Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015 Ran by limak (administrator) on LIMAK-KOMPUTER on 21-04-2015 19:38:05 Running from E:\NIEMIECKI Loaded Profiles: limak (Available profiles: limak & user & Gość) Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe () C:\Program Files (x86)\Netia\Mobilny Internet\AssistantServices.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe (Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe () C:\Windows\System32\AtwtusbIcon.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (wifimouse.necta.us) E:\MouseServer\MouseServer.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) E:\NIEMIECKI\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [3593728 2012-09-10] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [CTSysVol] => C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344 2005-10-31] (Creative Technology Ltd) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\...\Run: [MouseServer] => E:\MouseServer\MouseServer.exe [243200 2014-11-30] (wifimouse.necta.us) HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-3924717649-4015743844-1627424674-1000] => (w3cache.icm.edu.p:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3924717649-4015743844-1627424674-1000 -> DefaultScope {1E731FBD-676B-479A-B4A2-DE66BA7DF8CB} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3924717649-4015743844-1627424674-1000 -> {1E731FBD-676B-479A-B4A2-DE66BA7DF8CB} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3924717649-4015743844-1627424674-1000 -> {40439b93-f815-4122-8073-d03bed94c303} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\limak\AppData\Roaming\Mozilla\Firefox\Profiles\fqqk6e5u.default FF Homepage: www.wp.pl/?src01=dp220141123 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-23] () FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-23] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-20] (Google Inc.) FF Plugin-x32: Adobe Reader -> D:\PROGRAMY\adobe reader\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: YouTube™ Flash® Player - C:\Users\limak\AppData\Roaming\Mozilla\Firefox\Profiles\fqqk6e5u.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-11-23] FF HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\...\Firefox\Extensions: [lyrmix@lyrmix.net] - C:\Program Files (x86)\Lyrmix\FF FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=BEBF001D6048D5FA" CHR Profile: C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21] CHR Extension: (Google Docs) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21] CHR Extension: (Google Drive) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21] CHR Extension: (YouTube) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21] CHR Extension: (Adblock for Youtube™) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-28] CHR Extension: (Google Search) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21] CHR Extension: (Google Sheets) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21] CHR Extension: (Google Wallet) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21] CHR Extension: (Gmail) - C:\Users\limak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21] CHR HKU\S-1-5-21-3924717649-4015743844-1627424674-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\limak\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx [Not Found] Opera: ======= OPR Extension: (Adblock Plus) - C:\Users\limak\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-11-12] StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-03-01] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-01] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2007-10-16] (FirebirdSQL Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2711552 2007-10-16] (FirebirdSQL Project) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed] R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) R2 UI Assistant Service; C:\Program Files (x86)\Netia\Mobilny Internet\AssistantServices.exe [247152 2010-03-02] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-13] (Bome Software) R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software) R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [227512 2014-10-16] (Dev47Apps) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-21] (DT Soft Ltd) S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [96768 2009-07-23] () R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [122880 2008-12-19] () R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7808 2009-04-16] (Windows (R) Codename Longhorn DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-21 18:46 - 2015-04-21 18:46 - 00020418 _____ () C:\ComboFix.txt 2015-04-21 18:41 - 2015-04-21 18:41 - 00002640 _____ () C:\Windows\PFRO.log 2015-04-21 18:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-21 18:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-21 18:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-21 18:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-21 18:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-21 18:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-21 18:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-21 18:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-21 18:26 - 2015-04-21 18:46 - 00000000 ____D () C:\Qoobox 2015-04-21 18:25 - 2015-04-21 18:44 - 00000000 ____D () C:\Windows\erdnt 2015-04-16 21:10 - 2015-04-16 21:10 - 00000000 ____D () C:\ProgramData\SoftPerfect 2015-04-13 09:26 - 2015-04-21 18:42 - 00003696 _____ () C:\Windows\setupact.log 2015-04-13 09:26 - 2015-04-13 09:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-12 21:03 - 2015-04-12 21:03 - 00000000 ____D () C:\Windows\Sun 2015-04-12 21:02 - 2015-04-12 21:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-12 20:55 - 2015-04-12 20:55 - 00026992 _____ () C:\Users\limak\Documents\cc_20150412_205522.reg 2015-03-26 15:40 - 2015-03-26 15:40 - 00000000 ____D () C:\Users\Public\Documents\Amiga Files 2015-03-26 15:37 - 2015-03-26 15:54 - 00000000 ____D () C:\Program Files (x86)\WinUAE 2015-03-26 15:37 - 2015-03-26 15:37 - 00000913 _____ () C:\Users\Public\Desktop\WinUAE.lnk 2015-03-26 15:37 - 2015-03-26 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUAE 2015-03-25 13:20 - 2015-03-25 13:20 - 00000000 _____ () C:\Users\limak\chkdsk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-21 19:38 - 2014-11-18 17:40 - 00000000 ____D () C:\FRST 2015-04-21 19:34 - 2013-02-26 20:15 - 00000000 ____D () C:\Program Files (x86)\PowerISO 2015-04-21 18:49 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-21 18:49 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-21 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-04-21 18:45 - 2013-02-13 21:51 - 01419373 _____ () C:\Windows\WindowsUpdate.log 2015-04-21 18:43 - 2009-07-14 04:34 - 00000243 _____ () C:\Windows\system.ini 2015-04-21 18:42 - 2013-06-15 01:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-04-21 18:41 - 2014-04-07 19:11 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-21 18:41 - 2013-06-15 01:17 - 00000000 ____D () C:\Program Files\Bitdefender 2015-04-21 18:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-21 18:40 - 2009-07-14 04:34 - 82051072 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-04-21 18:40 - 2009-07-14 04:34 - 27000832 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-04-21 18:40 - 2009-07-14 04:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-04-21 18:40 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-04-21 18:40 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-04-21 18:36 - 2013-03-21 21:20 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-21 18:30 - 2013-06-15 01:17 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender 2015-04-21 18:16 - 2013-07-11 12:51 - 00000503 _____ () C:\Windows\system32\checkdnsid.xml 2015-04-21 12:49 - 2013-02-16 00:16 - 00000000 ____D () C:\Users\limak\AppData\Roaming\vlc 2015-04-21 12:40 - 2013-07-26 15:10 - 00000000 ____D () C:\tmp 2015-04-20 13:52 - 2009-07-14 19:55 - 00740884 _____ () C:\Windows\system32\perfh015.dat 2015-04-20 13:52 - 2009-07-14 19:55 - 00156034 _____ () C:\Windows\system32\perfc015.dat 2015-04-20 13:52 - 2009-07-14 07:13 - 01666944 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-20 12:50 - 2013-03-12 15:11 - 00000000 ____D () C:\Users\limak\AppData\Roaming\Audacity 2015-04-16 21:16 - 2014-11-13 00:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-16 20:40 - 2013-11-25 14:28 - 00007601 _____ () C:\Users\limak\AppData\Local\resmon.resmoncfg 2015-04-16 12:16 - 2014-02-19 19:11 - 00000000 ____D () C:\Users\limak\AppData\Roaming\AIMP3 2015-04-12 21:01 - 2013-12-27 19:21 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-12 21:01 - 2013-06-22 16:51 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-12 20:54 - 2013-06-02 14:17 - 00000000 ____D () C:\Users\limak\AppData\Roaming\uTorrent 2015-04-12 11:53 - 2013-02-28 21:38 - 00000000 ____D () C:\Windows\Minidump 2015-04-11 18:54 - 2013-12-12 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2015-03-30 22:59 - 2013-07-25 00:19 - 00000000 ____D () C:\Users\limak\Desktop\blender 2015-03-28 22:41 - 2015-03-20 16:46 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfebc3e0ee1a9e.job 2015-03-28 22:41 - 2015-03-20 16:46 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfebc3decf9f7d.job 2015-03-28 14:53 - 2015-03-20 16:46 - 00004054 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfebc3e0ee1a9e 2015-03-28 14:53 - 2015-03-20 16:46 - 00003802 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfebc3decf9f7d 2015-03-28 14:21 - 2015-02-25 12:37 - 00000000 ____D () C:\Users\limak\AppData\Local\CrashDumps 2015-03-28 13:58 - 2009-07-14 04:34 - 00000663 _____ () C:\Windows\win.ini 2015-03-27 15:20 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-27 01:07 - 2014-10-10 19:48 - 00000000 ____D () C:\Users\limak\AppData\Roaming\Skype 2015-03-25 13:20 - 2013-02-13 21:59 - 00000000 ____D () C:\Users\limak 2015-03-25 13:11 - 2013-06-02 14:16 - 00000000 ____D () C:\Users\limak\AppData\Local\Downloaded Installations ==================== Files in the root of some directories ======= 2014-06-06 18:27 - 2014-06-06 18:27 - 0004729 _____ () C:\Users\limak\AppData\Local\recently-used.xbel 2013-11-25 14:28 - 2015-04-16 20:40 - 0007601 _____ () C:\Users\limak\AppData\Local\resmon.resmoncfg 2014-10-16 15:09 - 2014-10-16 15:16 - 0000031 _____ () C:\ProgramData\droidcam-settings 2014-09-23 21:37 - 2014-09-23 21:37 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 10:52 ==================== End Of Log ============================