Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by User (administrator) on PIECYK on 09-11-2013 01:57:26 Running from C:\Users\User\Desktop\dezynfekcja Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (深圳市普联技术有限公司) C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Farbar) C:\Users\User\Desktop\dezynfekcja\FSS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM\...\Run: [Windows Defender] - [x] HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET) Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKCU\...\Run: [MFP and Storage Server] - C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe [1925120 2010-03-26] (深圳市普联技术有限公司) HKCU\...\Run: [Steam] - E:\Gry\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-28] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) AppInit_DLLs:  [97280 2009-07-14] () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{0A591BD0-69E6-43C0-9420-F232BD5124BC}: [NameServer]208.67.222.222,208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\43tol1rp.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: DoNotTrackMe - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\43tol1rp.default\Extensions\donottrackplus@abine.com FF Extension: All-in-One Gestures - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\43tol1rp.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\43tol1rp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: hxxp://www.google.com CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-10-14] (Adobe Systems) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-15] () ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( ) R3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( ) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [30592 2012-11-04] (REALiX(tm)) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-09 01:56 - 2013-11-09 01:56 - 00000000 ____D C:\FRST 2013-11-08 00:14 - 2013-11-08 00:44 - 00000000 ____D C:\Windows\pss 2013-11-07 21:41 - 2013-11-07 21:44 - 00002164 _____ C:\Windows\PFRO.log 2013-11-07 21:36 - 2013-11-09 01:56 - 00000000 ____D C:\Users\User\Desktop\dezynfekcja 2013-10-30 10:49 - 2013-10-30 10:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Narzedzia 2013-10-28 17:25 - 2013-11-08 00:50 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA 2013-10-28 17:23 - 2013-10-28 17:23 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-28 17:18 - 2013-10-29 08:59 - 01638686 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-28 17:15 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-10-28 17:15 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2013-10-28 17:15 - 2013-10-23 11:30 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-10-28 17:15 - 2013-01-29 09:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll 2013-10-24 18:02 - 2013-11-09 01:36 - 00004883 _____ C:\Windows\setupact.log 2013-10-24 18:02 - 2013-10-24 18:02 - 00000000 _____ C:\Windows\setuperr.log 2013-10-24 13:39 - 2013-10-24 13:39 - 00252452 _____ C:\Users\User\Documents\cc_20131024_143905.reg 2013-10-24 12:10 - 2013-10-24 12:10 - 00000000 ____D C:\ProgramData\Oracle 2013-10-24 12:08 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-24 12:08 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-24 12:08 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-24 12:08 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-24 12:07 - 2013-10-24 12:08 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-19 12:00 - 2013-10-19 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-11-09 01:56 - 2013-11-09 01:56 - 00000000 ____D C:\FRST 2013-11-09 01:56 - 2013-11-07 21:36 - 00000000 ____D C:\Users\User\Desktop\dezynfekcja 2013-11-09 01:43 - 2009-07-14 05:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-09 01:43 - 2009-07-14 05:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-09 01:40 - 2011-10-13 14:48 - 01334888 _____ C:\Windows\WindowsUpdate.log 2013-11-09 01:40 - 2010-11-21 13:53 - 00737958 _____ C:\Windows\system32\perfh015.dat 2013-11-09 01:40 - 2010-11-21 13:53 - 00154646 _____ C:\Windows\system32\perfc015.dat 2013-11-09 01:40 - 2009-07-14 06:13 - 01663484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-09 01:36 - 2013-10-24 18:02 - 00004883 _____ C:\Windows\setupact.log 2013-11-09 01:36 - 2011-10-14 08:42 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-09 01:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-09 01:35 - 2011-10-14 18:40 - 00009585 _____ C:\Users\User\Documents\wincmd.ini 2013-11-09 01:31 - 2012-04-04 18:39 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-08 18:59 - 2013-08-18 14:11 - 00000728 _____ C:\Users\User\Documents\tcburner.ini 2013-11-08 00:50 - 2013-10-28 17:25 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA 2013-11-08 00:50 - 2011-10-14 08:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-08 00:50 - 2011-10-14 08:42 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-08 00:50 - 2011-10-14 08:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-08 00:44 - 2013-11-08 00:14 - 00000000 ____D C:\Windows\pss 2013-11-07 21:44 - 2013-11-07 21:41 - 00002164 _____ C:\Windows\PFRO.log 2013-11-07 21:32 - 2011-10-14 17:55 - 00000000 ____D C:\Download 2013-11-06 12:32 - 2012-05-18 05:53 - 00000000 ____D C:\Program Files (x86)\AutoCAD Civil 3D 2010 2013-11-06 12:24 - 2012-05-18 05:53 - 00000000 ____D C:\Civil 3D Projects 2013-11-03 23:46 - 2011-10-14 20:15 - 00000411 _____ C:\Windows\BRWMARK.INI 2013-11-02 20:00 - 2011-10-14 21:56 - 00000000 ____D C:\Users\User\Desktop\Skany 2013-11-01 01:41 - 2011-10-15 00:02 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2013-10-30 16:09 - 2012-04-17 10:32 - 00027903 _____ C:\Users\User\Documents\plot.log 2013-10-30 10:49 - 2013-10-30 10:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Narzedzia 2013-10-30 10:36 - 2011-10-18 19:02 - 00000084 _____ C:\Windows\winamp.ini 2013-10-29 08:59 - 2013-10-28 17:18 - 01638686 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-28 17:23 - 2013-10-28 17:23 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-28 01:21 - 2011-10-14 17:20 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2013-10-27 14:04 - 2011-10-14 17:20 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer_.exe.Back.4.1192586180378 2013-10-24 18:02 - 2013-10-24 18:02 - 00000000 _____ C:\Windows\setuperr.log 2013-10-24 13:41 - 2011-10-13 15:42 - 00000000 ____D C:\Windows\Panther 2013-10-24 13:39 - 2013-10-24 13:39 - 00252452 _____ C:\Users\User\Documents\cc_20131024_143905.reg 2013-10-24 12:10 - 2013-10-24 12:10 - 00000000 ____D C:\ProgramData\Oracle 2013-10-24 12:08 - 2013-10-24 12:07 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-24 12:08 - 2013-06-25 10:29 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-23 11:30 - 2013-10-28 17:15 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-10-23 11:30 - 2013-10-28 17:15 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2013-10-23 11:30 - 2013-10-28 17:15 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-10-23 11:30 - 2013-09-17 21:22 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2013-10-23 11:30 - 2013-09-17 21:22 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-10-23 11:30 - 2012-02-09 21:43 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2013-10-23 11:30 - 2011-10-14 08:42 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2013-10-23 11:30 - 2011-10-14 08:42 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2013-10-23 11:30 - 2011-10-14 08:42 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2013-10-23 11:30 - 2011-10-14 08:42 - 00023287 _____ C:\Windows\system32\nvinfo.pb 2013-10-23 09:20 - 2012-05-24 09:43 - 03426956 _____ C:\Windows\system32\nvcoproc.bin 2013-10-23 09:20 - 2011-10-14 08:42 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2013-10-23 09:20 - 2011-10-14 08:42 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2013-10-23 09:20 - 2011-10-14 08:42 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2013-10-23 09:20 - 2011-10-14 08:42 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2013-10-23 09:20 - 2011-10-14 08:42 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2013-10-23 09:20 - 2011-10-14 08:42 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-19 20:25 - 2012-05-02 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-19 13:05 - 2013-10-19 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-19 13:05 - 2013-08-17 00:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-10-19 13:05 - 2011-10-15 01:49 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla 2013-10-16 23:24 - 2013-01-07 02:47 - 00000000 ____D C:\Program Files (x86)\Pandora Recovery 2013-10-16 23:07 - 2012-11-26 23:47 - 00000357 _____ C:\Users\User\AppData\Local\Render.ini 2013-10-16 23:07 - 2012-11-26 23:47 - 00000217 _____ C:\Users\User\AppData\Local\UserMacros.ini 2013-10-16 23:07 - 2012-11-26 23:47 - 00000113 _____ C:\Users\User\AppData\Local\prompt.ini 2013-10-16 23:07 - 2012-11-26 23:47 - 00000003 _____ C:\Users\User\AppData\Local\PalletPos.sys 2013-10-16 23:07 - 2012-11-26 23:46 - 00000795 _____ C:\Users\User\AppData\Local\VC2Dialogs.ini 2013-10-16 23:07 - 2012-11-26 23:46 - 00000553 _____ C:\Users\User\AppData\Local\VC2Prefs.ini 2013-10-10 05:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\ntdll_dump.dll C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll C:\Users\User\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\User\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2011-10-14 17:20] - [2013-10-28 01:21] - 2871808 ____A (Microsoft Corporation) 68507CED86EABA708013697E2125F53E C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-01 13:34 ==================== End Of Log ============================