-15 12:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp5991.tmp 2014-01-26 09:41 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2014-01-26 09:41 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2014-01-24 21:19 - 2014-01-29 14:07 - 00090809 _____ C:\Windows\WindowsUpdate.log 2014-01-24 10:38 - 2014-01-24 10:38 - 00001637 _____ C:\Users\luq92\Desktop\XML Notepad 2007.lnk 2014-01-24 10:38 - 2014-01-24 10:38 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007 2014-01-18 10:37 - 2014-01-18 10:37 - 00000590 _____ C:\Users\luq92\Desktop\Krasnal Start 2.7.lnk 2014-01-18 10:37 - 2014-01-18 10:37 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KRASNAL Serv 2014-01-18 10:36 - 2014-01-18 10:37 - 00000000 ____D C:\usr 2014-01-15 20:14 - 2014-01-15 20:14 - 00000000 ____D C:\Users\luq92\Documents\Moje palety 2014-01-15 20:13 - 2014-01-15 20:13 - 00000000 ____D C:\Users\luq92\Documents\Corel 2014-01-15 19:43 - 2014-01-15 19:43 - 00000000 ____D C:\Program Files\Common Files\Corel 2014-01-15 19:42 - 2014-01-15 19:42 - 00000000 ____D C:\Program Files\Common Files\Protexis 2014-01-15 19:38 - 2014-01-15 19:38 - 00000000 ____D C:\Users\Public\Documents\Corel 2014-01-15 19:29 - 2014-01-15 20:10 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6 2014-01-15 11:47 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 11:47 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 11:47 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 11:47 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 11:47 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 11:47 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 11:47 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 11:47 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 11:47 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-13 18:53 - 2014-01-15 20:13 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Corel 2014-01-13 18:53 - 2014-01-13 18:54 - 00000000 ____D C:\ProgramData\Protexis64 2014-01-13 15:04 - 2014-01-15 20:11 - 00000000 ____D C:\ProgramData\Corel 2014-01-13 15:00 - 2014-01-13 15:10 - 00000000 ____D C:\ProgramData\Corel Painter X3 2014-01-10 18:36 - 2014-01-10 18:36 - 00000000 ____D C:\Users\luq92\AppData\Local\Microsoft_Corporation 2014-01-10 18:32 - 2014-01-10 18:32 - 00000000 ____D C:\Users\luq92\Documents\Integration Services Script Component 2014-01-10 18:28 - 2014-01-10 18:28 - 00000000 ____D C:\Users\luq92\Documents\Integration Services Script Task 2014-01-10 17:57 - 2014-01-10 19:16 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2014-01-08 14:25 - 2014-01-08 14:25 - 00002762 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-08 14:22 - 2014-01-08 14:22 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-08 14:21 - 2014-01-08 14:21 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-08 14:04 - 2014-01-08 14:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2014-01-08 14:01 - 2014-01-08 14:01 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-01-08 14:00 - 2014-01-08 14:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2014-01-08 12:25 - 2014-01-08 12:25 - 00000000 ____D C:\Users\luq92\AppData\Roaming\MySQL ==================== One Month Modified Files and Folders ======= 2014-01-29 18:22 - 2014-01-29 18:22 - 00067374 _____ C:\Users\luq92\Desktop\Extras.Txt 2014-01-29 18:22 - 2014-01-29 18:22 - 00009229 _____ C:\Users\luq92\Desktop\FRST.txt 2014-01-29 18:22 - 2014-01-29 18:02 - 00000000 ____D C:\FRST 2014-01-29 18:20 - 2014-01-29 18:20 - 00095226 _____ C:\Users\luq92\Desktop\OTL.Txt 2014-01-29 18:19 - 2012-12-16 11:31 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-29 18:13 - 2012-12-16 12:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2014-01-29 18:07 - 2014-01-29 18:07 - 00380416 _____ C:\Users\luq92\Desktop\lfb0qp35.exe 2014-01-29 18:01 - 2014-01-29 18:01 - 02079744 _____ (Farbar) C:\Users\luq92\Desktop\FRST64.exe 2014-01-29 17:59 - 2014-01-29 17:59 - 00602112 _____ (OldTimer Tools) C:\Users\luq92\Desktop\OTL.exe 2014-01-29 17:50 - 2012-12-16 11:34 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-29 16:13 - 2009-07-14 18:55 - 00753320 _____ C:\Windows\system32\perfh015.dat 2014-01-29 16:13 - 2009-07-14 18:55 - 00160634 _____ C:\Windows\system32\perfc015.dat 2014-01-29 16:13 - 2009-07-14 06:13 - 01697038 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-29 14:11 - 2009-07-14 05:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-29 14:11 - 2009-07-14 05:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-29 14:07 - 2014-01-24 21:19 - 00090809 _____ C:\Windows\WindowsUpdate.log 2014-01-29 14:04 - 2014-01-27 12:03 - 00000616 _____ C:\Windows\setupact.log 2014-01-29 14:04 - 2012-12-16 11:34 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-29 14:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-28 08:55 - 2013-06-20 11:00 - 00000000 ____D C:\Users\luq92\AppData\Roaming\uTorrent 2014-01-27 23:16 - 2014-01-27 23:16 - 00000000 ____D C:\Users\luq92\Documents\Codemasters 2014-01-27 23:16 - 2013-05-31 20:26 - 00000000 ____D C:\ProgramData\Codemasters 2014-01-27 23:12 - 2014-01-26 20:58 - 00000000 ____D C:\Program Files (x86)\OpenAL 2014-01-27 23:12 - 2014-01-26 20:57 - 00280789 _____ C:\Windows\DirectX.log 2014-01-27 22:43 - 2012-12-16 11:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-27 12:03 - 2014-01-27 12:03 - 00000000 _____ C:\Windows\setuperr.log 2014-01-26 21:16 - 2014-01-26 21:16 - 00000000 ____D C:\ProgramData\Creative Labs 2014-01-26 21:15 - 2013-02-11 09:28 - 00000000 ____D C:\Users\luq92\Documents\My Games 2014-01-26 21:01 - 2014-01-26 21:01 - 00000000 ____D C:\Program Files (x86)\BRS 2014-01-26 21:01 - 2014-01-26 20:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2014-01-26 20:58 - 2012-12-16 11:38 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2014-01-26 20:58 - 2012-12-16 11:38 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2014-01-26 20:58 - 2012-12-16 11:38 - 00122968 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2014-01-26 20:58 - 2012-12-16 11:38 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2014-01-26 20:37 - 2013-01-06 16:05 - 00000000 ____D C:\Users\luq92\AppData\Roaming\DAEMON Tools Lite 2014-01-26 17:47 - 2012-12-26 14:00 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Media Player Classic 2014-01-26 16:13 - 2013-10-18 20:24 - 00000000 ____D C:\Users\luq92\.VirtualBox 2014-01-26 14:27 - 2012-12-16 13:44 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Dropbox 2014-01-26 14:22 - 2013-09-23 14:18 - 00000000 ____D C:\Users\luq92\Desktop\aaaa 2014-01-24 10:38 - 2014-01-24 10:38 - 00001637 _____ C:\Users\luq92\Desktop\XML Notepad 2007.lnk 2014-01-24 10:38 - 2014-01-24 10:38 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007 2014-01-20 22:33 - 2012-12-16 12:19 - 00000000 ____D C:\Windows\pss 2014-01-20 22:33 - 2012-12-16 11:04 - 00000000 ___RD C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-18 16:31 - 2012-12-16 13:45 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-18 14:51 - 2013-10-19 08:56 - 00000000 ____D C:\Users\luq92\VirtualBox VMs 2014-01-18 14:50 - 2012-12-29 16:13 - 00000000 ____D C:\ProgramData\Adobe 2014-01-18 14:50 - 2012-12-16 11:33 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Adobe 2014-01-18 14:49 - 2012-12-16 11:04 - 00000000 ____D C:\Users\luq92 2014-01-18 12:03 - 2012-12-29 16:15 - 00000000 ____D C:\Users\luq92\AppData\Local\Adobe 2014-01-18 11:28 - 2012-12-16 12:27 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-01-18 10:37 - 2014-01-18 10:37 - 00000590 _____ C:\Users\luq92\Desktop\Krasnal Start 2.7.lnk 2014-01-18 10:37 - 2014-01-18 10:37 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KRASNAL Serv 2014-01-18 10:37 - 2014-01-18 10:36 - 00000000 ____D C:\usr 2014-01-18 10:36 - 2005-11-19 20:35 - 00024661 _____ C:\Windows\php_old.ini 2014-01-18 10:36 - 2003-05-08 03:32 - 00002251 _____ C:\my.cnf 2014-01-18 10:36 - 2002-06-25 08:28 - 00000455 _____ C:\Windows\my.ini 2014-01-16 08:47 - 2013-11-19 09:40 - 05071704 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 20:14 - 2014-01-15 20:14 - 00000000 ____D C:\Users\luq92\Documents\Moje palety 2014-01-15 20:13 - 2014-01-15 20:13 - 00000000 ____D C:\Users\luq92\Documents\Corel 2014-01-15 20:13 - 2014-01-13 18:53 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Corel 2014-01-15 20:13 - 2013-11-19 09:41 - 00116008 _____ C:\Users\luq92\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-15 20:11 - 2014-01-13 15:04 - 00000000 ____D C:\ProgramData\Corel 2014-01-15 20:10 - 2014-01-15 19:29 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6 2014-01-15 20:10 - 2013-03-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-15 19:43 - 2014-01-15 19:43 - 00000000 ____D C:\Program Files\Common Files\Corel 2014-01-15 19:43 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2014-01-15 19:42 - 2014-01-15 19:42 - 00000000 ____D C:\Program Files\Common Files\Protexis 2014-01-15 19:38 - 2014-01-15 19:38 - 00000000 ____D C:\Users\Public\Documents\Corel 2014-01-15 11:54 - 2013-07-11 08:21 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 11:49 - 2012-12-16 17:42 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-13 18:54 - 2014-01-13 18:53 - 00000000 ____D C:\ProgramData\Protexis64 2014-01-13 15:10 - 2014-01-13 15:00 - 00000000 ____D C:\ProgramData\Corel Painter X3 2014-01-12 14:53 - 2003-05-08 03:32 - 00002261 _____ C:\my_cnf.bak 2014-01-10 19:16 - 2014-01-10 17:57 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2014-01-10 18:36 - 2014-01-10 18:36 - 00000000 ____D C:\Users\luq92\AppData\Local\Microsoft_Corporation 2014-01-10 18:32 - 2014-01-10 18:32 - 00000000 ____D C:\Users\luq92\Documents\Integration Services Script Component 2014-01-10 18:28 - 2014-01-10 18:28 - 00000000 ____D C:\Users\luq92\Documents\Integration Services Script Task 2014-01-09 12:52 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-08 14:27 - 2013-07-01 05:23 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader 2014-01-08 14:27 - 2012-12-16 12:52 - 00000000 ____D C:\Users\luq92\AppData\Roaming\AIMP3 2014-01-08 14:25 - 2014-01-08 14:25 - 00002762 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-08 14:22 - 2014-01-08 14:22 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-08 14:21 - 2014-01-08 14:21 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-08 14:04 - 2014-01-08 14:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2014-01-08 14:01 - 2014-01-08 14:01 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-01-08 14:00 - 2014-01-08 14:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2014-01-08 13:59 - 2013-03-21 19:45 - 00000000 ____D C:\Program Files\Microsoft Office 2014-01-08 12:25 - 2014-01-08 12:25 - 00000000 ____D C:\Users\luq92\AppData\Roaming\MySQL 2013-12-31 10:48 - 2013-01-30 14:46 - 00000000 ____D C:\Users\luq92\AppData\Roaming\Foxit Software Some content of TEMP: ==================== C:\Users\luq92\AppData\Local\Temp\Checkupdate.exe C:\Users\luq92\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\luq92\AppData\Local\Temp\gcapi_dll.dll C:\Users\luq92\AppData\Local\Temp\gtapi_signed.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 23:09 ==================== End Of Log ============================