Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014 Ran by user (administrator) on USER-KOMPUTER on 07-08-2014 15:29:07 Running from C:\Users\user\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, HKU\S-1-5-21-4099176630-3763706609-2041739576-1000\...\Run: [Steam] => D:\GRY\steam.exe [1753280 2014-07-16] (Valve Corporation) HKU\S-1-5-21-4099176630-3763706609-2041739576-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-29] (Facebook Inc.) HKU\S-1-5-21-4099176630-3763706609-2041739576-1000\...\MountPoints2: {163d06df-ff51-11e2-a3a6-806e6f6e6963} - E:\Run.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 87.204.204.204 62.233.233.233 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v74h2sgc.default FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll () FF Extension: Iplex to ALLPlayer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v74h2sgc.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2014-01-11] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v74h2sgc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-08] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed] R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-31] () R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-10] (Disc Soft Ltd) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-05-02] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-05-02] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-05-02] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-05-02] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-05-02] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-05-02] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-05-02] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-05-02] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-05-02] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-05-02] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-05-02] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-05-02] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-05-05] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119840 2014-05-05] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-05-05] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121888 2014-05-05] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-05-06] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-05-05] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.) S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 15:29 - 2014-08-07 15:29 - 00011221 _____ () C:\Users\user\Desktop\FRST.txt 2014-08-07 15:26 - 2014-03-25 15:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-08-07 15:24 - 2014-08-07 15:24 - 00000000 _____ () C:\Users\user\Desktop\Nowy dokument tekstowy (2).txt 2014-08-07 15:12 - 2014-08-07 15:18 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-08-07 15:12 - 2014-08-07 15:12 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-08-07 15:11 - 2014-08-07 15:11 - 05392984 _____ () C:\Users\user\Desktop\RogueKillerX64.exe 2014-08-07 15:10 - 2014-08-07 15:17 - 00002962 _____ () C:\Windows\PFRO.log 2014-08-07 15:10 - 2014-08-07 15:10 - 00002347 _____ () C:\Users\user\Desktop\AdwCleaner[S3].txt 2014-08-07 15:07 - 2014-08-07 15:07 - 01475072 _____ () C:\Users\user\Desktop\adwcleaner_3.303.exe 2014-08-06 17:02 - 2013-12-06 01:46 - 00009707 ____R () C:\Users\user\Desktop\autoexec.cfg 2014-08-06 16:05 - 2014-08-06 16:05 - 00380416 _____ () C:\Users\user\Desktop\4nzhk6lp.exe 2014-08-06 16:04 - 2014-08-06 16:04 - 02094080 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-08-06 16:04 - 2014-08-06 16:04 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe 2014-08-02 09:43 - 2014-08-02 09:43 - 422358580 _____ () C:\Windows\MEMORY.DMP 2014-08-02 09:43 - 2014-08-02 09:43 - 00441912 _____ () C:\Windows\Minidump\080214-18392-01.dmp 2014-07-30 20:22 - 2014-07-30 20:22 - 00024022 _____ () C:\Users\user\Desktop\2424_54d9.jpeg 2014-07-30 02:15 - 2014-07-30 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-21 15:01 - 2014-07-21 15:06 - 00000000 ____D () C:\Users\user\Desktop\dziwnów 2014 2014-07-18 19:54 - 2014-08-06 17:01 - 00002155 _____ () C:\Windows\WindowsUpdate.log 2014-07-16 19:11 - 2014-07-16 19:11 - 00004232 _____ () C:\Users\user\Desktop\USAWIENIA ROUTER AKTUALNE.bin 2014-07-16 19:05 - 2014-07-16 19:11 - 00000031 _____ () C:\Users\user\Desktop\Nowy dokument tekstowy.txt 2014-07-15 15:28 - 2014-07-15 15:28 - 00001013 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk 2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\Program Files (x86)\WinHex 2014-07-15 15:27 - 2014-07-15 15:27 - 02202308 _____ () C:\Users\user\Desktop\winhex.zip 2014-07-15 15:23 - 2014-07-15 15:23 - 14457872 _____ (VSO Software ) C:\Users\user\Desktop\Blindwrite7_setup.exe 2014-07-15 15:23 - 2014-07-15 15:23 - 00118400 _____ (VSO Software) C:\Users\user\AppData\Roaming\ezplay.sys 2014-07-15 15:23 - 2014-07-15 15:23 - 00099384 _____ () C:\Users\user\AppData\Roaming\inst.exe 2014-07-15 15:23 - 2014-07-15 15:23 - 00082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys 2014-07-15 15:23 - 2014-07-15 15:23 - 00007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat 2014-07-15 15:23 - 2014-07-15 15:23 - 00007833 _____ () C:\Users\user\AppData\Roaming\ezplay.cat 2014-07-15 15:23 - 2014-07-15 15:23 - 00001153 _____ () C:\Users\user\Desktop\BlindWrite 7.lnk 2014-07-15 15:23 - 2014-07-15 15:23 - 00000125 _____ () C:\Users\user\AppData\Roaming\ezplay.ini 2014-07-15 15:23 - 2014-07-15 15:23 - 00000074 _____ () C:\Users\user\AppData\Roaming\ezplay.log 2014-07-15 15:23 - 2014-07-15 15:23 - 00000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\Users\user\Documents\PcSetup 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Vso 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\ProgramData\VSO 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\Program Files (x86)\VSO 2014-07-15 15:20 - 2014-07-15 15:21 - 00000249 _____ () C:\Users\user\Desktop\list-1782aa-3.bin 2014-07-11 14:41 - 2014-08-07 15:26 - 00007448 _____ () C:\Windows\setupact.log 2014-07-11 14:41 - 2014-07-11 14:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-09 16:42 - 2014-07-09 16:45 - 00000000 ____D () C:\Users\user\Desktop\Nowy folder ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 15:29 - 2014-08-07 15:29 - 00011221 _____ () C:\Users\user\Desktop\FRST.txt 2014-08-07 15:29 - 2013-11-10 20:07 - 00000000 ____D () C:\FRST 2014-08-07 15:26 - 2014-07-11 14:41 - 00007448 _____ () C:\Windows\setupact.log 2014-08-07 15:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-07 15:25 - 2009-07-14 06:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-07 15:25 - 2009-07-14 06:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-07 15:24 - 2014-08-07 15:24 - 00000000 _____ () C:\Users\user\Desktop\Nowy dokument tekstowy (2).txt 2014-08-07 15:22 - 2011-04-12 15:21 - 06106516 _____ () C:\Windows\system32\perfh015.dat 2014-08-07 15:22 - 2011-04-12 15:21 - 01974078 _____ () C:\Windows\system32\perfc015.dat 2014-08-07 15:22 - 2009-07-14 07:13 - 00006112 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-07 15:18 - 2014-08-07 15:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-08-07 15:17 - 2014-08-07 15:10 - 00002962 _____ () C:\Windows\PFRO.log 2014-08-07 15:13 - 2013-11-10 19:50 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-07 15:12 - 2014-08-07 15:12 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-08-07 15:11 - 2014-08-07 15:11 - 05392984 _____ () C:\Users\user\Desktop\RogueKillerX64.exe 2014-08-07 15:10 - 2014-08-07 15:10 - 00002347 _____ () C:\Users\user\Desktop\AdwCleaner[S3].txt 2014-08-07 15:09 - 2013-11-10 20:15 - 00000000 ____D () C:\AdwCleaner 2014-08-07 15:07 - 2014-08-07 15:07 - 01475072 _____ () C:\Users\user\Desktop\adwcleaner_3.303.exe 2014-08-07 15:02 - 2014-05-29 02:57 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4099176630-3763706609-2041739576-1000UA.job 2014-08-07 12:56 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-07 03:02 - 2014-05-29 02:57 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4099176630-3763706609-2041739576-1000Core.job 2014-08-07 02:28 - 2014-02-03 22:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client 2014-08-06 17:01 - 2014-07-18 19:54 - 00002155 _____ () C:\Windows\WindowsUpdate.log 2014-08-06 16:05 - 2014-08-06 16:05 - 00380416 _____ () C:\Users\user\Desktop\4nzhk6lp.exe 2014-08-06 16:04 - 2014-08-06 16:04 - 02094080 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-08-06 16:04 - 2014-08-06 16:04 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe 2014-08-02 09:43 - 2014-08-02 09:43 - 422358580 _____ () C:\Windows\MEMORY.DMP 2014-08-02 09:43 - 2014-08-02 09:43 - 00441912 _____ () C:\Windows\Minidump\080214-18392-01.dmp 2014-08-02 09:43 - 2013-09-23 00:12 - 00000000 ____D () C:\Windows\Minidump 2014-07-30 20:22 - 2014-07-30 20:22 - 00024022 _____ () C:\Users\user\Desktop\2424_54d9.jpeg 2014-07-30 13:44 - 2014-07-30 02:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-21 15:06 - 2014-07-21 15:01 - 00000000 ____D () C:\Users\user\Desktop\dziwnów 2014 2014-07-16 19:11 - 2014-07-16 19:11 - 00004232 _____ () C:\Users\user\Desktop\USAWIENIA ROUTER AKTUALNE.bin 2014-07-16 19:11 - 2014-07-16 19:05 - 00000031 _____ () C:\Users\user\Desktop\Nowy dokument tekstowy.txt 2014-07-16 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-15 15:28 - 2014-07-15 15:28 - 00001013 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk 2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\Program Files (x86)\WinHex 2014-07-15 15:27 - 2014-07-15 15:27 - 02202308 _____ () C:\Users\user\Desktop\winhex.zip 2014-07-15 15:23 - 2014-07-15 15:23 - 14457872 _____ (VSO Software ) C:\Users\user\Desktop\Blindwrite7_setup.exe 2014-07-15 15:23 - 2014-07-15 15:23 - 00118400 _____ (VSO Software) C:\Users\user\AppData\Roaming\ezplay.sys 2014-07-15 15:23 - 2014-07-15 15:23 - 00099384 _____ () C:\Users\user\AppData\Roaming\inst.exe 2014-07-15 15:23 - 2014-07-15 15:23 - 00082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys 2014-07-15 15:23 - 2014-07-15 15:23 - 00007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat 2014-07-15 15:23 - 2014-07-15 15:23 - 00007833 _____ () C:\Users\user\AppData\Roaming\ezplay.cat 2014-07-15 15:23 - 2014-07-15 15:23 - 00001153 _____ () C:\Users\user\Desktop\BlindWrite 7.lnk 2014-07-15 15:23 - 2014-07-15 15:23 - 00000125 _____ () C:\Users\user\AppData\Roaming\ezplay.ini 2014-07-15 15:23 - 2014-07-15 15:23 - 00000074 _____ () C:\Users\user\AppData\Roaming\ezplay.log 2014-07-15 15:23 - 2014-07-15 15:23 - 00000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\Users\user\Documents\PcSetup 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Vso 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\ProgramData\VSO 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2014-07-15 15:23 - 2014-07-15 15:23 - 00000000 ____D () C:\Program Files (x86)\VSO 2014-07-15 15:21 - 2014-07-15 15:20 - 00000249 _____ () C:\Users\user\Desktop\list-1782aa-3.bin 2014-07-15 15:21 - 2013-08-15 10:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite 2014-07-12 17:13 - 2013-11-10 21:35 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-12 17:13 - 2013-11-10 19:50 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-12 17:13 - 2013-11-10 19:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-12 11:46 - 2014-05-29 10:26 - 00000000 ____D () C:\ProgramData\Origin 2014-07-11 16:08 - 2014-05-31 21:20 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-11 16:08 - 2014-05-31 20:37 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-07-11 14:41 - 2014-07-11 14:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-10 23:23 - 2014-05-31 20:37 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-07-09 16:45 - 2014-07-09 16:42 - 00000000 ____D () C:\Users\user\Desktop\Nowy folder 2014-07-09 16:43 - 2014-07-01 13:22 - 00000000 ____D () C:\Program Files (x86)\Plagiarisma.Net 2014-07-09 16:43 - 2014-04-18 14:47 - 00000000 ____D () C:\Users\user\AppData\Local\Sony 2014-07-09 16:43 - 2014-04-18 14:47 - 00000000 ____D () C:\ProgramData\Sony Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 17:09 ==================== End Of Log ============================