Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01 Ran by XoX (administrator) on EDYTA on 11-02-2014 15:51:12 Running from C:\Users\XoX\Downloads\Programy LOGI Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (SafeNet Inc.) C:\Windows\system32\hasplms.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Logixoft) C:\ProgramData\rvlkl\rvlkl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Creative SB Monitoring Utility] - C:\Windows\system32\sbavmon.dll [115712 2010-07-29] (Creative Technology Ltd.) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [1910016 2008-07-01] (ESET) HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] () HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-25] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] () HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Module Loader] - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.) HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2434746983-666425902-306705779-1001\...\MountPoints2: {f120b934-e08d-11e2-8a41-20cf3062cb3c} - F:\LaunchU3.exe -a AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [113768 2010-07-12] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [102504 2010-07-12] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files (x86)\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\XoX\AppData\Roaming\Mozilla\Firefox\Profiles\2hmsg43b.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) Chrome: ======= CHR Extension: (Google Wallet) - C:\Users\XoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-06-15] (Autodesk) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [21760 2008-07-01] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [468224 2008-07-01] (ESET) R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.) R2 MSSQL$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation) S4 SQLAgent$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-14] (DT Soft Ltd) R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [44552 2008-07-01] (ESET) R1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [53256 2008-07-01] (ESET) R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [37384 2008-07-01] () R1 eusk2par; C:\Windows\system32\Drivers\eusk2par-amd64.sys [42816 2006-12-13] (Eutron) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2010-07-30] (Creative Technology Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-14] (Duplex Secure Ltd.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () U3 axpdet9v; C:\Windows\System32\Drivers\axpdet9v.sys [0 ] (Advanced Micro Devices) U3 tmlwf; U3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-11 15:41 - 2014-02-11 15:41 - 00056854 _____ () C:\Users\XoX\Desktop\Extras.Txt 2014-02-11 15:40 - 2014-02-11 15:40 - 00093384 _____ () C:\Users\XoX\Desktop\OTL.Txt 2014-02-11 14:16 - 2014-02-11 14:16 - 00000000 ____D () C:\Windows\Sun 2014-02-11 14:02 - 2014-02-11 14:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-11 14:02 - 2014-02-11 14:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-11 14:02 - 2014-02-11 14:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-11 14:02 - 2014-02-11 14:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-11 13:32 - 2014-02-11 13:32 - 00000000 ____D () C:\_OTL 2014-02-11 12:34 - 2014-02-11 15:51 - 00000000 ____D () C:\Users\XoX\Downloads\Programy LOGI 2014-02-11 12:34 - 2014-02-11 12:45 - 00000000 ____D () C:\AdwCleaner 2014-02-11 11:16 - 2014-02-11 15:51 - 00000000 ____D () C:\FRST 2014-02-11 09:16 - 2014-02-11 14:38 - 00000000 ____D () C:\ProgramData\rvlkl 2014-02-11 09:16 - 2014-02-11 09:16 - 01411136 _____ (Logixoft) C:\Users\XoX\Downloads\rkfree_setup(dobreprogramy.pl).exe 2014-02-08 18:35 - 2014-02-05 17:36 - 01542265 _____ () C:\Users\XoX\Desktop\olszewscy.dwg 2014-02-08 18:34 - 2014-02-08 18:41 - 00001002 _____ () C:\plot.log 2014-01-20 21:11 - 2014-01-20 21:11 - 00000000 ____D () C:\Users\XoX\AppData\Roaming\Comarch 2014-01-20 20:54 - 2013-06-12 08:38 - 00240136 _____ (Comarch) C:\Windows\SysWOW64\ComarchMLv2x64.dll 2014-01-20 20:54 - 2013-06-12 08:38 - 00240136 _____ (Comarch) C:\Windows\system32\ComarchMLv2x64.dll 2014-01-20 20:54 - 2013-06-12 08:38 - 00188424 _____ (Comarch) C:\Windows\SysWOW64\ComarchMLv2x32.dll 2014-01-20 20:54 - 2013-06-12 08:38 - 00188424 _____ (Comarch) C:\Windows\system32\ComarchMLv2x32.dll 2014-01-20 20:50 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.OPTIMA-sqlagtctr.dll 2014-01-20 20:49 - 2012-06-29 01:22 - 00082888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$OPTIMA-sqlctr10.52.4000.0.dll 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Windows\system32\1033 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 __HDC () C:\ProgramData\{3010269D-6079-4CA4-A2EB-1A8869CCAB00} 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\SQLXML 3.0 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\MSSOAP 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE 2014-01-20 20:44 - 2014-01-20 20:44 - 00000000 ____D () C:\Program Files (x86)\Business Objects 2014-01-20 20:43 - 2014-01-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-01-20 18:37 - 2014-01-20 20:09 - 2659982771 _____ () C:\Users\XoX\Downloads\Comarch_ERP_Optima_2013.5.1.2385.exe ==================== One Month Modified Files and Folders ======= 2014-02-11 15:51 - 2014-02-11 12:34 - 00000000 ____D () C:\Users\XoX\Downloads\Programy LOGI 2014-02-11 15:51 - 2014-02-11 11:16 - 00000000 ____D () C:\FRST 2014-02-11 15:41 - 2014-02-11 15:41 - 00056854 _____ () C:\Users\XoX\Desktop\Extras.Txt 2014-02-11 15:40 - 2014-02-11 15:40 - 00093384 _____ () C:\Users\XoX\Desktop\OTL.Txt 2014-02-11 15:21 - 2010-10-04 15:58 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-11 14:38 - 2014-02-11 09:16 - 00000000 ____D () C:\ProgramData\rvlkl 2014-02-11 14:16 - 2014-02-11 14:16 - 00000000 ____D () C:\Windows\Sun 2014-02-11 14:03 - 2013-10-19 19:49 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-11 14:02 - 2014-02-11 14:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-11 14:02 - 2014-02-11 14:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-11 14:02 - 2014-02-11 14:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-11 14:02 - 2014-02-11 14:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-11 14:02 - 2013-06-12 09:44 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-11 13:42 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-11 13:42 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-11 13:39 - 2009-08-03 20:55 - 00807000 _____ () C:\Windows\system32\perfh015.dat 2014-02-11 13:39 - 2009-08-03 20:55 - 00180334 _____ () C:\Windows\system32\perfc015.dat 2014-02-11 13:39 - 2009-07-14 06:13 - 01855266 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-11 13:34 - 2010-10-04 15:58 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-11 13:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-11 13:33 - 2013-12-07 20:32 - 00202952 ____N () C:\Windows\WindowsUpdate.log 2014-02-11 13:32 - 2014-02-11 13:32 - 00000000 ____D () C:\_OTL 2014-02-11 12:45 - 2014-02-11 12:34 - 00000000 ____D () C:\AdwCleaner 2014-02-11 11:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-11 10:26 - 2013-06-17 09:26 - 00000248 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job 2014-02-11 09:16 - 2014-02-11 09:16 - 01411136 _____ (Logixoft) C:\Users\XoX\Downloads\rkfree_setup(dobreprogramy.pl).exe 2014-02-10 20:16 - 2010-10-04 15:58 - 00004058 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-10 20:16 - 2010-10-04 15:58 - 00003806 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-09 20:01 - 2013-12-20 10:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-09 15:42 - 2013-06-26 19:03 - 00000000 ____D () C:\Users\XoX\AppData\Roaming\GG 2014-02-08 18:41 - 2014-02-08 18:34 - 00001002 _____ () C:\plot.log 2014-02-06 14:17 - 2013-06-14 18:08 - 00000000 ____D () C:\Users\XoX\AppData\Roaming\Winamp 2014-02-05 17:36 - 2014-02-08 18:35 - 01542265 _____ () C:\Users\XoX\Desktop\olszewscy.dwg 2014-01-20 21:11 - 2014-01-20 21:11 - 00000000 ____D () C:\Users\XoX\AppData\Roaming\Comarch 2014-01-20 20:50 - 2013-08-06 11:47 - 01875712 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-20 20:49 - 2014-01-20 20:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Windows\system32\1033 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-01-20 20:48 - 2014-01-20 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 __HDC () C:\ProgramData\{3010269D-6079-4CA4-A2EB-1A8869CCAB00} 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\SQLXML 3.0 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\MSSOAP 2014-01-20 20:45 - 2014-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE 2014-01-20 20:44 - 2014-01-20 20:44 - 00000000 ____D () C:\Program Files (x86)\Business Objects 2014-01-20 20:44 - 2009-07-14 03:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services 2014-01-20 20:09 - 2014-01-20 18:37 - 2659982771 _____ () C:\Users\XoX\Downloads\Comarch_ERP_Optima_2013.5.1.2385.exe 2014-01-13 23:01 - 2013-06-12 08:14 - 00000000 ____D () C:\Users\XoX\AppData\Roaming\Media Player Classic ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-10 22:08 ==================== End Of Log ============================