Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

extendedunlimited / gameharbor.org pop-up


  • This topic is locked This topic is locked
8 replies to this topic

#1 fenrii

fenrii

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 13 September 2014 - 02:37 PM

I got infected with an annoying pop-up which opens my browser with extendedunlimited website, then re-directs to gameharbor.org. I scanned my PC with AVG, Malwarebytes Anti-Malware and AdwCleaner and they found nothing wrong.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Justyna at 21:18:38 on 2014-09-13
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.3958.1654 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
d:\PROGRA~2\AVG\avgrsa.exe
D:\Program Files\AVG\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
D:\Program Files\AVG\avgidsagent.exe
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
D:\Program Files\AVG\avgwdsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
D:\Program Files\AVG\avgnsa.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
D:\Program Files\AVG\avgemca.exe
C:\Windows\System32\WTMKM.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\AVG\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
D:\Program Files\SRWare Iron\chrome.exe
D:\Program Files\Steam\bin\steamwebhelper.exe
D:\Program Files\SRWare Iron\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
d:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
d:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Windows\system32\atwtusb.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
D:\Program Files\SRWare Iron\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Bloody2] "C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe" Minimum
uRun: [iTunesHelper] wscript.exe //B "C:\Users\Justyna\AppData\Local\Temp\iTunesHelper.vbe"
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [CAPOSD] C:\PROGRA~2\Lenovo\LENOVO~1\CAPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
mRun: [AVG_UI] "D:\Program Files\AVG\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Justyna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Justyna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - D:\Program Files\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{0FE3D985-DB7A-4B07-B6C2-2B7B27902913} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\07167756C6 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\1487563737D465430303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\4456661657C647 : DHCPNameServer = 194.204.152.34 194.204.159.1
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\D416B65627D45656475707 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\E4544574541425 : DHCPNameServer = 10.0.0.100
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\E656875737 : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{41885453-8235-4995-90A9-A36889AC5A8C}\F465F514255414F563936313 : DHCPNameServer = 192.168.169.1 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://www.google.com
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MacrokeyManager] WTMKM.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2013-2-24 16152]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2013-2-25 39008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-10-21 32544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-6 283200]
R2 AVGIDSAgent;AVGIDSAgent;D:\Program Files\AVG\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;D:\Program Files\AVG\avgwdsvc.exe [2014-8-25 289328]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-25 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-25 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-25 161560]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-21 14997280]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-25 363800]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2014-6-19 627992]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-2-25 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-2-25 615976]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-2-25 39976]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Audio dla ekranów;C:\Windows\System32\drivers\IntcDAud.sys [2013-2-24 331264]
R3 iusb3hub;Sterownik koncentratora Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-2-24 356120]
R3 iusb3xhc;Sterownik kontrolera hosta Intel® USB 3.0 eXtensible;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-24 787736]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-21 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-25 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Program Files\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2014-4-13 25832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2014-6-19 14136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2013-2-25 313960]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2014-6-19 90424]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2014-6-19 15160]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-25 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2014-09-13 18:41:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-13 18:27:58 -------- d-----w- C:\FRST
2014-09-13 18:07:43 -------- d-----w- C:\AdwCleaner
2014-09-13 16:38:10 -------- d-----w- C:\Windows\ERUNT
2014-09-13 16:26:07 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-13 12:03:34 -------- d-----w- C:\Program Files\Enigma Software Group
2014-09-10 23:04:36 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 23:04:36 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 08:11:09 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 08:11:09 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 08:10:55 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 08:10:55 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 08:10:45 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 08:10:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 08:10:45 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 08:10:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 08:10:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 08:10:41 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 08:10:41 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-07 07:16:31 -------- d-----w- C:\ProgramData\Avg_Update_0814av
2014-09-06 10:31:55 -------- d-----w- C:\Program Files (x86)\Mumble
2014-09-05 19:28:38 -------- d-----w- C:\Users\Justyna\AppData\Roaming\AVG2014
2014-09-05 19:27:34 -------- d-----w- C:\Users\Justyna\AppData\Roaming\TuneUp Software
2014-09-05 19:26:57 -------- d--h--w- C:\$AVG
2014-09-05 19:26:57 -------- d-----w- C:\ProgramData\AVG2014
2014-09-05 19:22:10 -------- d--h--w- C:\ProgramData\Common Files
2014-09-05 19:22:10 -------- d-----w- C:\Users\Justyna\AppData\Local\MFAData
2014-09-05 19:22:10 -------- d-----w- C:\Users\Justyna\AppData\Local\Avg2014
2014-09-05 19:22:10 -------- d-----w- C:\ProgramData\MFAData
2014-09-05 14:27:56 -------- d-----w- C:\ProgramData\Package Cache
2014-09-05 08:14:10 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5642D00-9C1C-4041-93E3-0BAC980085C0}\mpengine.dll
2014-08-28 09:59:04 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 09:59:03 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 09:59:03 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 14:25:13 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-19 14:24:32 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-19 14:24:32 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-19 14:23:58 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-19 14:23:58 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-19 14:23:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-19 14:23:57 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-18 22:53:30 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-18 22:53:30 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-18 22:53:30 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-18 22:53:30 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-18 22:53:28 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-18 22:53:28 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-18 22:53:10 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-18 22:53:10 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-18 17:07:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-18 17:07:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-18 17:06:42 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-18 17:06:41 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-18 17:06:41 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-18 17:06:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-18 17:06:39 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-18 17:06:38 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-18 17:06:37 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-18 17:06:11 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-18 17:01:14 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-18 17:01:10 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
==================== Find3M  ====================
.
2014-09-13 17:41:29 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-10 16:18:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 16:18:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-10 16:18:13 17903792 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-06 08:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-08-05 07:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-21 19:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-30 10:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 21:21:40,54 ===============



Attached File  attach.txt   6.31KB   0 downloads
 

Edited by fenrii, 13 September 2014 - 03:24 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 14 September 2014 - 05:55 AM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 fenrii

fenrii
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 14 September 2014 - 08:14 AM

Hi, thanks for quick reply. Here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Justyna (administrator) on JUST on 14-09-2014 15:08:45
Running from C:\Users\Justyna\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(RealVNC Ltd) D:\Program Files\RealVNC\VNC4\winvnc4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Windows\System32\WTMKM.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Valve Corporation) D:\Program Files\Steam\Steam.exe
(RealVNC Ltd) D:\Program Files\RealVNC\VNC4\winvnc4.exe
() C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe
(Valve Corporation) D:\Program Files\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(OpenOffice.org) D:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) D:\Program Files\OpenOffice.org 3\program\soffice.bin
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
() C:\Windows\System32\atwtusb.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Windows\System32\atwtusb.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Electronic Arts) D:\Program Files\Origin\Origin.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgemca.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgnsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgcsrva.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2013-02-25] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2013-02-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2013-02-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-09-19] (NVIDIA Corporation)
HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [7329792 2011-06-01] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [AVG_UI] => D:\Program Files\AVG\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [Steam] => D:\Program Files\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe [11895808 2013-08-30] ()
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [iTunesHelper] => wscript.exe //B "C:\Users\Justyna\AppData\Local\Temp\iTunesHelper.vbe" <===== ATTENTION
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {9e20d5a0-9e8f-11e2-8a2b-9cb70dcfc039} - F:\setup.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {c277aeba-12ec-11e3-9c96-9cb70dcfc039} - G:\AutoRun.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {c43a7871-0051-11e3-9a42-9cb70dcfc039} - G:\Setup.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {e9ade4c6-e1b2-11e2-9cb1-9cb70dcfc039} - G:\AutoRun.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {e9ade4c9-e1b2-11e2-9cb1-9cb70dcfc039} - G:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-16] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * aswBoot.exe /M:1634019dba /wow /dir:"D:\Program Files\AVAST Software\Avast"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {A34201B6-AAF2-46AA-B92C-5D801FB2FBEF} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: GooSave -> {6b8959fe-6749-4dfe-bdb5-6f8f4949147b} -> C:\Program Files (x86)\GooSave\KA7sg29Vk3xNF3.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
Chrome: 
=======
CHR Profile: C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSoaeve) - C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkocfidlhbholonjagleomlomohdibn [2014-09-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; D:\Program Files\AVG\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files\AVG\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S3 DAUpdaterSvc; D:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-04-13] (BioWare)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-09-19] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinVNC4; d:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-02-04] (RealVNC Ltd)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
R2 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 Hamachi2Svc; "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-06] (DT Soft Ltd)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [281600 2009-04-11] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2009-04-11] (Xilinx, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vm332avs; System32\Drivers\vm332avs.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 15:08 - 2014-09-14 15:10 - 00019552 _____ () C:\Users\Justyna\Desktop\FRST.txt
2014-09-14 15:07 - 2014-09-14 15:07 - 02105856 _____ (Farbar) C:\Users\Justyna\Downloads\FRST64 (1).exe
2014-09-14 13:20 - 2014-09-14 13:20 - 00000402 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\ProgramData\GooSave
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\ProgramData\6a22981d09244267
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Program Files (x86)\GooSave
2014-09-14 13:11 - 2014-09-14 13:11 - 00841728 _____ (Turn Indicator Accepted) C:\Users\Justyna\Downloads\SC-T-741874-V5.rar.exe
2014-09-14 13:01 - 2014-09-14 13:01 - 00003328 _____ () C:\Windows\System32\Tasks\{87C4CD45-C373-43D0-BDF2-8C30E13FF576}
2014-09-14 12:51 - 2014-09-14 12:51 - 00001062 _____ () C:\Users\Justyna\Desktop\The SIMS 4 - Deluxe Edition.lnk
2014-09-14 12:04 - 2014-09-14 12:04 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-09-13 21:23 - 2014-09-13 21:23 - 00002928 _____ () C:\Users\Justyna\Desktop\attach.zip
2014-09-13 21:21 - 2014-09-13 21:23 - 00025177 _____ () C:\Users\Justyna\Desktop\dds.txt
2014-09-13 21:21 - 2014-09-13 21:23 - 00006458 _____ () C:\Users\Justyna\Desktop\attach.txt
2014-09-13 21:03 - 2014-09-13 21:03 - 00688992 ____R (Swearware) C:\Users\Justyna\Downloads\dds.com
2014-09-13 20:42 - 2014-09-13 20:42 - 00086970 _____ () C:\Users\Justyna\Downloads\Shortcut.txt
2014-09-13 20:41 - 2014-09-13 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-13 20:41 - 2014-09-13 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 20:41 - 2014-09-13 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 20:41 - 2014-09-13 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 20:41 - 2014-09-13 20:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 20:37 - 2014-09-13 20:42 - 00036435 _____ () C:\Users\Justyna\Downloads\Addition.txt
2014-09-13 20:33 - 2014-09-13 20:33 - 00918440 _____ (Oracle Corporation) C:\Users\Justyna\Downloads\chromeinstall-7u67.exe
2014-09-13 20:29 - 2014-09-13 20:42 - 00054364 _____ () C:\Users\Justyna\Downloads\FRST.txt
2014-09-13 20:27 - 2014-09-14 15:08 - 00000000 ____D () C:\FRST
2014-09-13 20:26 - 2014-09-13 20:26 - 02105856 _____ (Farbar) C:\Users\Justyna\Desktop\FRST64.exe
2014-09-13 20:07 - 2014-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2014-09-13 20:04 - 2014-09-13 20:04 - 01373475 _____ () C:\Users\Justyna\Downloads\AdwCleaner.exe
2014-09-13 19:35 - 2014-09-13 19:35 - 00000689 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-09-13 19:35 - 2014-09-13 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-09-13 19:19 - 2014-09-13 19:19 - 00012169 _____ () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival.htm
2014-09-13 19:19 - 2014-09-13 19:19 - 00000000 ____D () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival_files
2014-09-13 19:11 - 2014-09-13 19:11 - 00001145 _____ () C:\Users\Justyna\Desktop\JRT.txt
2014-09-13 18:40 - 2014-09-13 18:40 - 00295512 _____ () C:\Windows\Minidump\091314-79669-01.dmp
2014-09-13 18:40 - 2014-09-13 18:40 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 18:39 - 2014-09-13 18:39 - 765760894 _____ () C:\Windows\MEMORY.DMP
2014-09-13 18:38 - 2014-09-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:37 - 2014-09-13 18:37 - 01016261 _____ (Thisisu) C:\Users\Justyna\Downloads\JRT (1).exe
2014-09-13 18:26 - 2014-09-13 18:29 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-13 18:25 - 2014-09-13 18:25 - 01016261 _____ (Thisisu) C:\Users\Justyna\Downloads\JRT.exe
2014-09-13 14:18 - 2014-09-13 14:19 - 00000000 ____D () C:\Users\Justyna\Desktop\uczelniane
2014-09-13 14:04 - 2014-09-13 14:04 - 00000000 _____ () C:\autoexec.bat
2014-09-13 14:03 - 2014-09-13 14:03 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-13 13:59 - 2014-09-13 13:59 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Justyna\Downloads\SpyHunter-Installer.exe
2014-09-13 13:54 - 2014-09-13 13:54 - 00022602 _____ () C:\Users\Justyna\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrow.torrent
2014-09-13 13:28 - 2014-09-13 13:28 - 00051766 _____ () C:\Users\Justyna\.recently-used.xbel
2014-09-12 18:35 - 2014-09-12 19:04 - 87481100 _____ () C:\Users\Justyna\Downloads\SC-T-741874-V5.rar
2014-09-11 01:14 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 01:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 01:14 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 01:14 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 01:14 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 01:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 01:14 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 01:14 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 01:14 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 01:14 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 01:14 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 01:14 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 01:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 01:14 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 01:14 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 01:14 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 01:14 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 01:14 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 01:14 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 01:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 01:14 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 01:14 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 01:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 01:14 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 01:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 01:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 01:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 01:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 01:14 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 01:14 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 01:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 01:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 01:14 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 01:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 01:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 01:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 01:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 01:14 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 01:14 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 01:14 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 01:14 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 01:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 01:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 01:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 01:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 01:14 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 01:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 01:14 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 01:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 01:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 01:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 01:14 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 01:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 01:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 01:14 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 01:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 01:04 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 01:04 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 10:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 10:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:10 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 10:10 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 10:10 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 10:10 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 10:10 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 10:10 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 10:10 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:10 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:10 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 09:16 - 2014-09-07 09:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-06 12:31 - 2014-09-06 12:31 - 15391888 _____ () C:\Users\Justyna\Downloads\mumble-1.2.8_plus_MumbleComSkin (1).exe
2014-09-06 12:31 - 2014-09-06 12:31 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-09-05 21:28 - 2014-09-05 21:28 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\AVG2014
2014-09-05 21:27 - 2014-09-05 21:27 - 00000664 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\TuneUp Software
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 21:26 - 2014-09-05 21:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-05 21:26 - 2014-09-05 21:26 - 00000000 ___HD () C:\$AVG
2014-09-05 21:22 - 2014-09-14 12:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-05 21:22 - 2014-09-05 23:29 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Avg2014
2014-09-05 21:22 - 2014-09-05 21:22 - 00000000 ____D () C:\Users\Justyna\AppData\Local\MFAData
2014-09-05 21:16 - 2014-09-05 21:17 - 04755928 _____ (AVG Technologies) C:\Users\Justyna\Downloads\avg_free_stb_all_2014_4336_ppc1.exe
2014-09-05 17:16 - 2014-09-05 17:16 - 00000000 ____D () C:\Users\Justyna\Documents\Electronic Arts
2014-09-05 17:13 - 2014-09-05 17:13 - 01210873 _____ () C:\Users\Justyna\Downloads\SC-TS-748741-C.rar
2014-09-05 17:01 - 2014-09-13 20:12 - 00002600 _____ () C:\Windows\PFRO.log
2014-09-05 16:56 - 2014-09-05 16:56 - 00519488 _____ (AVAST Software) C:\Users\Justyna\Downloads\avastclear.exe
2014-09-05 16:53 - 2014-09-05 16:58 - 121032211 _____ (AVG Technologies) C:\Users\Justyna\Downloads\avg_free_x64_all_2014_4716a7754.exe
2014-09-05 16:27 - 2014-09-05 16:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-03 23:32 - 2014-09-03 23:33 - 208296761 _____ () C:\Users\Justyna\Downloads\Ennorath 2014.zip
2014-09-02 20:25 - 2014-09-02 20:32 - 00001452 _____ () C:\Users\Justyna\Desktop\wtww.txt
2014-09-01 16:43 - 2014-09-01 16:43 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-08-28 11:59 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 11:59 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 11:59 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 20:38 - 2014-08-27 20:38 - 01871675 _____ () C:\Users\Justyna\Downloads\Crack No-CD.rar
2014-08-21 16:21 - 2014-08-31 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Piano 2.5
2014-08-21 16:18 - 2014-08-21 16:18 - 00000630 _____ () C:\Users\Justyna\Desktop\virtuAMP.lnk
2014-08-21 16:18 - 2014-08-21 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\virtuAMP
2014-08-21 16:16 - 2014-08-21 16:17 - 00825833 _____ (Ryan Gregg ) C:\Users\Justyna\Downloads\virtuamp121.exe
2014-08-19 16:25 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 16:25 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 16:25 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 16:25 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 16:24 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 16:24 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 16:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 16:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 16:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 16:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 10:46 - 2014-08-19 12:02 - 905373871 _____ () C:\Users\Justyna\Downloads\Arda2014.zip
2014-08-19 00:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-19 00:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-19 00:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-19 00:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-19 00:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 00:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-19 00:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-19 00:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 19:07 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-18 19:07 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-18 19:06 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-18 19:06 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-18 19:06 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 19:06 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 19:06 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 19:06 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 19:06 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 19:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 19:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-18 19:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 19:01 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 19:01 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 15:10 - 2014-09-14 15:08 - 00019552 _____ () C:\Users\Justyna\Desktop\FRST.txt
2014-09-14 15:08 - 2014-09-13 20:27 - 00000000 ____D () C:\FRST
2014-09-14 15:07 - 2014-09-14 15:07 - 02105856 _____ (Farbar) C:\Users\Justyna\Downloads\FRST64 (1).exe
2014-09-14 14:56 - 2013-02-24 18:41 - 01902850 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 14:18 - 2013-02-25 01:29 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 13:27 - 2013-04-06 16:31 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\uTorrent
2014-09-14 13:20 - 2014-09-14 13:20 - 00000402 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\ProgramData\GooSave
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\ProgramData\6a22981d09244267
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Program Files (x86)\GooSave
2014-09-14 13:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-14 13:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-14 13:11 - 2014-09-14 13:11 - 00841728 _____ (Turn Indicator Accepted) C:\Users\Justyna\Downloads\SC-T-741874-V5.rar.exe
2014-09-14 13:06 - 2014-07-31 14:43 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Origin
2014-09-14 13:06 - 2014-07-31 14:02 - 00000000 ____D () C:\ProgramData\Origin
2014-09-14 13:02 - 2014-04-07 00:05 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-09-14 13:01 - 2014-09-14 13:01 - 00003328 _____ () C:\Windows\System32\Tasks\{87C4CD45-C373-43D0-BDF2-8C30E13FF576}
2014-09-14 12:51 - 2014-09-14 12:51 - 00001062 _____ () C:\Users\Justyna\Desktop\The SIMS 4 - Deluxe Edition.lnk
2014-09-14 12:43 - 2013-02-25 12:05 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Skype
2014-09-14 12:39 - 2013-04-06 11:42 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\DAEMON Tools Lite
2014-09-14 12:34 - 2013-12-21 22:42 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Battle.net
2014-09-14 12:11 - 2009-07-14 06:45 - 00033920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 12:11 - 2009-07-14 06:45 - 00033920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 12:08 - 2014-09-05 21:22 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-14 12:05 - 2013-04-15 20:38 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Dropbox
2014-09-14 12:04 - 2014-09-14 12:04 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-09-14 12:03 - 2009-07-14 04:34 - 00000442 _____ () C:\Windows\win.ini
2014-09-14 12:02 - 2014-08-10 09:14 - 00009670 _____ () C:\Windows\setupact.log
2014-09-14 12:02 - 2013-02-25 00:49 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-14 12:01 - 2013-02-25 00:49 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-14 12:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 21:23 - 2014-09-13 21:23 - 00002928 _____ () C:\Users\Justyna\Desktop\attach.zip
2014-09-13 21:23 - 2014-09-13 21:21 - 00025177 _____ () C:\Users\Justyna\Desktop\dds.txt
2014-09-13 21:23 - 2014-09-13 21:21 - 00006458 _____ () C:\Users\Justyna\Desktop\attach.txt
2014-09-13 21:03 - 2014-09-13 21:03 - 00688992 ____R (Swearware) C:\Users\Justyna\Downloads\dds.com
2014-09-13 20:42 - 2014-09-13 20:42 - 00086970 _____ () C:\Users\Justyna\Downloads\Shortcut.txt
2014-09-13 20:42 - 2014-09-13 20:37 - 00036435 _____ () C:\Users\Justyna\Downloads\Addition.txt
2014-09-13 20:42 - 2014-09-13 20:29 - 00054364 _____ () C:\Users\Justyna\Downloads\FRST.txt
2014-09-13 20:41 - 2014-09-13 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-13 20:40 - 2014-09-13 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 20:40 - 2014-09-13 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 20:40 - 2014-09-13 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 20:40 - 2014-09-13 20:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 20:33 - 2014-09-13 20:33 - 00918440 _____ (Oracle Corporation) C:\Users\Justyna\Downloads\chromeinstall-7u67.exe
2014-09-13 20:26 - 2014-09-13 20:26 - 02105856 _____ (Farbar) C:\Users\Justyna\Desktop\FRST64.exe
2014-09-13 20:12 - 2014-09-05 17:01 - 00002600 _____ () C:\Windows\PFRO.log
2014-09-13 20:10 - 2014-09-13 20:07 - 00000000 ____D () C:\AdwCleaner
2014-09-13 20:04 - 2014-09-13 20:04 - 01373475 _____ () C:\Users\Justyna\Downloads\AdwCleaner.exe
2014-09-13 19:41 - 2014-07-06 00:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 19:35 - 2014-09-13 19:35 - 00000689 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-09-13 19:35 - 2014-09-13 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-09-13 19:19 - 2014-09-13 19:19 - 00012169 _____ () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival.htm
2014-09-13 19:19 - 2014-09-13 19:19 - 00000000 ____D () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival_files
2014-09-13 19:11 - 2014-09-13 19:11 - 00001145 _____ () C:\Users\Justyna\Desktop\JRT.txt
2014-09-13 18:40 - 2014-09-13 18:40 - 00295512 _____ () C:\Windows\Minidump\091314-79669-01.dmp
2014-09-13 18:40 - 2014-09-13 18:40 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 18:39 - 2014-09-13 18:39 - 765760894 _____ () C:\Windows\MEMORY.DMP
2014-09-13 18:38 - 2014-09-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:37 - 2014-09-13 18:37 - 01016261 _____ (Thisisu) C:\Users\Justyna\Downloads\JRT (1).exe
2014-09-13 18:29 - 2014-09-13 18:26 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-13 18:29 - 2014-05-01 17:13 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-13 18:25 - 2014-09-13 18:25 - 01016261 _____ (Thisisu) C:\Users\Justyna\Downloads\JRT.exe
2014-09-13 18:25 - 2013-05-15 13:37 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\foobar2000
2014-09-13 17:36 - 2011-04-12 15:21 - 00740672 _____ () C:\Windows\system32\perfh015.dat
2014-09-13 17:36 - 2011-04-12 15:21 - 00156214 _____ () C:\Windows\system32\perfc015.dat
2014-09-13 17:36 - 2009-07-14 07:13 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 14:19 - 2014-09-13 14:18 - 00000000 ____D () C:\Users\Justyna\Desktop\uczelniane
2014-09-13 14:19 - 2014-01-26 16:44 - 00000000 ____D () C:\Users\Justyna\Desktop\gli
2014-09-13 14:04 - 2014-09-13 14:04 - 00000000 _____ () C:\autoexec.bat
2014-09-13 14:03 - 2014-09-13 14:03 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-13 13:59 - 2014-09-13 13:59 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Justyna\Downloads\SpyHunter-Installer.exe
2014-09-13 13:54 - 2014-09-13 13:54 - 00022602 _____ () C:\Users\Justyna\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrow.torrent
2014-09-13 13:49 - 2013-06-28 21:50 - 00000000 ____D () C:\Users\Justyna\.gimp-2.4
2014-09-13 13:28 - 2014-09-13 13:28 - 00051766 _____ () C:\Users\Justyna\.recently-used.xbel
2014-09-13 13:28 - 2013-02-24 18:46 - 00000000 ____D () C:\Users\Justyna
2014-09-12 19:04 - 2014-09-12 18:35 - 87481100 _____ () C:\Users\Justyna\Downloads\SC-T-741874-V5.rar
2014-09-11 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 01:12 - 2013-02-25 00:31 - 01643124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 01:11 - 2013-07-17 13:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 01:05 - 2013-03-02 02:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 01:04 - 2014-05-06 21:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 18:18 - 2014-07-09 13:19 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 18:18 - 2013-02-25 01:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 18:18 - 2013-02-25 01:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 18:18 - 2013-02-25 01:29 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 09:16 - 2014-09-07 09:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-06 22:46 - 2013-12-21 22:42 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Battle.net
2014-09-06 12:31 - 2014-09-06 12:31 - 15391888 _____ () C:\Users\Justyna\Downloads\mumble-1.2.8_plus_MumbleComSkin (1).exe
2014-09-06 12:31 - 2014-09-06 12:31 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-09-05 23:51 - 2013-03-02 20:49 - 00000000 ____D () C:\Program Files (x86)\LIMBO
2014-09-05 23:29 - 2014-09-05 21:22 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Avg2014
2014-09-05 21:28 - 2014-09-05 21:28 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\AVG2014
2014-09-05 21:28 - 2014-09-05 21:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-05 21:27 - 2014-09-05 21:27 - 00000664 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\TuneUp Software
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 21:26 - 2014-09-05 21:26 - 00000000 ___HD () C:\$AVG
2014-09-05 21:22 - 2014-09-05 21:22 - 00000000 ____D () C:\Users\Justyna\AppData\Local\MFAData
2014-09-05 21:17 - 2014-09-05 21:16 - 04755928 _____ (AVG Technologies) C:\Users\Justyna\Downloads\avg_free_stb_all_2014_4336_ppc1.exe
2014-09-05 17:16 - 2014-09-05 17:16 - 00000000 ____D () C:\Users\Justyna\Documents\Electronic Arts
2014-09-05 17:13 - 2014-09-05 17:13 - 01210873 _____ () C:\Users\Justyna\Downloads\SC-TS-748741-C.rar
2014-09-05 17:06 - 2013-04-06 13:19 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 17:01 - 2013-12-02 11:13 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\AVAST Software
2014-09-05 17:01 - 2013-02-25 01:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-05 16:58 - 2014-09-05 16:53 - 121032211 _____ (AVG Technologies) C:\Users\Justyna\Downloads\avg_free_x64_all_2014_4716a7754.exe
2014-09-05 16:58 - 2013-02-25 01:20 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-09-05 16:56 - 2014-09-05 16:56 - 00519488 _____ (AVAST Software) C:\Users\Justyna\Downloads\avastclear.exe
2014-09-05 16:29 - 2014-09-05 16:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-05 10:09 - 2013-02-25 01:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-05 04:10 - 2014-09-10 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 10:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 20:24 - 2013-02-25 12:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-03 23:33 - 2014-09-03 23:32 - 208296761 _____ () C:\Users\Justyna\Downloads\Ennorath 2014.zip
2014-09-02 21:16 - 2013-04-15 17:38 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Audacity
2014-09-02 20:32 - 2014-09-02 20:25 - 00001452 _____ () C:\Users\Justyna\Desktop\wtww.txt
2014-09-01 16:43 - 2014-09-01 16:43 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-08-31 16:13 - 2014-08-21 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Piano 2.5
2014-08-30 10:51 - 2009-07-14 06:45 - 00294552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:38 - 2014-08-27 20:38 - 01871675 _____ () C:\Users\Justyna\Downloads\Crack No-CD.rar
2014-08-23 04:07 - 2014-08-28 11:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 11:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 11:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:18 - 2014-08-21 16:18 - 00000630 _____ () C:\Users\Justyna\Desktop\virtuAMP.lnk
2014-08-21 16:18 - 2014-08-21 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\virtuAMP
2014-08-21 16:17 - 2014-08-21 16:16 - 00825833 _____ (Ryan Gregg ) C:\Users\Justyna\Downloads\virtuamp121.exe
2014-08-20 21:33 - 2013-03-05 18:02 - 00000000 ____D () C:\Users\Justyna\AppData\Local\The Witcher
2014-08-19 20:05 - 2014-09-11 01:14 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 01:14 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 12:02 - 2014-08-19 10:46 - 905373871 _____ () C:\Users\Justyna\Downloads\Arda2014.zip
2014-08-19 10:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 01:01 - 2014-09-11 01:14 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 01:14 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 01:14 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 01:14 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 01:14 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 01:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 01:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 01:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 01:14 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 01:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 01:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 01:14 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 01:14 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 01:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 01:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 01:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 01:14 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 01:14 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 01:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 01:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 01:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 01:14 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 01:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 01:14 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 01:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 01:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 01:14 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 01:14 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 01:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 01:14 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 01:14 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 01:14 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 01:14 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 01:14 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 01:14 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 01:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 01:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 01:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 01:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 01:14 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 01:14 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 01:14 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 01:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 01:14 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 01:14 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 01:14 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 01:14 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 01:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 01:14 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 01:14 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\Justyna\AppData\Local\Temp\5A0E68CF906.exe
C:\Users\Justyna\AppData\Local\Temp\Cc91b4.exe
C:\Users\Justyna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo_9xde.dll
C:\Users\Justyna\AppData\Local\Temp\Quarantine.exe
C:\Users\Justyna\AppData\Local\Temp\SHSetup.exe
C:\Users\Justyna\AppData\Local\Temp\update.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-07 14:19
 
==================== End Of Log ============================






And the other one:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Justyna at 2014-09-14 15:11:01
Running from C:\Users\Justyna\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 8.3.23 (Version: 8.3.23 - NVIDIA Corporation) Hidden
Alice: Madness Returns (HKLM-x32\...\Alice: Madness Returns_is1) (Version:  - )
Amnesia: Mroczny Obłęd (HKLM-x32\...\{F9A9C54B-1438-4553-B27C-4A4BBC69920A}) (Version: 1.0.1 - Frictional Games)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Baldur's Gate II (HKLM-x32\...\BG2_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Bloody4 (HKLM-x32\...\Bloody3) (Version: 13.08.0042 - Bloody)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Botanicula 1.0 (HKLM-x32\...\{66C087E0-756B-4CDA-BCA4-B50C37295D61}_is1) (Version: 1.0 - Amanita Design, s.r.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
ChomikBox (HKLM-x32\...\{26050F54-3928-4D9C-849A-C48A9E831E6F}) (Version: 2.0.5.0 - Chomikuj.pl)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Combined Community Codec Pack 2010-10-10 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Corel Painter 12 - IPM (Version: 12.2 - Corel Corporation) Hidden
Corel Painter 12 (HKLM\...\_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}) (Version: 12.0.1.727 - Corel Corporation)
CWK (Czasowy Wyłącznik Komputera) (HKLM-x32\...\CWK) (Version: 2.52.3.43 - Damian Pasternak)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Electronic Piano 2.5 (HKLM-x32\...\Electronic Piano 2.5_is1) (Version:  - Maurício Antunes Oliveira)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
EnergyCut (HKLM-x32\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - Lenovo)
foobar2000 v1.2.6 (HKLM-x32\...\foobar2000) (Version: 1.2.6 - Peter Pawlowski)
GameMaker-Studio 1.2 (HKCU\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
GhostMaster (HKLM-x32\...\{2A42871B-A6C5-44EA-BBE0-4E701F610BB4}) (Version: 1.1 - )
GIMP 2.4.0-rc3 (HKLM-x32\...\WinGimp-2.0_is1) (Version:  - )
GooSave (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 3.3.0.1446 - )
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\{8B743AA0-53B2-11D2-808A-00600895FB43}) (Version: 1.0 - )
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 4.74.0.22 - ARM Ltd)
Komunikator WTW 0.9.10.3377 (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 0.9.10.3377 - K2T.eu)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.6 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.6 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.64.1703.03 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
NapiProjekt (2.1.0.2287) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
NVIDIA GeForce Experience 1.6.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA Oprogramowanie systemu PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Optimus 8.3.23 (Version: 8.3.23 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA Sterownik graficzny 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.58 - NVIDIA Corporation)
NVIDIA Update Components (Version: 8.3.23 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Oprogramowanie Intel® PROSet/Wireless WiFi (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Painter 12 - Content (Version: 12.2 - Corel Corporation) Hidden
Painter 12 - Core (Version: 12.2 - Corel Corporation) Hidden
Painter 12 - Corex64 (Version: 12.1.0 - Corel Corporation) Hidden
Painter 12 - EN (Version: 12.2 - Corel Corporation) Hidden
Painter 12 - Setup Files (Version: 12.1 - Corel Corporation) Hidden
Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Panel sterowania NVIDIA 331.58 (Version: 331.58 - NVIDIA Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.)
Setup - The SIMS 4  Deluxe Edition ... (HKLM-x32\...\Setup - The SIMS 4  Deluxe Edition ...) (Version: ... - Electronic Arts)
Sheep (HKLM-x32\...\Sheep) (Version:  - )
SHIELD Streaming (Version: 1.05.42 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SQLite ADO.NET 2.0/3.5 Provider (HKLM-x32\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)
SRWare Iron wersja SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sterownik urządzenia Intel® Wireless Music (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A425D7E3-7AA4-4ED9-B770-CA4A0F7BF6F3}) (Version: 2.0.0.0 - Husdawg, LLC)
Tablet Driver With Macrokey Manager (HKLM\...\RmTablet) (Version: 4.13 - )
The Path 1.1 (HKLM-x32\...\{8A3D6A5C-5606-4ACA-A5B5-3F7B3224BD86}_is1) (Version:  - Tale of Tales)
The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version:  - )
The Void (HKLM-x32\...\The Void_is1) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Thief: Deadly Shadows (HKLM-x32\...\InstallShield_{7CE3498C-866B-427E-8273-9CA67B24BA01}) (Version: 1.10.0000 - Nazwa firmy)
Thief: Deadly Shadows (x32 Version: 1.10.0000 - Nazwa firmy) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
virtuAMP 1.2.1 (HKLM-x32\...\virtuAMP_is1) (Version:  - Ryan Gregg)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VNC Enterprise Edition E4.6.1 (HKLM\...\RealVNC_is1) (Version: E4.6.1 - RealVNC Ltd)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.7.0 (HKLM\...\VNCPrinter_is1) (Version: 1.7.0 - RealVNC Ltd.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
Wiedźmin Edycja Rozszerzona (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Registry Cleaner 7.73 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 7.73 - WiseCleaner.com, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1853922840-2198207453-1999706415-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
10-09-2014 23:03:52 Windows Update
12-09-2014 16:45:38 Zainstalowany program DirectX
13-09-2014 12:02:18 Installed SpyHunter
13-09-2014 16:24:50 Removed SpyHunter
13-09-2014 18:38:33 Installed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0824AF6D-E6D2-4CDD-86F5-4DF402E3CA2B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {14229367-E2F2-4FFD-B940-70E973C14CC3} - System32\Tasks\{D839CCAB-547F-4D19-AF13-4A72C902234A} => D:\Program Files\The Bard's Tale\splash.exe
Task: {2D59A171-FF10-4356-84D1-21F6656CEE09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {30AFE73B-6F53-496D-9C54-21ACA0DA334E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {368D6DC3-BC8F-4EFB-A809-F61A2DF51CAB} - System32\Tasks\MATLAB R2012b Startup Accelerator => D:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {7C00A355-7380-4AD6-8131-805CD3745BD7} - System32\Tasks\{59C0322A-85F0-4F58-B491-E8B0E5E93B30} => D:\Program Files\The Bard's Tale\splash.exe
Task: {8BDD8834-50C3-4ADE-96FC-70185F3AA41D} - System32\Tasks\{A96880AC-4D02-4DA1-9D15-A84D1FA53972} => D:\Program Files\The Bard's Tale\splash.exe
Task: {923FC757-AECA-49C9-BCE1-1023F86278E5} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {9740E712-3420-4149-829A-22598777C75B} - System32\Tasks\{3CC934E5-9810-4184-B71D-5783D5C598DC} => D:\Diablo II\Game.exe
Task: {9D5C021E-4056-49A2-AC12-547463701C85} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {ACCF5DDF-57F5-4FD7-8B52-6525A262F180} - System32\Tasks\{3C32A73B-ADDB-47DC-86CD-87C570847173} => D:\Program Files\The Bard's Tale\splash.exe
Task: {B2DCF249-6655-4718-B6AA-AAC162261709} - System32\Tasks\{F85EE12B-3463-421E-9EFF-44F7A121B027} => D:\Diablo II\Game.exe
Task: {B34D27F2-CF71-4B27-AE54-FBF624F64F3C} - System32\Tasks\{7BA46BF4-1D7A-49AC-A331-D5199C5B9AAF} => D:\Diablo II\Game.exe
Task: {BDFDDC01-9288-45B3-9217-741A13D7785C} - System32\Tasks\{433E120B-F346-4D2C-B4C3-7BEECAF7CB2F} => D:\Program Files\Thief - Deadly Shadows\System\t3.exe [2004-10-08] (Ion Storm, L.P.)
Task: {D502ABDE-BAF3-4842-B38A-C5383C2B8F39} - System32\Tasks\{5CE9504D-9A4C-473E-B30C-56FD6D28DCF3} => D:\Program Files\Diablo II\Diablo II.exe [2013-04-27] (Blizzard North)
Task: {D8B1375E-BD3C-42A5-9B1F-BEDC1E0A0C15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {F4709E6A-B999-45A4-A65B-2EB610B6A6D8} - System32\Tasks\{D5160194-9AB2-4BC1-BB44-6A4130A5B6AB} => D:\Program Files\Diablo II\Diablo II.exe [2013-04-27] (Blizzard North)
Task: {F6805CC5-9B07-4CCC-BC6A-7EE80D5153C8} - System32\Tasks\{FAE824AA-8E78-49A0-B689-363A5A36ADFA} => D:\Diablo II\Game.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => D:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-02 23:11 - 2011-02-04 22:22 - 00030720 _____ () C:\Windows\System32\VNCpm.dll
2013-02-25 00:53 - 2013-10-15 23:47 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-02 14:58 - 2011-06-02 14:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 14:59 - 2011-06-02 14:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-02-25 00:48 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-02-24 16:53 - 2012-01-19 01:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2013-02-25 00:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-20 04:20 - 2013-02-25 00:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 14:06 - 2013-02-25 00:45 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-02-21 14:06 - 2013-02-25 00:45 - 00005120 _____ () C:\Program Files (x86)\Lenovo\Energy Management\pl-PL\EMWpfUI.resources.dll
2014-02-06 22:18 - 2011-06-01 11:47 - 07329792 _____ () C:\Windows\System32\WTMKM.exe
2013-02-25 00:58 - 2013-02-25 00:57 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2013-09-14 11:26 - 2013-08-30 19:45 - 11895808 _____ () C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe
2014-02-06 22:17 - 2011-04-27 17:23 - 00916992 _____ () C:\Windows\system32\atwtusb.exe
2013-06-24 17:56 - 2013-12-17 03:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2011-06-02 14:57 - 2011-06-02 14:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 14:58 - 2011-06-02 14:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2014-08-30 10:56 - 2014-08-21 20:15 - 01171456 _____ () D:\Program Files\Steam\libavcodec-56.dll
2014-08-30 10:56 - 2014-08-21 20:15 - 00442368 _____ () D:\Program Files\Steam\libavutil-54.dll
2014-08-30 10:56 - 2014-08-21 20:15 - 00332800 _____ () D:\Program Files\Steam\libavresample-2.dll
2013-03-12 18:10 - 2014-08-21 00:38 - 00774656 _____ () D:\Program Files\Steam\SDL2.dll
2014-05-22 09:52 - 2014-08-28 13:48 - 02224320 _____ () D:\Program Files\Steam\video.dll
2014-08-30 10:56 - 2014-08-21 20:15 - 00403968 _____ () D:\Program Files\Steam\libavformat-56.dll
2014-08-30 10:56 - 2014-08-21 20:15 - 00485888 _____ () D:\Program Files\Steam\libswscale-3.dll
2013-02-15 14:08 - 2014-08-28 13:48 - 00678080 _____ () D:\Program Files\Steam\bin\chromehtml.DLL
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-09-14 11:27 - 2013-04-03 18:29 - 00054272 _____ () C:\Program Files (x86)\Bloody4\Bloody4\DLL\DLL_ScrollbarControl.dll
2013-09-14 11:27 - 2013-04-03 18:29 - 00085504 _____ () C:\Program Files (x86)\Bloody4\Bloody4\DLL\DLL_ZoomControl.dll
2013-09-14 11:27 - 2013-08-07 11:44 - 03542528 _____ () C:\Program Files (x86)\Bloody4\Bloody4\Data\Bloody4\Forms\TrayIconWebAD\TrayIconWebAD.dll
2013-09-14 11:27 - 2013-08-12 11:29 - 04116992 _____ () C:\Program Files (x86)\Bloody4\Bloody4\Data\Bloody4\Forms\TrayIconWebADEx\TrayIconWebADEx.dll
2013-09-14 11:27 - 2013-08-23 11:54 - 03457536 _____ () C:\Program Files (x86)\Bloody4\Bloody4\Data\Bloody4\Forms\MouseLEDEx\MouseLEDEx.dll
2013-01-22 05:22 - 2014-08-21 00:38 - 34589376 _____ () D:\Program Files\Steam\bin\libcef.dll
2014-09-14 12:04 - 2014-09-14 12:04 - 00043008 _____ () c:\users\justyna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo_9xde.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Justyna\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-28 09:44 - 2005-06-24 20:05 - 00045056 _____ () C:\Program Files (x86)\Lenovo\EnergyCut\HookLib.dll
2013-01-18 14:20 - 2013-01-18 14:20 - 00985088 _____ () D:\Program Files\OpenOffice.org 3\program\libxml2.dll
2011-06-28 08:28 - 2011-06-28 08:28 - 00042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2014-09-11 10:55 - 2014-09-11 10:55 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4361e26af57c86003751ac77cce1c827\IsdiInterop.ni.dll
2013-02-25 00:49 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-25 00:48 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00962560 _____ () D:\Program Files\Origin\platforms\qwindows.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00024064 _____ () D:\Program Files\Origin\imageformats\qgif.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00025088 _____ () D:\Program Files\Origin\imageformats\qico.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00217088 _____ () D:\Program Files\Origin\imageformats\qjpeg.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00261632 _____ () D:\Program Files\Origin\imageformats\qmng.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00019968 _____ () D:\Program Files\Origin\imageformats\qtga.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00302592 _____ () D:\Program Files\Origin\imageformats\qtiff.dll
2014-07-31 14:08 - 2014-09-03 18:46 - 00018944 _____ () D:\Program Files\Origin\imageformats\qwbmp.dll
2014-09-13 19:35 - 2014-09-03 15:41 - 01379328 _____ () D:\Program Files\SRWare Iron\libglesv2.dll
2014-09-13 19:35 - 2014-09-03 15:41 - 00176128 _____ () D:\Program Files\SRWare Iron\libegl.dll
2014-09-13 19:35 - 2014-09-04 09:02 - 08926208 _____ () D:\Program Files\SRWare Iron\pdf.dll
2014-09-13 19:35 - 2014-09-03 15:46 - 00968192 _____ () D:\Program Files\SRWare Iron\ffmpegsumo.dll
2014-09-10 18:18 - 2014-09-10 18:18 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Karta wirtualnego miniportu WiFi firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2014 00:02:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2014 00:02:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (09/14/2014 00:02:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (09/14/2014 00:02:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (09/13/2014 08:50:37 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (09/13/2014 08:49:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 08:48:46 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (09/13/2014 08:48:46 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (09/13/2014 08:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 08:13:09 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
 
System errors:
=============
Error: (09/14/2014 00:03:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: 
%%2
 
Error: (09/13/2014 08:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: 
%%2
 
Error: (09/13/2014 08:45:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (09/13/2014 08:13:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: 
%%2
 
Error: (09/13/2014 07:27:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: 
%%2
 
Error: (09/13/2014 07:26:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą NVIDIA Streamer Service.
 
Error: (09/13/2014 07:24:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (09/13/2014 07:14:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (09/14/2014 00:02:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2014 00:02:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (09/14/2014 00:02:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (09/14/2014 00:02:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (09/13/2014 08:50:37 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (09/13/2014 08:49:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 08:48:46 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (09/13/2014 08:48:46 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (09/13/2014 08:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 08:13:09 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3958.1 MB
Available physical RAM: 1702.8 MB
Total Pagefile: 7914.38 MB
Available Pagefile: 4784.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.9 GB) (Free:87.73 GB) NTFS
Drive d: () (Fixed) (Total:529.1 GB) (Free:76.14 GB) NTFS
Drive f: (The SIMS 4 - Del) (CDROM) (Total:8.55 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3DF07C73)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=529.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 14 September 2014 - 11:29 AM

Ok.


Step 1

Please download this attached Attached File  fixlist.txt   6.32KB   13 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 fenrii

fenrii
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 15 September 2014 - 11:13 AM

OK, I did what you told me to and the problem with pop-up is gone now. ESET found new issues though... Have a look, here are logs that you asked for:

Fixlog.txt
 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Justyna at 2014-09-14 18:51:19 Run:1
Running from C:\Users\Justyna\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [iTunesHelper] => wscript.exe //B "C:\Users\Justyna\AppData\Local\Temp\iTunesHelper.vbe" <===== ATTENTION
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: GooSave -> {6b8959fe-6749-4dfe-bdb5-6f8f4949147b} -> C:\Program Files (x86)\GooSave\KA7sg29Vk3xNF3.dll ()
CHR Extension: (GoSoaeve) - C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkocfidlhbholonjagleomlomohdibn [2014-09-14]
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Gość
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Users\Administrator
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\ProgramData\GooSave
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\ProgramData\6a22981d09244267
2014-09-14 13:20 - 2014-09-14 13:20 - 00000000 ____D () C:\Program Files (x86)\GooSave
EmptyTemp:
 
*****************
 
Processes closed successfully.
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b8959fe-6749-4dfe-bdb5-6f8f4949147b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6b8959fe-6749-4dfe-bdb5-6f8f4949147b}" => Key deleted successfully.
C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkocfidlhbholonjagleomlomohdibn => Moved successfully.
C:\Users\UpdatusUser\AppData\Local\Torch => Moved successfully.
C:\Users\UpdatusUser\AppData\Local\Google => Moved successfully.
C:\Users\UpdatusUser\AppData\Local\Comodo => Moved successfully.
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Justyna\AppData\Local\Torch => Moved successfully.
C:\Users\Justyna\AppData\Local\Google => Moved successfully.
C:\Users\Justyna\AppData\Local\Comodo => Moved successfully.
C:\Users\Justyna\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$ => Moved successfully.
C:\Users\Gość\AppData\Local\Torch => Moved successfully.
C:\Users\Gość\AppData\Local\Google => Moved successfully.
C:\Users\Gość\AppData\Local\Comodo => Moved successfully.
C:\Users\Gość\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Gość => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator => Moved successfully.
C:\ProgramData\GooSave => Moved successfully.
C:\ProgramData\6a22981d09244267 => Moved successfully.
C:\Program Files (x86)\GooSave => Moved successfully.
EmptyTemp: => Removed 409.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6e8cd91a2e0adc4dba83562d1fb0cc2d
# engine=20148
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-14 11:06:28
# local_time=2014-09-15 01:06:28 )
# country="Poland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 134765 97869972 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 790598 162365838 0 0
# scanned=691584
# found=8
# cleaned=0
# scan_time=21102
sh=240FA9A006AE1E501AC94535B7D9D264F5F7FF22 ft=1 fh=c71c00112356539e vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\GooSave\KA7sg29Vk3xNF3.dll"
sh=E90EC55F8CFAF4FACA9503EB14F9DD6668F12FA7 ft=1 fh=ccbf6d19d1856355 vn="a variant of Win32/AdWare.MultiPlug.CK application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GooSave\TiFh6aOd8kiQn59.exe"
sh=7BD36860B0FE4F95CFB567A85844881F7C734B29 ft=1 fh=e417e38bb4c4a878 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Justyna\Downloads\NapiProjektBuild_2.2.0.2399(dobreprogramy.pl).exe"
sh=6DC352A59AE2AF150076D5E2ABDFE7B808355356 ft=1 fh=7c4692e7f0d4ae30 vn="a variant of Win32/AdWare.MultiPlug.CN application" ac=I fn="C:\Users\Justyna\Downloads\SC-T-741874-V5.rar.exe"
sh=8E5C22E349CCF726B1A15387F886A38D062002F0 ft=1 fh=37bbd32ed5b30063 vn="Win32/HackTool.Crack.B potentially unsafe application" ac=I fn="D:\little inferno\Little.Inferno.v1.0.full-THETA\Little Inferno.exe"
sh=CE1A4FCACA6444C41C6C08902255CF3458D29F68 ft=1 fh=08ac75b5c53d66d1 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Program Files\Origin Games\The SIMS 4 - Deluxe Edition\Game\Bin\3dmgame.dll"
sh=CE1A4FCACA6444C41C6C08902255CF3458D29F68 ft=1 fh=08ac75b5c53d66d1 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\sims 4\crl\SC-T-741874-V5\Crack\Game\Bin\3dmgame.dll"
sh=0FBB09D7CAD992CA9AE1281FD8030D3210994DD2 ft=1 fh=c9b8e6a4c9b87c95 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="D:\Users\Justyna\AppData\Roaming\uTorrent\uTorrent.exe.10148.tmp"
 
 
 
 
FRST Scan log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Justyna (administrator) on JUST on 15-09-2014 18:05:46
Running from C:\Users\Justyna\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgnsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgemca.exe
(RealVNC Ltd) D:\Program Files\RealVNC\VNC4\winvnc4.exe
(RealVNC Ltd) D:\Program Files\RealVNC\VNC4\winvnc4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Windows\System32\WTMKM.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Valve Corporation) D:\Program Files\Steam\Steam.exe
() C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) D:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) D:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\avgmfapx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) D:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(SRWare) D:\Program Files\SRWare Iron\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2013-02-25] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2013-02-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2013-02-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-09-19] (NVIDIA Corporation)
HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [7329792 2011-06-01] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [AVG_UI] => D:\Program Files\AVG\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [Steam] => D:\Program Files\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe [11895808 2013-08-30] ()
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {9e20d5a0-9e8f-11e2-8a2b-9cb70dcfc039} - F:\Setup.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {c277aeba-12ec-11e3-9c96-9cb70dcfc039} - G:\AutoRun.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {c43a7871-0051-11e3-9a42-9cb70dcfc039} - G:\Setup.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {e9ade4c6-e1b2-11e2-9cb1-9cb70dcfc039} - G:\AutoRun.exe
HKU\S-1-5-21-1853922840-2198207453-1999706415-1000\...\MountPoints2: {e9ade4c9-e1b2-11e2-9cb1-9cb70dcfc039} - G:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-16] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Justyna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * aswBoot.exe /M:1634019dba /wow /dir:"D:\Program Files\AVAST Software\Avast"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {A34201B6-AAF2-46AA-B92C-5D801FB2FBEF} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; D:\Program Files\AVG\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files\AVG\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S3 DAUpdaterSvc; D:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-04-13] (BioWare)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-09-19] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinVNC4; d:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-02-04] (RealVNC Ltd)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
R2 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 Hamachi2Svc; "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-06] (DT Soft Ltd)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [281600 2009-04-11] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2009-04-11] (Xilinx, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vm332avs; System32\Drivers\vm332avs.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 18:05 - 2014-09-15 18:05 - 00018622 _____ () C:\Users\Justyna\Desktop\FRST.txt
2014-09-15 18:00 - 2014-09-15 18:00 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-09-14 19:10 - 2014-09-14 19:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 15:24 - 2014-09-14 15:24 - 00001074 _____ () C:\Users\Justyna\Desktop\The.Sims.4.Launcher — skrót.lnk
2014-09-14 13:20 - 2014-09-14 18:55 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 13:01 - 2014-09-14 13:01 - 00003328 _____ () C:\Windows\System32\Tasks\{87C4CD45-C373-43D0-BDF2-8C30E13FF576}
2014-09-13 20:41 - 2014-09-13 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-13 20:41 - 2014-09-13 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 20:41 - 2014-09-13 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 20:41 - 2014-09-13 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 20:41 - 2014-09-13 20:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 20:27 - 2014-09-15 18:05 - 00000000 ____D () C:\FRST
2014-09-13 20:26 - 2014-09-13 20:26 - 02105856 _____ (Farbar) C:\Users\Justyna\Desktop\FRST64.exe
2014-09-13 20:07 - 2014-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2014-09-13 19:35 - 2014-09-13 19:35 - 00000689 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-09-13 19:35 - 2014-09-13 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-09-13 19:19 - 2014-09-13 19:19 - 00012169 _____ () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival.htm
2014-09-13 19:19 - 2014-09-13 19:19 - 00000000 ____D () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival_files
2014-09-13 18:40 - 2014-09-13 18:40 - 00295512 _____ () C:\Windows\Minidump\091314-79669-01.dmp
2014-09-13 18:40 - 2014-09-13 18:40 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 18:39 - 2014-09-13 18:39 - 765760894 _____ () C:\Windows\MEMORY.DMP
2014-09-13 18:38 - 2014-09-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:26 - 2014-09-13 18:29 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-13 14:18 - 2014-09-13 14:19 - 00000000 ____D () C:\Users\Justyna\Desktop\uczelniane
2014-09-13 14:04 - 2014-09-13 14:04 - 00000000 _____ () C:\autoexec.bat
2014-09-13 14:03 - 2014-09-13 14:03 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-13 13:28 - 2014-09-13 13:28 - 00051766 _____ () C:\Users\Justyna\.recently-used.xbel
2014-09-11 01:14 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 01:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 01:14 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 01:14 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 01:14 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 01:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 01:14 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 01:14 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 01:14 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 01:14 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 01:14 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 01:14 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 01:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 01:14 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 01:14 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 01:14 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 01:14 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 01:14 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 01:14 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 01:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 01:14 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 01:14 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 01:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 01:14 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 01:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 01:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 01:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 01:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 01:14 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 01:14 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 01:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 01:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 01:14 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 01:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 01:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 01:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 01:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 01:14 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 01:14 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 01:14 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 01:14 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 01:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 01:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 01:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 01:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 01:14 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 01:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 01:14 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 01:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 01:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 01:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 01:14 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 01:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 01:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 01:14 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 01:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 01:04 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 01:04 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 10:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 10:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:10 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 10:10 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 10:10 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 10:10 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 10:10 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 10:10 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 10:10 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:10 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:10 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 09:16 - 2014-09-07 09:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-06 12:31 - 2014-09-06 12:31 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-09-05 21:28 - 2014-09-05 21:28 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\AVG2014
2014-09-05 21:27 - 2014-09-05 21:27 - 00000664 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\TuneUp Software
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 21:26 - 2014-09-05 21:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-05 21:26 - 2014-09-05 21:26 - 00000000 ___HD () C:\$AVG
2014-09-05 21:22 - 2014-09-15 18:02 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-05 21:22 - 2014-09-05 23:29 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Avg2014
2014-09-05 21:22 - 2014-09-05 21:22 - 00000000 ____D () C:\Users\Justyna\AppData\Local\MFAData
2014-09-05 17:16 - 2014-09-05 17:16 - 00000000 ____D () C:\Users\Justyna\Documents\Electronic Arts
2014-09-05 17:01 - 2014-09-14 18:53 - 00012634 _____ () C:\Windows\PFRO.log
2014-09-05 16:27 - 2014-09-05 16:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-02 20:25 - 2014-09-02 20:32 - 00001452 _____ () C:\Users\Justyna\Desktop\wtww.txt
2014-09-01 16:43 - 2014-09-01 16:43 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-08-28 11:59 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 11:59 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 11:59 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:21 - 2014-08-31 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Piano 2.5
2014-08-21 16:18 - 2014-08-21 16:18 - 00000630 _____ () C:\Users\Justyna\Desktop\virtuAMP.lnk
2014-08-21 16:18 - 2014-08-21 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\virtuAMP
2014-08-19 16:25 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 16:25 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 16:25 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 16:25 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 16:24 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 16:24 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 16:24 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 16:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 16:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 16:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 16:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 00:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-19 00:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-19 00:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-19 00:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-19 00:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 00:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-19 00:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-19 00:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 19:07 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-18 19:07 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-18 19:06 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-18 19:06 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-18 19:06 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 19:06 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 19:06 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 19:06 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 19:06 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 19:06 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 19:06 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-18 19:06 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 19:01 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 19:01 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 18:07 - 2014-09-15 18:05 - 00018622 _____ () C:\Users\Justyna\Desktop\FRST.txt
2014-09-15 18:05 - 2014-09-13 20:27 - 00000000 ____D () C:\FRST
2014-09-15 18:02 - 2014-09-05 21:22 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-15 18:02 - 2014-04-07 00:05 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-09-15 18:01 - 2013-04-15 20:38 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Dropbox
2014-09-15 18:00 - 2014-09-15 18:00 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-09-15 17:59 - 2014-08-10 09:14 - 00010342 _____ () C:\Windows\setupact.log
2014-09-15 17:59 - 2009-07-14 04:34 - 00000442 _____ () C:\Windows\win.ini
2014-09-15 17:58 - 2013-02-25 00:49 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-15 17:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 13:03 - 2013-02-24 18:41 - 01946420 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 13:02 - 2014-01-01 23:53 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Little Inferno
2014-09-15 12:33 - 2009-07-14 06:45 - 00033920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 12:33 - 2009-07-14 06:45 - 00033920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 12:22 - 2014-07-31 14:02 - 00000000 ____D () C:\ProgramData\Origin
2014-09-15 12:18 - 2013-02-25 01:29 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 12:02 - 2013-02-25 00:49 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-14 21:29 - 2013-12-21 22:42 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Battle.net
2014-09-14 19:10 - 2014-09-14 19:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 19:01 - 2011-04-12 15:21 - 00740672 _____ () C:\Windows\system32\perfh015.dat
2014-09-14 19:01 - 2011-04-12 15:21 - 00156214 _____ () C:\Windows\system32\perfc015.dat
2014-09-14 19:01 - 2009-07-14 07:13 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 18:55 - 2014-09-14 13:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 18:53 - 2014-09-05 17:01 - 00012634 _____ () C:\Windows\PFRO.log
2014-09-14 18:51 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-14 15:24 - 2014-09-14 15:24 - 00001074 _____ () C:\Users\Justyna\Desktop\The.Sims.4.Launcher — skrót.lnk
2014-09-14 13:27 - 2013-04-06 16:31 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\uTorrent
2014-09-14 13:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-14 13:06 - 2014-07-31 14:43 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Origin
2014-09-14 13:01 - 2014-09-14 13:01 - 00003328 _____ () C:\Windows\System32\Tasks\{87C4CD45-C373-43D0-BDF2-8C30E13FF576}
2014-09-14 12:43 - 2013-02-25 12:05 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Skype
2014-09-14 12:39 - 2013-04-06 11:42 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\DAEMON Tools Lite
2014-09-13 20:41 - 2014-09-13 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-13 20:40 - 2014-09-13 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 20:40 - 2014-09-13 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 20:40 - 2014-09-13 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 20:40 - 2014-09-13 20:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 20:26 - 2014-09-13 20:26 - 02105856 _____ (Farbar) C:\Users\Justyna\Desktop\FRST64.exe
2014-09-13 20:10 - 2014-09-13 20:07 - 00000000 ____D () C:\AdwCleaner
2014-09-13 19:41 - 2014-07-06 00:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 19:35 - 2014-09-13 19:35 - 00000689 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-09-13 19:35 - 2014-09-13 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-09-13 19:19 - 2014-09-13 19:19 - 00012169 _____ () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival.htm
2014-09-13 19:19 - 2014-09-13 19:19 - 00000000 ____D () C:\Users\Justyna\Downloads\eBilet   Oskar Kolberg’s Folk Lore Festival_files
2014-09-13 18:40 - 2014-09-13 18:40 - 00295512 _____ () C:\Windows\Minidump\091314-79669-01.dmp
2014-09-13 18:40 - 2014-09-13 18:40 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 18:39 - 2014-09-13 18:39 - 765760894 _____ () C:\Windows\MEMORY.DMP
2014-09-13 18:38 - 2014-09-13 18:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:29 - 2014-09-13 18:26 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-13 18:29 - 2014-05-01 17:13 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-13 18:25 - 2013-05-15 13:37 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\foobar2000
2014-09-13 14:19 - 2014-09-13 14:18 - 00000000 ____D () C:\Users\Justyna\Desktop\uczelniane
2014-09-13 14:04 - 2014-09-13 14:04 - 00000000 _____ () C:\autoexec.bat
2014-09-13 14:03 - 2014-09-13 14:03 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-13 13:49 - 2013-06-28 21:50 - 00000000 ____D () C:\Users\Justyna\.gimp-2.4
2014-09-13 13:28 - 2014-09-13 13:28 - 00051766 _____ () C:\Users\Justyna\.recently-used.xbel
2014-09-13 13:28 - 2013-02-24 18:46 - 00000000 ____D () C:\Users\Justyna
2014-09-11 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 01:12 - 2013-02-25 00:31 - 01643124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 01:11 - 2013-07-17 13:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 01:05 - 2013-03-02 02:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 01:04 - 2014-05-06 21:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 18:18 - 2014-07-09 13:19 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 18:18 - 2013-02-25 01:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 18:18 - 2013-02-25 01:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 18:18 - 2013-02-25 01:29 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 09:16 - 2014-09-07 09:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-06 22:46 - 2013-12-21 22:42 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Battle.net
2014-09-06 12:31 - 2014-09-06 12:31 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-09-05 23:51 - 2013-03-02 20:49 - 00000000 ____D () C:\Program Files (x86)\LIMBO
2014-09-05 23:29 - 2014-09-05 21:22 - 00000000 ____D () C:\Users\Justyna\AppData\Local\Avg2014
2014-09-05 21:28 - 2014-09-05 21:28 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\AVG2014
2014-09-05 21:28 - 2014-09-05 21:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-05 21:27 - 2014-09-05 21:27 - 00000664 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\TuneUp Software
2014-09-05 21:27 - 2014-09-05 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 21:26 - 2014-09-05 21:26 - 00000000 ___HD () C:\$AVG
2014-09-05 21:22 - 2014-09-05 21:22 - 00000000 ____D () C:\Users\Justyna\AppData\Local\MFAData
2014-09-05 17:16 - 2014-09-05 17:16 - 00000000 ____D () C:\Users\Justyna\Documents\Electronic Arts
2014-09-05 17:06 - 2013-04-06 13:19 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 17:01 - 2013-12-02 11:13 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\AVAST Software
2014-09-05 17:01 - 2013-02-25 01:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-05 16:58 - 2013-02-25 01:20 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-09-05 16:29 - 2014-09-05 16:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-05 10:09 - 2013-02-25 01:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-05 04:10 - 2014-09-10 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 10:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 20:24 - 2013-02-25 12:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-02 21:16 - 2013-04-15 17:38 - 00000000 ____D () C:\Users\Justyna\AppData\Roaming\Audacity
2014-09-02 20:32 - 2014-09-02 20:25 - 00001452 _____ () C:\Users\Justyna\Desktop\wtww.txt
2014-09-01 16:43 - 2014-09-01 16:43 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-08-31 16:13 - 2014-08-21 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Piano 2.5
2014-08-30 10:51 - 2009-07-14 06:45 - 00294552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-28 11:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 11:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 11:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:18 - 2014-08-21 16:18 - 00000630 _____ () C:\Users\Justyna\Desktop\virtuAMP.lnk
2014-08-21 16:18 - 2014-08-21 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\virtuAMP
2014-08-20 21:33 - 2013-03-05 18:02 - 00000000 ____D () C:\Users\Justyna\AppData\Local\The Witcher
2014-08-19 20:05 - 2014-09-11 01:14 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 01:14 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 10:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 01:01 - 2014-09-11 01:14 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 01:14 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 01:14 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 01:14 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 01:14 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 01:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 01:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 01:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 01:14 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 01:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 01:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 01:14 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 01:14 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 01:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 01:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 01:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 01:14 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 01:14 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 01:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 01:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 01:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 01:14 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 01:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 01:14 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 01:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 01:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 01:14 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 01:14 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 01:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 01:14 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 01:14 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 01:14 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 01:14 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 01:14 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 01:14 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 01:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 01:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 01:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 01:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 01:14 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 01:14 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 01:14 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 01:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 01:14 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 01:14 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 01:14 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 01:14 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 01:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 01:14 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 01:14 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\Justyna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptckglt.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-07 14:19
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 15 September 2014 - 01:19 PM

ESET hasn't found any active malware.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 fenrii

fenrii
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 15 September 2014 - 02:15 PM

Oh, ok then.

Thanks so much for your help  :flowers:



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 15 September 2014 - 02:31 PM

You're welcome.
Take care.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 15 September 2014 - 02:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users