Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04 Ran by Emil (administrator) on EMIL-NOTEBOOK on 20-01-2014 22:56:31 Running from C:\Users\Emil\Downloads Windows 7 Enterprise Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6325936 2012-11-26] (ESET) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1106512 2012-03-02] (Dritek System Inc.) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation) AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\..\Interfaces\{EBCD2408-FEF3-4B90-B9FE-D4F63F09880C}: [NameServer]192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\o1ttauev.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Google FF Homepage: wp.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll () FF Plugin-x32: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-07-13] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-07-13] Chrome: ======= ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1329304 2012-11-26] (ESET) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-22] () S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH) S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-04-05] (Broadcom Corporation) S3 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-09-26] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-26] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [138744 2012-10-08] (ESET) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-09-26] () R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 SmbDrv; system32\DRIVERS\Smb_driver.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 22:46 - 2014-01-20 22:50 - 00029261 _____ C:\Users\Emil\Downloads\Addition.txt 2014-01-20 22:45 - 2014-01-20 22:56 - 00009056 _____ C:\Users\Emil\Downloads\FRST.txt 2014-01-20 22:44 - 2014-01-20 22:45 - 02076672 _____ (Farbar) C:\Users\Emil\Downloads\FRST64.exe 2014-01-20 17:28 - 2014-01-20 17:28 - 00022817 _____ C:\ComboFix.txt 2014-01-20 17:06 - 2014-01-20 17:28 - 00000000 ____D C:\ComboFix 2014-01-20 17:05 - 2014-01-18 18:04 - 05167985 ____R (Swearware) C:\Users\Emil\Desktop\ComboFix.exe 2014-01-20 16:52 - 2009-07-14 02:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-01-20 16:52 - 2009-07-14 02:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2014-01-18 16:02 - 2014-01-18 16:02 - 00000000 ____D C:\FRST 2014-01-13 18:47 - 2014-01-13 18:47 - 03441528 _____ (Solvusoft Corporation ) C:\Users\Emil\Downloads\Nikon_COOLPIX_S2700_Driver_Update_01-2014.exe 2014-01-08 15:33 - 2014-01-08 15:33 - 00000000 ____D C:\ProgramData\Nikon 2014-01-07 17:00 - 2014-01-07 17:00 - 00000000 _____ C:\Windows\ViewNX2.INI 2014-01-07 16:59 - 2014-01-07 16:59 - 00000000 ____D C:\Users\Emil\AppData\Roaming\Nikon 2014-01-07 16:59 - 2014-01-07 16:59 - 00000000 ____D C:\Users\Emil\AppData\Local\Nikon 2014-01-07 16:57 - 2014-01-18 23:00 - 00000000 ____D C:\Program Files (x86)\ArcSoft 2014-01-07 16:57 - 2014-01-07 16:57 - 00002054 _____ C:\Users\Public\Desktop\Panorama Maker 6.lnk 2014-01-07 16:56 - 2014-01-18 23:01 - 00000000 ____D C:\Users\Emil\AppData\Roaming\ArcSoft 2014-01-07 16:53 - 2014-01-07 16:59 - 00000020 ____H C:\ProgramData\PKP_DLes.DAT 2014-01-07 16:53 - 2014-01-07 16:53 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\Sound Effects 2014-01-07 16:52 - 2014-01-07 16:59 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2014-01-07 16:52 - 2014-01-07 16:55 - 00000000 ____D C:\Program Files (x86)\Nikon 2014-01-07 16:52 - 2014-01-07 16:54 - 00000000 ____D C:\Program Files\Common Files\Nikon 2014-01-07 16:52 - 2014-01-07 16:52 - 00002049 _____ C:\Users\Public\Desktop\ViewNX 2.lnk 2014-01-07 16:52 - 2014-01-07 16:52 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\Sounds 2014-01-07 16:52 - 2014-01-07 16:52 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\Solid Colors 2014-01-07 16:52 - 2014-01-07 16:52 - 00000268 ___RH C:\ProgramData\Space Choir 2014-01-07 16:52 - 2014-01-07 16:52 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2014-01-07 16:52 - 2014-01-07 16:52 - 00000012 ___RH C:\ProgramData\Sync Services 2014-01-07 16:52 - 2014-01-07 16:52 - 00000000 ____D C:\Program Files\Nikon 2014-01-07 16:52 - 2014-01-07 16:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL 2014-01-07 16:51 - 2014-01-07 16:54 - 00000000 ____D C:\Users\Emil\AppData\Local\Downloaded Installations 2014-01-07 16:50 - 2014-01-07 16:53 - 00000000 ____D C:\ProgramData\Ultima_T15 2014-01-07 16:50 - 2014-01-07 16:53 - 00000000 ____D C:\ProgramData\EnterNHelp 2014-01-07 16:50 - 2014-01-07 16:52 - 00000012 ___RH C:\ProgramData\Strings 2014-01-07 16:50 - 2014-01-07 16:51 - 00000020 ____H C:\ProgramData\PKP_DLeo.DAT 2014-01-07 16:50 - 2014-01-07 16:50 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\StatusSheet 2014-01-07 16:47 - 2014-01-07 16:47 - 00000000 ____D C:\Users\Emil\Downloads\Nikon 2014-01-07 16:27 - 2014-01-07 16:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-12-31 14:17 - 2013-12-31 14:17 - 00000000 _____ C:\Users\Emil\Desktop\Nowy dokument tekstowy (2).txt 2013-12-27 21:02 - 2013-12-27 21:02 - 00000000 ____D C:\Users\Emil\Downloads\_brak_tematu_(3) 2013-12-27 20:50 - 2013-12-27 21:03 - 07268863 _____ C:\Users\Emil\Downloads\Zdjecia.zip 2013-12-27 20:49 - 2013-12-27 20:49 - 07378344 _____ C:\Users\Emil\Downloads\_brak_tematu_(4).zip 2013-12-27 20:49 - 2013-12-27 20:49 - 03406147 _____ C:\Users\Emil\Downloads\_brak_tematu_(5).zip 2013-12-27 20:48 - 2013-12-27 20:49 - 08100231 _____ C:\Users\Emil\Downloads\_brak_tematu_(3).zip 2013-12-27 20:47 - 2013-12-27 20:51 - 01974309 _____ C:\Users\Emil\Downloads\image.jpeg 2013-12-27 20:47 - 2013-12-27 20:48 - 07084779 _____ C:\Users\Emil\Downloads\_brak_tematu_(2).zip 2013-12-27 20:47 - 2013-12-27 20:47 - 07236131 _____ C:\Users\Emil\Downloads\_brak_tematu_.zip 2013-12-27 20:47 - 2013-12-27 20:47 - 07084779 _____ C:\Users\Emil\Downloads\_brak_tematu_(1).zip 2013-12-22 14:01 - 2014-01-20 22:34 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-22 14:01 - 2013-12-22 14:35 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-22 14:00 - 2013-12-22 14:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe ==================== One Month Modified Files and Folders ======= 2014-01-20 22:56 - 2014-01-20 22:45 - 00009056 _____ C:\Users\Emil\Downloads\FRST.txt 2014-01-20 22:50 - 2014-01-20 22:46 - 00029261 _____ C:\Users\Emil\Downloads\Addition.txt 2014-01-20 22:45 - 2014-01-20 22:44 - 02076672 _____ (Farbar) C:\Users\Emil\Downloads\FRST64.exe 2014-01-20 22:34 - 2013-12-22 14:01 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-20 22:33 - 2009-07-14 05:45 - 00020208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-20 22:33 - 2009-07-14 05:45 - 00020208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-20 22:12 - 2013-09-27 01:54 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-20 22:07 - 2013-04-05 19:43 - 01420051 _____ C:\Windows\WindowsUpdate.log 2014-01-20 21:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-20 21:07 - 2009-07-14 13:43 - 00749368 _____ C:\Windows\system32\perfh015.dat 2014-01-20 21:07 - 2009-07-14 13:43 - 00160998 _____ C:\Windows\system32\perfc015.dat 2014-01-20 21:07 - 2009-07-14 06:13 - 01691938 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-20 21:03 - 2013-09-27 01:54 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-20 21:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-20 21:02 - 2009-07-14 05:51 - 00048775 _____ C:\Windows\setupact.log 2014-01-20 17:55 - 2013-04-06 00:39 - 00000000 ____D C:\Users\Emil\AppData\Roaming\GG 2014-01-20 17:28 - 2014-01-20 17:28 - 00022817 _____ C:\ComboFix.txt 2014-01-20 17:28 - 2014-01-20 17:06 - 00000000 ____D C:\ComboFix 2014-01-20 17:28 - 2013-07-08 15:18 - 00000000 ____D C:\Qoobox 2014-01-20 17:24 - 2013-04-06 19:41 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C95CC20B-B854-40E2-91AE-18FDBD2ADBA0} 2014-01-20 17:20 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2014-01-20 17:16 - 2013-04-05 17:32 - 00022166 _____ C:\Windows\PFRO.log 2014-01-20 17:14 - 2013-04-05 13:45 - 00000000 ____D C:\Users\Emil 2014-01-18 23:24 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2014-01-18 23:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Msdtc 2014-01-18 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing 2014-01-18 23:17 - 2013-08-03 16:21 - 00000000 ___RD C:\Users\Emil\Virtual Machines 2014-01-18 23:17 - 2013-04-06 22:18 - 00000000 ____D C:\Users\Emil\AppData\Roaming\Winamp 2014-01-18 23:17 - 2013-04-05 13:45 - 00000000 ___RD C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-18 23:17 - 2013-04-05 13:45 - 00000000 ___RD C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-18 23:16 - 2013-05-08 23:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-18 23:16 - 2013-04-05 17:33 - 00000000 ____D C:\ProgramData\Atheros 2014-01-18 23:15 - 2013-11-10 20:31 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-18 23:15 - 2013-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\EaseUS 2014-01-18 23:15 - 2013-05-08 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2014-01-18 23:15 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2014-01-18 23:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2014-01-18 23:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2014-01-18 23:01 - 2014-01-07 16:56 - 00000000 ____D C:\Users\Emil\AppData\Roaming\ArcSoft 2014-01-18 23:01 - 2013-05-10 13:52 - 00000000 ____D C:\Users\Emil\AppData\Roaming\Skype 2014-01-18 23:00 - 2014-01-07 16:57 - 00000000 ____D C:\Program Files (x86)\ArcSoft 2014-01-18 23:00 - 2013-04-05 13:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-18 22:48 - 2013-04-05 13:53 - 00000000 ____D C:\Users\Emil\Documents\Bluetooth Folder 2014-01-18 22:46 - 2013-04-05 17:08 - 00000000 ____D C:\Users\Emil\AppData\Roaming\Atheros 2014-01-18 18:04 - 2014-01-20 17:05 - 05167985 ____R (Swearware) C:\Users\Emil\Desktop\ComboFix.exe 2014-01-18 16:02 - 2014-01-18 16:02 - 00000000 ____D C:\FRST 2014-01-16 15:17 - 2013-07-12 17:18 - 00000000 ____D C:\Windows\system32\MRT 2014-01-14 22:19 - 2013-04-06 01:27 - 00000000 ____D C:\Users\Emil\Desktop\Gry 2014-01-13 18:47 - 2014-01-13 18:47 - 03441528 _____ (Solvusoft Corporation ) C:\Users\Emil\Downloads\Nikon_COOLPIX_S2700_Driver_Update_01-2014.exe 2014-01-12 19:27 - 2013-10-30 16:24 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2014-01-08 15:33 - 2014-01-08 15:33 - 00000000 ____D C:\ProgramData\Nikon 2014-01-07 17:00 - 2014-01-07 17:00 - 00000000 _____ C:\Windows\ViewNX2.INI 2014-01-07 16:59 - 2014-01-07 16:59 - 00000000 ____D C:\Users\Emil\AppData\Roaming\Nikon 2014-01-07 16:59 - 2014-01-07 16:59 - 00000000 ____D C:\Users\Emil\AppData\Local\Nikon 2014-01-07 16:59 - 2014-01-07 16:53 - 00000020 ____H C:\ProgramData\PKP_DLes.DAT 2014-01-07 16:59 - 2014-01-07 16:52 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2014-01-07 16:57 - 2014-01-07 16:57 - 00002054 _____ C:\Users\Public\Desktop\Panorama Maker 6.lnk 2014-01-07 16:55 - 2014-01-07 16:52 - 00000000 ____D C:\Program Files (x86)\Nikon 2014-01-07 16:54 - 2014-01-07 16:52 - 00000000 ____D C:\Program Files\Common Files\Nikon 2014-01-07 16:54 - 2014-01-07 16:51 - 00000000 ____D C:\Users\Emil\AppData\Local\Downloaded Installations 2014-01-07 16:54 - 2013-04-05 14:00 - 00000000 ____D C:\Windows\Downloaded Installations 2014-01-07 16:53 - 2014-01-07 16:53 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\Sound Effects 2014-01-07 16:53 - 2014-01-07 16:50 - 00000000 ____D C:\ProgramData\Ultima_T15 2014-01-07 16:53 - 2014-01-07 16:50 - 00000000 ____D C:\ProgramData\EnterNHelp 2014-01-07 16:52 - 2014-01-07 16:52 - 00002049 _____ C:\Users\Public\Desktop\ViewNX 2.lnk 2014-01-07 16:52 - 2014-01-07 16:52 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\Sounds 2014-01-07 16:52 - 2014-01-07 16:52 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\Solid Colors 2014-01-07 16:52 - 2014-01-07 16:52 - 00000268 ___RH C:\ProgramData\Space Choir 2014-01-07 16:52 - 2014-01-07 16:52 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2014-01-07 16:52 - 2014-01-07 16:52 - 00000012 ___RH C:\ProgramData\Sync Services 2014-01-07 16:52 - 2014-01-07 16:52 - 00000000 ____D C:\Program Files\Nikon 2014-01-07 16:52 - 2014-01-07 16:50 - 00000012 ___RH C:\ProgramData\Strings 2014-01-07 16:51 - 2014-01-07 16:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL 2014-01-07 16:51 - 2014-01-07 16:50 - 00000020 ____H C:\ProgramData\PKP_DLeo.DAT 2014-01-07 16:50 - 2014-01-07 16:50 - 00000268 ___RH C:\Users\Emil\AppData\Roaming\StatusSheet 2014-01-07 16:47 - 2014-01-07 16:47 - 00000000 ____D C:\Users\Emil\Downloads\Nikon 2014-01-07 16:27 - 2014-01-07 16:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-01-02 21:45 - 2013-04-06 01:27 - 00000000 ___RD C:\Users\Emil\Desktop\Programy 2013-12-31 14:17 - 2013-12-31 14:17 - 00000000 _____ C:\Users\Emil\Desktop\Nowy dokument tekstowy (2).txt 2013-12-27 21:23 - 2013-12-14 20:07 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-27 21:22 - 2013-12-17 18:01 - 00000000 ____D C:\Program Files (x86)\Ontrack 2013-12-27 21:03 - 2013-12-27 20:50 - 07268863 _____ C:\Users\Emil\Downloads\Zdjecia.zip 2013-12-27 21:02 - 2013-12-27 21:02 - 00000000 ____D C:\Users\Emil\Downloads\_brak_tematu_(3) 2013-12-27 20:51 - 2013-12-27 20:47 - 01974309 _____ C:\Users\Emil\Downloads\image.jpeg 2013-12-27 20:49 - 2013-12-27 20:49 - 07378344 _____ C:\Users\Emil\Downloads\_brak_tematu_(4).zip 2013-12-27 20:49 - 2013-12-27 20:49 - 03406147 _____ C:\Users\Emil\Downloads\_brak_tematu_(5).zip 2013-12-27 20:49 - 2013-12-27 20:48 - 08100231 _____ C:\Users\Emil\Downloads\_brak_tematu_(3).zip 2013-12-27 20:48 - 2013-12-27 20:47 - 07084779 _____ C:\Users\Emil\Downloads\_brak_tematu_(2).zip 2013-12-27 20:47 - 2013-12-27 20:47 - 07236131 _____ C:\Users\Emil\Downloads\_brak_tematu_.zip 2013-12-27 20:47 - 2013-12-27 20:47 - 07084779 _____ C:\Users\Emil\Downloads\_brak_tematu_(1).zip 2013-12-23 19:49 - 2013-07-25 22:26 - 00000000 ____D C:\FFOutput 2013-12-22 20:35 - 2013-04-06 00:39 - 00000000 ____D C:\Users\Emil\AppData\Local\GG 2013-12-22 19:23 - 2013-04-09 11:46 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe 2013-12-22 14:35 - 2013-12-22 14:01 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-22 14:35 - 2013-12-22 14:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-22 14:35 - 2013-04-05 23:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-22 14:32 - 2013-10-11 12:53 - 00000000 ____D C:\Users\Emil\Documents\Ubisoft 2013-12-22 14:28 - 2013-08-31 10:37 - 00000000 ____D C:\ProgramData\Ubisoft Files to move or delete: ==================== C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-20 22:09 ==================== End Of Log ============================