Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014 Ran by oem (administrator) on OEM-KOMPUTER on 30-08-2014 18:40:22 Running from C:\Users\oem\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Crystal Dew World) E:\Instalki\DiskInfo.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-07-02] () HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-03] () HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HWiNFO64] => C:\Program Files\HWiNFO64\HWiNFO64.EXE [2550672 2013-05-16] (REALiX) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-1402326780-2026060396-4273624969-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\S-1-5-21-1402326780-2026060396-4273624969-1000\...\Run: [Google Update] => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2014-02-15] (Google Inc.) HKU\S-1-5-21-1402326780-2026060396-4273624969-1000\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [75064 2011-07-07] (Hewlett-Packard Company) HKU\S-1-5-21-1402326780-2026060396-4273624969-1000\...\MountPoints2: {611454c1-800c-11e3-b207-70f395809366} - F:\Startme.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\oem\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\oem\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.google.pl/webhp?tab=ww&ei=QDsBU6O_OuOD4gSxrYGgCg&ved=0CBAQ1S4" CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15] CHR Extension: (Dysk Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15] CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15] CHR Extension: (Adblock Plus) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-20] CHR Extension: (Szukaj w Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15] CHR Extension: (Google Wallet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15] CHR Extension: (Gmail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-07-02] () R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [652328 2011-09-13] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-05] (Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-09-05] (Ericsson AB) S3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [102440 2011-09-06] (Ericsson AB) R3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2014-01-07] (SweetLow) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-12-30] (REALiX(tm)) S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation) S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation) S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation) R1 PStrip64; C:\Windows\System32\drivers\pstrip64.sys [13008 2006-09-30] () R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) R1 se64a; C:\Windows\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] () S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279080 2011-09-07] (Ericsson AB) U4 bdselfpr; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-30 18:40 - 2014-08-30 18:40 - 00011279 _____ () C:\Users\oem\Downloads\FRST.txt 2014-08-30 15:47 - 2014-08-30 15:47 - 00000000 ____D () C:\Users\oem\Downloads\FRST-OlderVersion 2014-08-30 15:19 - 2014-08-30 15:19 - 01364531 _____ () C:\Users\oem\Downloads\adwcleaner_3.308.exe 2014-08-28 21:13 - 2014-08-28 21:13 - 03905472 _____ () C:\Users\oem\Downloads\hltv-1408270626-de_nuke.dem (1).zip 2014-08-28 20:15 - 2014-08-28 20:16 - 04914616 _____ () C:\Users\oem\Downloads\hltv-1408270459-de_nuke.dem.zip 2014-08-28 20:15 - 2014-08-28 20:16 - 03905472 _____ () C:\Users\oem\Downloads\hltv-1408270626-de_nuke.dem.zip 2014-08-28 16:53 - 2014-08-28 16:53 - 00380416 _____ () C:\Users\oem\Downloads\zex2n4u4.exe 2014-08-28 16:52 - 2014-08-28 16:52 - 00380416 _____ () C:\Users\oem\Downloads\5esfim3u.exe 2014-08-25 20:55 - 2014-08-25 20:55 - 00002689 _____ () C:\Users\oem\Desktop\Microsoft Office Excel 2007.lnk 2014-08-20 21:05 - 2014-08-20 21:05 - 00000000 ___RD () C:\Users\oem\Podcasts 2014-08-20 21:00 - 2014-08-20 21:02 - 00000000 ____D () C:\Program Files\Zune 2014-08-20 21:00 - 2014-08-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune 2014-08-20 20:46 - 2014-08-20 20:50 - 105664248 _____ (Microsoft Corporation) C:\Users\oem\Downloads\ZuneSetupPkg (1).exe 2014-08-20 20:43 - 2014-08-20 20:46 - 105664248 _____ (Microsoft Corporation) C:\Users\oem\Downloads\ZuneSetupPkg.exe 2014-08-20 20:43 - 2014-08-20 20:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2014-08-20 20:43 - 2014-08-20 20:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-08-13 20:27 - 2014-08-13 20:27 - 00606475 _____ () C:\Users\oem\Downloads\de_nuke0000.rar 2014-08-12 22:51 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-12 22:51 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-12 22:51 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-12 22:51 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-12 22:51 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-12 22:51 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-12 22:51 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-12 22:51 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-12 21:58 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-12 21:58 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-12 21:58 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-12 21:58 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-12 21:58 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-12 21:58 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-12 21:58 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-12 21:58 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-12 21:58 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-12 21:58 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-12 21:58 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-12 21:58 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-12 21:58 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-12 21:58 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-12 21:58 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-12 21:58 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-12 21:58 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-12 21:58 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-12 21:58 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-12 21:58 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-12 21:58 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-12 21:58 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-12 21:58 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-12 21:58 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-12 21:58 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-12 21:58 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-12 21:58 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-12 21:58 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-12 21:58 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-12 21:58 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-12 21:58 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-12 21:58 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-12 21:58 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-12 21:58 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-12 21:58 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-12 21:58 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-12 21:58 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-12 21:58 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-12 21:58 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-12 21:58 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-12 21:58 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-12 21:58 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-12 21:58 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-12 21:58 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-12 21:58 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-12 21:58 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-12 21:58 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-12 21:58 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-12 21:58 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-12 21:58 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-12 21:58 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-12 21:58 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-12 21:58 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-12 21:58 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-12 21:58 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-12 21:58 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-12 21:58 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-12 21:58 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-12 21:58 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-12 21:58 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-12 21:58 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-12 21:58 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-12 21:58 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-12 21:58 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-12 21:58 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-12 21:58 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-12 21:58 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-12 21:58 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-12 21:58 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-12 21:54 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-12 21:54 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-11 20:50 - 2014-08-26 20:41 - 00000000 ____D () C:\Program Files\ESET ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-30 18:40 - 2014-08-30 18:40 - 00011279 _____ () C:\Users\oem\Downloads\FRST.txt 2014-08-30 18:40 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST 2014-08-30 18:23 - 2014-05-08 17:11 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402326780-2026060396-4273624969-1000UA1cf6acfd4f6e03a.job 2014-08-30 18:01 - 2013-12-31 14:32 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-30 17:02 - 2013-04-30 11:23 - 01823850 _____ () C:\Windows\WindowsUpdate.log 2014-08-30 15:56 - 2009-07-14 06:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-30 15:56 - 2009-07-14 06:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-30 15:49 - 2014-07-10 13:59 - 00030106 _____ () C:\Windows\PFRO.log 2014-08-30 15:49 - 2014-07-06 09:36 - 00015260 _____ () C:\Windows\setupact.log 2014-08-30 15:49 - 2013-12-30 17:46 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-30 15:49 - 2013-04-30 12:51 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-30 15:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-30 15:49 - 2009-07-14 06:45 - 00419952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 15:47 - 2014-08-30 15:47 - 00000000 ____D () C:\Users\oem\Downloads\FRST-OlderVersion 2014-08-30 15:47 - 2014-07-21 19:02 - 02103808 _____ (Farbar) C:\Users\oem\Downloads\FRST64.exe 2014-08-30 15:43 - 2014-06-01 21:27 - 00000190 _____ () C:\Users\oem\Desktop\gammacfg.ini 2014-08-30 15:30 - 2014-05-03 23:48 - 00000000 ____D () C:\AdwCleaner 2014-08-30 15:19 - 2014-08-30 15:19 - 01364531 _____ () C:\Users\oem\Downloads\adwcleaner_3.308.exe 2014-08-28 21:13 - 2014-08-28 21:13 - 03905472 _____ () C:\Users\oem\Downloads\hltv-1408270626-de_nuke.dem (1).zip 2014-08-28 20:22 - 2013-12-31 14:29 - 00000000 ____D () C:\Users\oem\AppData\Roaming\TS3Client 2014-08-28 20:16 - 2014-08-28 20:15 - 04914616 _____ () C:\Users\oem\Downloads\hltv-1408270459-de_nuke.dem.zip 2014-08-28 20:16 - 2014-08-28 20:15 - 03905472 _____ () C:\Users\oem\Downloads\hltv-1408270626-de_nuke.dem.zip 2014-08-28 16:53 - 2014-08-28 16:53 - 00380416 _____ () C:\Users\oem\Downloads\zex2n4u4.exe 2014-08-28 16:52 - 2014-08-28 16:52 - 00380416 _____ () C:\Users\oem\Downloads\5esfim3u.exe 2014-08-26 20:41 - 2014-08-11 20:50 - 00000000 ____D () C:\Program Files\ESET 2014-08-26 15:52 - 2013-07-28 12:20 - 00000000 ____D () C:\Users\oem\Desktop\ADAM 2014-08-25 20:55 - 2014-08-25 20:55 - 00002689 _____ () C:\Users\oem\Desktop\Microsoft Office Excel 2007.lnk 2014-08-21 03:03 - 2014-02-17 10:59 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1402326780-2026060396-4273624969-1000Core1cf2bbe8178a79c.job 2014-08-20 21:05 - 2014-08-20 21:05 - 00000000 ___RD () C:\Users\oem\Podcasts 2014-08-20 21:05 - 2013-04-30 11:55 - 00000000 ____D () C:\Users\oem 2014-08-20 21:02 - 2014-08-20 21:00 - 00000000 ____D () C:\Program Files\Zune 2014-08-20 21:00 - 2014-08-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune 2014-08-20 21:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-08-20 20:50 - 2014-08-20 20:46 - 105664248 _____ (Microsoft Corporation) C:\Users\oem\Downloads\ZuneSetupPkg (1).exe 2014-08-20 20:46 - 2014-08-20 20:43 - 105664248 _____ (Microsoft Corporation) C:\Users\oem\Downloads\ZuneSetupPkg.exe 2014-08-20 20:43 - 2014-08-20 20:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2014-08-20 20:43 - 2014-08-20 20:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-08-19 14:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-19 09:52 - 2011-04-12 15:21 - 00740446 _____ () C:\Windows\system32\perfh015.dat 2014-08-19 09:52 - 2011-04-12 15:21 - 00155988 _____ () C:\Windows\system32\perfc015.dat 2014-08-19 09:52 - 2009-07-14 07:13 - 01669606 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-14 13:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-13 20:27 - 2014-08-13 20:27 - 00606475 _____ () C:\Users\oem\Downloads\de_nuke0000.rar 2014-08-13 17:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-12 23:03 - 2014-06-19 10:19 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-12 22:59 - 2013-09-18 13:58 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-12 22:55 - 2013-04-30 16:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-12 22:54 - 2014-03-27 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-12 22:53 - 2014-03-27 18:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-12 22:53 - 2014-03-27 18:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-01 01:41 - 2014-08-12 21:58 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-01 01:16 - 2014-08-12 21:58 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-08-30 16:10 ==================== End Of Log ============================