Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome infected with superfish.com


  • This topic is locked This topic is locked
17 replies to this topic

#1 mawlo89

mawlo89

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 10 May 2015 - 05:05 AM

My chrome is infected with superfish.com. I tryid everything but I can't delete that. Can you help me guys? I think i have few more trojans in my computer.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:56, on 2015-05-10
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Users\Mateusz\Downloads\HijackThis.exe
C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\WINDOWS\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - D:\ALLPlayer\Iplex\IplexToALLPlayer.dll
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quick Time\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ALLUpdate] "D:\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Mateusz\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Mateusz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DVDFab VDrive] "C:\Program Files\DVDFab Virtual Drive\vdrive.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE8E5C4F-4758-4C1A-B6C0-93071C4D650C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
O23 - Service: @oem81.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12596 bytes
 


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 11 May 2015 - 12:41 PM

Hello 

mawlo89

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 mawlo89

mawlo89
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 13 May 2015 - 12:19 PM

ADW CLEANER LOG:
 
# AdwCleaner v4.203 - Logfile created 13/05/2015 at 17:54:37
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Mateusz - MAWLO
# Running from : C:\Users\Mateusz\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Amazon\ABB
File Deleted : C:\WINDOWS\System32\roboot64.exe
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2311.135
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [851 bytes] - [13/05/2015 17:49:27]
AdwCleaner[S0].txt - [781 bytes] - [13/05/2015 17:54:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [839  bytes] ##########
 
 
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Mateusz at 2015-05-13 18:06:23
Running from C:\Users\Mateusz\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4180348483-3892570222-3344817083-500 - Administrator - Disabled) => C:\Users\Administrator
Gość (S-1-5-21-4180348483-3892570222-3344817083-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4180348483-3892570222-3344817083-1006 - Limited - Enabled)
Mateusz (S-1-5-21-4180348483-3892570222-3344817083-1002 - Administrator - Enabled) => C:\Users\Mateusz
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
Acronis Disk Director Suite (HKLM-x32\...\{2300EE96-0A41-4FAB-BD03-989EC44577A0}) (Version: 10.0.2287 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
ALLMediaServer (HKLM-x32\...\{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1) (Version: 0.94 - ALLCinema Ltd.)
ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version:  - ALLCinema Ltd.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.32 - Avanquest Software)
Baldur's Gate II (HKLM-x32\...\BG2_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
DVDFab Virtual Drive (HKLM\...\DVDFab Virtual Drive_is1) (Version: 1.5.1.0 - Fengtao Software Inc.)
EaseUS Partition Master 9.2.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
ESET NOD32 Antivirus (HKLM\...\{C78F2980-5905-44E0-BE02-BDFC3DD6FBB9}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free Zip Opener (HKLM-x32\...\Free Zip Opener) (Version: 1.0 - Free Zip Opener)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Knights and Merchants Remake r4179 (HKLM-x32\...\Knights and Merchants Remake_is1) (Version: r4179 - Tolyak26 RePack)
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1519 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.3.3 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Lucius 1.01.3173 (HKLM-x32\...\{84F3F00F-CCA9-43B3-A493-1E2757649848}_is1) (Version: 1.01.3173 - Lace Mamba Global)
Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}) (Version: 1.4.269 - Sony)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NapiProjekt 2.0.0 (build 2151) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
OneKey Recovery (Version: 5.70.0000 - CyberLink Corp.) Hidden
Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Pakiet sterowników systemu Windows - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Panel sterowania NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.02.00076 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.1.8.07881 - Sony Computer Entertainment Inc.)
Podręcznik użytkownika (x32 Version: 1.0.0.9 - Lenovo) Hidden
Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (HKLM-x32\...\InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}) (Version: 4.47 - Samsung)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (x32 Version: 4.47 - Samsung) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Ericsson PC Companion 1.60.13 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 1.60.13 - Sony Ericsson)
Sony Ericsson PC Suite 6.012.00 (HKLM-x32\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.012.00 - Sony Ericsson)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spotify (HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Syberia 2 (HKLM-x32\...\Syberia2_is1) (Version:  - Cenega Poland Sp. z o. o.)
System Requirements Lab CYRI (HKLM-x32\...\{E77DA909-3532-4C95-AFEB-06310E88462A}) (Version: 6.0.3.0 - Husdawg, LLC)
Trojan Remover 6.9.2 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.2 - Simply Super Software)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version:  - Wargaming.net)
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
24-04-2015 22:07:54 Windows Update
10-05-2015 15:50:14 Zaplanowany punkt kontrolny
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02D595BB-150C-449E-8742-591F11EC66F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0B6FC0F8-8E16-407C-8CD9-C433E1A5881A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {0D4AB961-7F14-4C17-A506-7528D7086622} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0EA87666-B51D-4CE3-A5B0-39A9ECC8FCA0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {146777CF-61EC-4172-B475-18FBB0F6D5F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1d040633b1dcf04 => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {1D2701DB-1547-41E7-A4D5-DEE184AC7802} - System32\Tasks\GoogleUpdateTaskMachineUA1cff02e80cf44da => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {1ED8C0D6-FE38-4ABB-A19D-99427149578C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1cf6bd348a5972b => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {2B6241A3-54CE-45DF-8B78-5A8694985BE0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3074AC49-6A54-48D2-A911-EF85E1F72BC4} - System32\Tasks\GoogleUpdateTaskMachineUA1cf23edd2f23013 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {3963C729-3782-4406-974D-4C2E50E53B58} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core => C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-05] (Facebook Inc.)
Task: {3EC128D8-BFB5-4648-9447-E8E667F1F072} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {427967E6-3052-4096-B0E2-8F9E56EA5EF2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {43AE4F0E-6749-475B-9C4E-A38C49CC9E40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1d001216a742995 => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {4B8EF71D-5AE9-42F3-BE09-C3885098E204} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {4C124B15-278F-4D41-93F4-FE7EBCAF79A6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {5F548A46-09B6-4231-9E0D-A7B4056EEB1E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6851B28F-6A46-432F-9219-D8B91D8C2575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {7E0AB322-6DCC-46FC-B9C1-38F77B7337BA} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-04-10] ()
Task: {7F606697-FECC-4336-91D8-DE351014D790} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {8314F448-930B-4F54-AF89-9E3DA897F67A} - System32\Tasks\{5414F7F3-0CAF-4DA7-A0AA-76D280E6A0D5} => pcalua.exe -a "D:\DAEMON Tools Lite\uninst.exe"
Task: {83158CC2-5961-4705-9B71-CE4543F06789} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff9a6b5b9e87 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {84A6897A-9154-480A-8A8D-CB88A526EB54} - System32\Tasks\GoogleUpdateTaskMachineCore1cf95fb36a36a9d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {8CBFE21F-038C-4560-9D72-6F3E6CBE3D00} - System32\Tasks\GoogleUpdateTaskMachineCore1d042601ce450a0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {91DBA1AD-0FA1-4BA7-93E0-20F0A856E14E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {95BD3F75-7315-4D30-A277-7565FD73C0C2} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {A7DD53C5-002A-4DA8-A2CF-17D06F61C005} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1cf963bf2184d9c => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {CEAAD804-C8A9-42FA-BB8B-C6A0D9FD87EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1cfee33ee9d4310 => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {EA8BEC21-C58C-4403-B4CD-D01D1D5CA43B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {F6668FFB-09E7-40E7-B77B-F0A552410D8E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F7EE355E-D4B0-4687-B44E-8AC21D3C8C9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core.job => C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf95fb36a36a9d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d042601ce450a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf23edd2f23013.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cff02e80cf44da.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfff9a6b5b9e87.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1cf963bf2184d9c.job => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1d001216a742995.job => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA.job => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1cfee33ee9d4310.job => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1d040633b1dcf04.job => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 02:36 - 2014-03-04 15:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-09 22:09 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-27 16:41 - 2011-04-11 06:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2012-08-26 15:48 - 2012-08-26 15:48 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-15 10:34 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-13 18:03 - 2015-05-13 18:03 - 00098816 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32api.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00110080 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\pywintypes27.dll
2015-05-13 18:03 - 2015-05-13 18:03 - 00364544 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\pythoncom27.dll
2015-05-13 18:03 - 2015-05-13 18:03 - 00045568 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_socket.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 01161216 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_ssl.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00320512 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32com.shell.shell.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00713216 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_hashlib.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 01175040 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._core_.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00805888 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._gdi_.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00811008 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._windows_.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 01062400 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._controls_.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00735232 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._misc_.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00682496 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\pysqlite2._sqlite.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00128512 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_elementtree.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00127488 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\pyexpat.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00087552 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_ctypes.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00119808 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32file.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00108544 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32security.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00007168 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\hashobjs_ext.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00017408 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\usb_ext.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00167936 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32gui.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00018432 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32event.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00013824 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\common.time34.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00036864 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_psutil_windows.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00038912 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32inet.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00011264 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32crypt.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00070656 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._html2.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00027136 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_multiprocessing.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00020480 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\_yappi.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00035840 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32process.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00686080 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\unicodedata.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00122368 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._wizard.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00024064 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32pipe.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00010240 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\select.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00025600 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32pdh.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00525640 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\windows._lib_cacheinvalidation.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00017408 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32profile.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00022528 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\win32ts.pyd
2015-05-13 18:03 - 2015-05-13 18:03 - 00078336 _____ () C:\Users\Mateusz\AppData\Local\Temp\_MEI22562\wx._animate.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mateusz\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Mateusz\Desktop\2015-04-30 20.14.55.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mateusz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\xnview_wallpaper_20130414.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AcronisOSSReinstallSvc => 2
MSCONFIG\Services: OMSI download service => 2
MSCONFIG\Services: TunngleService => 3
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "332BigDog"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "Sony Ericsson PC Suite"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\StartupApproved\Run: => "DVDFab VDrive"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{DF55086D-96A3-4C08-9D86-94FBC0F3AA3D}] => (Allow) C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F0F6EC4-E724-42C5-BDCB-04296793BE47}] => (Allow) C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{6883A27E-2A55-4937-B4A6-6A173BFD9F7F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{41A877D2-0749-4C92-81C9-EE66DB6762B8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5C79CDE1-4BBE-43FB-B02D-925A192F06F7}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7A00CAB9-CA50-43E3-A05B-A86D10C2B3EA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2A933190-DF4B-4773-BBCD-3F0E188B4B76}] => (Allow) G:\Torrent\uTorrent.exe
FirewallRules: [{2DA36EF3-E214-4D04-9DBD-C8C75DE4273A}] => (Allow) G:\Torrent\uTorrent.exe
FirewallRules: [{868B1C1E-73E1-4C4B-B085-DAF49CA9DC0B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{AC27F5AB-6D02-4DE8-AD75-5A9875A62499}] => (Allow) F:\Gry\FIFA 13\Game\fifa13.exe
FirewallRules: [{DC5C7D91-544E-4BA3-8125-D62164390012}] => (Allow) F:\Gry\FIFA 13\Game\fifa13.exe
FirewallRules: [TCP Query User{C37E49D3-A189-43B6-A328-267DAD23CF94}F:\gry\fifa 13\game\fifa13.exe] => (Block) F:\gry\fifa 13\game\fifa13.exe
FirewallRules: [UDP Query User{D8D8B41F-9487-4870-911D-15875D5CB03C}F:\gry\fifa 13\game\fifa13.exe] => (Block) F:\gry\fifa 13\game\fifa13.exe
FirewallRules: [{0291E927-84AB-426C-9564-CB27E571F04C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{90CCC28C-2022-4860-BBC6-FA37113F6C33}F:\gry\chivalry medieval warfare\binaries\win32\udk.exe] => (Allow) F:\gry\chivalry medieval warfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{4740DBA7-CE47-4C78-8EF8-10D2AEF94C09}F:\gry\chivalry medieval warfare\binaries\win32\udk.exe] => (Allow) F:\gry\chivalry medieval warfare\binaries\win32\udk.exe
FirewallRules: [{6D6E3497-D21B-4F12-8497-597505165686}] => (Allow) D:\Tunngle\TnglCtrl.exe
FirewallRules: [{0A4E3956-759A-4FB1-B799-CED79EE5DBB7}] => (Allow) D:\Tunngle\TnglCtrl.exe
FirewallRules: [{6366C145-FDCC-47AF-B617-24D6B7662B5A}] => (Allow) D:\Tunngle\Tunngle.exe
FirewallRules: [{14A23BEC-22C5-4B6E-B35D-18CF8286C1E2}] => (Allow) D:\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{7FBC4B95-5765-4EF9-9861-1ADC6630671D}F:\gry\chivalry medieval warfare\binaries\win32\udk.exe] => (Allow) F:\gry\chivalry medieval warfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{BB0EB4AB-CBDF-4E28-BB94-FEDD61B17EF8}F:\gry\chivalry medieval warfare\binaries\win32\udk.exe] => (Allow) F:\gry\chivalry medieval warfare\binaries\win32\udk.exe
FirewallRules: [TCP Query User{703BB822-FB5E-4696-A8A3-BC93A64F2FC8}F:\gry\outlast\binaries\win64\olgame.exe] => (Allow) F:\gry\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{EFAAE407-1C17-4D63-827C-F930E14CDE71}F:\gry\outlast\binaries\win64\olgame.exe] => (Allow) F:\gry\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{70967A44-9F3B-4727-9C01-654576ECA5EE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EE148556-9B41-4981-8B04-8E8A0F79FF34}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{770B6B7A-9067-4DE6-9993-9085AC2D2E55}C:\users\mateusz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mateusz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7324B1BB-0A35-47C4-8C66-4971166FA2E7}C:\users\mateusz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mateusz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{40AD4C84-0EBA-43C5-A53A-D70D6E36E575}C:\users\mateusz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mateusz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D7E35256-E85D-40D7-9F2B-FF73038C9F2C}C:\users\mateusz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mateusz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6A460646-F1B4-466C-9A70-CFC0CF707D56}F:\gry\samoloty\wowplauncher.exe] => (Allow) F:\gry\samoloty\wowplauncher.exe
FirewallRules: [UDP Query User{759FF433-0237-4373-A17B-14D986373E21}F:\gry\samoloty\wowplauncher.exe] => (Allow) F:\gry\samoloty\wowplauncher.exe
FirewallRules: [{8DB674D2-4F4D-4D28-B4A6-BDFDC25C5455}] => (Allow) F:\Gry\FarCry2\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{B62D4521-C9A3-4C49-BC93-045AB30256D1}] => (Allow) F:\Gry\FarCry2\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{B88D26A5-BE2E-4F6F-8FFE-6BFEBF98EB8A}] => (Allow) F:\Gry\FarCry2\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{58A34703-54DA-409C-A0C6-370A39DF1715}] => (Allow) F:\Gry\FarCry2\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{5BB61E6D-17D1-40DC-B0E8-8F797FDA2BF6}] => (Allow) F:\Gry\FarCry2\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{2EFAF960-8E69-4BD5-94CF-D872DE2E4A4D}] => (Allow) F:\Gry\FarCry2\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{10EE3A45-5405-4309-91D7-2507F0CE1539}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F455693-2FC6-40EA-83F5-796B0191AB70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6EF4490E-3B7A-4E05-985E-C474B9C3AB81}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0B4376D8-2B9B-4FE4-890E-5F96232B320F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{233F579C-4DB7-453E-8582-01FF2C4DAB5B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2A461BC3-2D37-471A-A19A-D663C5C6200E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A5FA9519-DF17-4835-9349-3480E0889B22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F9465C31-0012-4820-BA9C-FE0C07550904}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{30B9C88C-E03C-4523-947A-1E6BFD20C81E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A152A94D-2777-497D-B673-47EBD8E0EEC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E21938CE-C945-4E7C-A1EF-26C8DB200542}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{64B8BC4A-E6DF-4C61-A098-B6F981EB6961}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{847F8A62-E846-4117-9AE1-1FB9C61F716E}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{007E9F5E-C48B-438F-9451-D0DD4C7B5A45}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{B2DD1BAC-3B6D-44D3-BD2C-5FA295CB70AD}F:\gry\farcry2\far cry 2\bin\farcry2.exe] => (Block) F:\gry\farcry2\far cry 2\bin\farcry2.exe
FirewallRules: [UDP Query User{67601EC3-6C1F-4E0B-98BE-9A0E0CF74142}F:\gry\farcry2\far cry 2\bin\farcry2.exe] => (Block) F:\gry\farcry2\far cry 2\bin\farcry2.exe
FirewallRules: [{451F0A75-BD4E-4DE1-9F94-B9B41BD4FD12}] => (Allow) C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0719566E-3966-486E-9E5F-B41BBAD9448F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/13/2015 00:46:11 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Błąd w pliku manifestu lub w pliku zasad "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" w wierszu Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definicja to Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/12/2015 11:49:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Błąd w pliku manifestu lub w pliku zasad "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" w wierszu Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definicja to Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/12/2015 10:57:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Błąd w pliku manifestu lub w pliku zasad "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" w wierszu Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definicja to Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (05/11/2015 10:38:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/11/2015 10:12:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mawlo)
Description: Aktywacja aplikacji Microsoft.SkypeApp_kzf8qxf38zg5c!App nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
 
Error: (05/10/2015 11:46:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [6]
 
Error: (05/10/2015 11:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: nvstreamsvc.exe, wersja: 1.7.321.0, sygnatura czasowa: 0x52f17b5b
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.3.9600.17736, sygnatura czasowa: 0x550f4336
Kod wyjątku: 0xc0000142
Przesunięcie błędu: 0x00000000000ec180
Identyfikator procesu powodującego błąd: 0xf90
Godzina uruchomienia aplikacji powodującej błąd: 0xnvstreamsvc.exe0
Ścieżka aplikacji powodującej błąd: nvstreamsvc.exe1
Ścieżka modułu powodującego błąd: nvstreamsvc.exe2
Identyfikator raportu: nvstreamsvc.exe3
Pełna nazwa pakietu powodującego błąd: nvstreamsvc.exe4
Identyfikator aplikacji względem pakietu powodującego błąd: nvstreamsvc.exe5
 
Error: (05/10/2015 06:09:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/10/2015 04:51:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program wwahost.exe w wersji 6.3.9600.17415 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.
 
Identyfikator procesu: 1434
 
Godzina rozpoczęcia: 01d08b386b4ba8cf
 
Godzina zakończenia: 4294967295
 
Ścieżka aplikacji: C:\WINDOWS\syswow64\wwahost.exe
 
Identyfikator raportu: 5f93af5c-f72c-11e4-bf22-b888e39970e9
 
Pełna nazwa pakietu powodującego błąd: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
 
Identyfikator aplikacji względem pakietu powodującego błąd: App
 
Error: (05/10/2015 04:47:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Błąd w pliku manifestu lub w pliku zasad "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" w wierszu Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definicja to Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
 
System errors:
=============
Error: (05/13/2015 05:58:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
 
Ścieżka modułu: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (05/13/2015 05:58:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
 
Ścieżka modułu: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (05/13/2015 05:55:08 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: 
%%1056.
 
Error: (05/13/2015 05:55:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: 
%%1056.
 
Error: (05/13/2015 05:54:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
 
Ścieżka modułu: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (05/13/2015 05:54:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/13/2015 05:54:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Intel® Capability Licensing Service Interface niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/13/2015 05:54:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (05/13/2015 05:54:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Intel® Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (05/13/2015 05:54:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
 
Microsoft Office Sessions:
=========================
Error: (05/13/2015 00:46:11 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 
Error: (05/12/2015 11:49:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 
Error: (05/12/2015 10:57:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 
Error: (05/11/2015 10:38:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/11/2015 10:12:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mawlo)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
 
Error: (05/10/2015 11:46:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [6]
 
Error: (05/10/2015 11:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.7.321.052f17b5bKERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec180f9001d08b7327126cc7C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll64c3bd6d-f766-11e4-bf23-b888e39970e9
 
Error: (05/10/2015 06:09:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/10/2015 04:51:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415143401d08b386b4ba8cf4294967295C:\WINDOWS\syswow64\wwahost.exe5f93af5c-f72c-11e4-bf22-b888e39970e9Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/10/2015 04:47:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-10 19:53:07.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:53:07.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:53:06.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:53:01.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:53:01.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:53:00.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:53:00.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:52:59.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:52:59.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 19:52:58.558
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 31%
Total physical RAM: 6009.77 MB
Available physical RAM: 4143.88 MB
Total Pagefile: 6969.77 MB
Available Pagefile: 4771.24 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows8) (Fixed) (Total:149.66 GB) (Free:55.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Programy) (Fixed) (Total:54.51 GB) (Free:51.44 GB) NTFS
Drive f: (Rozrywka) (Fixed) (Total:295.79 GB) (Free:157.96 GB) NTFS
Drive g: (Dane) (Fixed) (Total:408.88 GB) (Free:346.11 GB) NTFS
Drive h: (Baldur's Gate) (CDROM) (Total:4.86 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B353508E)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Mateusz (administrator) on MAWLO on 13-05-2015 18:15:21
Running from C:\Users\Mateusz\Desktop
Loaded Profiles: Mateusz (Available profiles: Mateusz & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [2086984 2012-11-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\Quick Time\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1906192 2015-05-07] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Sony Ericsson PC Suite] => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [466944 2011-06-17] (Sony Ericsson Mobile Communications AB)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [ALLUpdate] => D:\ALLPlayer\ALLUpdate.exe [2995712 2013-04-14] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Spotify] => C:\Users\Mateusz\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Spotify Web Helper] => C:\Users\Mateusz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Facebook Update] => C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-05] (Facebook Inc.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Google Update] => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-18] (Google Inc.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [DVDFab VDrive] => C:\Program Files\DVDFab Virtual Drive\vdrive.exe [364960 2014-05-12] (DVDFab Software)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\MountPoints2: {8d4ce55f-1e46-11e4-befe-b888e39970e9} - "H:\Baldur.exe" 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-05] (Oracle Corporation)
BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> D:\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AE8E5C4F-4758-4C1A-B6C0-93071C4D650C}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll [2012-02-14] (id Software Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-20] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @talk.google.com/O1DPlugin -> C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mateusz\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mateusz\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://lenovo13.msn.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "\r\nhxxp://www.idg.pl/start\r\n"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.co.uk/{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-05-22]
CHR Extension: (UK TV Live) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedincdnmklibidmafmgcbijgbgdjigh [2014-09-10]
CHR Extension: (Google Drive) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (YouTube) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2013-05-22]
CHR Extension: (Juventus Social Wall) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafaiapjnboakngjebdcgbaabglhjego [2013-05-22]
CHR Extension: (All United Kingdom Newspapers) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiphjikgdmioglkkbgdangkbfjpekfa [2014-09-10]
CHR Extension: (3D Bowling ) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-05-22]
CHR Extension: (AdBlock) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-03]
CHR Extension: (Bookmark Manager) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-10]
CHR Extension: (Next Bus London) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod [2014-09-10]
CHR Extension: (Full Movies) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnklkphpkeohjnlnmcpnbeboidifemk [2014-09-10]
CHR Extension: (Flash Player) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpbajmogfhlafbipjjklkdhloplicgc [2014-09-10]
CHR Extension: (Virgin Media - TV Guide) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcibkmlmeajifpnkkagcokggjlmcone [2014-09-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Maps) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-05-22]
CHR Extension: (Google Wallet) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (House Of Fear) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojphiilgoeagpamnpgpmgepoomcmhemj [2014-09-10]
CHR Extension: (Paper Notes) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\peiamebfimhocbnbdfdihoehhidbifko [2013-05-22]
CHR Extension: (Gmail) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
CHR Extension: (Abstract-Blue) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2135304 2010-03-10] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S4 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-08-07] (Alcohol Soft Development Team)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R1 dvdfabio; C:\WINDOWS\system32\drivers\dvdfabio.sys [12704 2014-05-12] (DVDFab Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-07] (Duplex Secure Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 MpKsl5136b7ea; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED2954EA-4EBB-4F9E-8F37-8F58FCFF9CB4}\MpKsl5136b7ea.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-13 18:13 - 2015-05-13 17:48 - 02102784 _____ (Farbar) C:\Users\Mateusz\Desktop\FRST64.exe
2015-05-13 18:12 - 2015-05-13 18:15 - 00026729 _____ () C:\Users\Mateusz\Desktop\FRST.txt
2015-05-13 18:12 - 2015-05-13 18:12 - 00057571 _____ () C:\Users\Mateusz\Desktop\Addition.txt
2015-05-13 18:06 - 2015-05-13 18:06 - 00057571 _____ () C:\Users\Mateusz\Downloads\Addition.txt
2015-05-13 18:05 - 2015-05-13 18:06 - 00053128 _____ () C:\Users\Mateusz\Downloads\FRST.txt
2015-05-13 18:04 - 2015-05-13 18:04 - 00000918 _____ () C:\Users\Mateusz\Desktop\AdwCleaner[S0].txt
2015-05-13 18:00 - 2015-05-13 18:00 - 00000320 _____ () C:\WINDOWS\PFRO.log
2015-05-13 17:48 - 2015-05-13 18:15 - 00000000 ____D () C:\FRST
2015-05-13 17:48 - 2015-05-13 17:54 - 00000000 ____D () C:\AdwCleaner
2015-05-13 17:48 - 2015-05-13 17:48 - 02102784 _____ (Farbar) C:\Users\Mateusz\Downloads\FRST64.exe
2015-05-13 17:47 - 2015-05-13 17:47 - 02204160 _____ () C:\Users\Mateusz\Downloads\adwcleaner_4.203.exe
2015-05-12 22:41 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:41 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:03 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 22:03 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 22:03 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 22:03 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 22:02 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 22:02 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 22:02 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 22:02 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 22:02 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 22:02 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 22:02 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 22:01 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 22:01 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 22:01 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 22:01 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 22:01 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 22:01 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 22:01 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 22:01 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 22:01 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 22:01 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 22:01 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 22:01 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 22:00 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 22:00 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 22:00 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 22:00 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 22:00 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 22:00 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 22:00 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 22:00 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 22:00 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 22:00 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 22:00 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 22:00 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 22:00 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 21:59 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 21:59 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 21:58 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 21:58 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 21:58 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 21:58 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 21:58 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 21:58 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 21:58 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 21:58 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 21:58 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 21:58 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 21:58 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 21:58 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 21:58 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 21:58 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 21:58 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 21:58 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 21:58 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 21:58 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 21:58 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 21:58 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 21:58 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 21:58 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 21:58 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 21:58 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 21:58 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 21:58 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 21:58 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 21:58 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 21:58 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 21:58 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 21:58 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 21:58 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 21:58 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 21:58 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 21:58 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 21:58 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 21:58 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 21:58 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 21:58 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-10 17:41 - 2015-05-10 17:41 - 00002293 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-10 17:41 - 2015-05-10 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-10 14:16 - 2015-05-13 18:13 - 00002121 _____ () C:\WINDOWS\setupact.log
2015-05-10 14:16 - 2015-05-10 14:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-10 10:18 - 2015-05-10 10:18 - 00012598 _____ () C:\Users\Mateusz\Desktop\hijackthis.log
2015-05-10 10:14 - 2015-05-10 10:14 - 00012899 _____ () C:\Users\Mateusz\Downloads\hijackthis.log
2015-05-10 10:12 - 2015-05-10 10:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mateusz\Downloads\HijackThis.exe
2015-05-10 10:10 - 2015-05-13 18:04 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-05-09 21:46 - 2015-05-09 21:46 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-09 21:43 - 2015-05-12 21:54 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\Users\Mateusz\Documents\Simply Super Software
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Simply Super Software
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-05-09 21:41 - 2015-05-09 21:41 - 38600416 _____ (Simply Super Software ) C:\Users\Mateusz\Downloads\trjsetup692 (1).exe
2015-05-09 21:40 - 2015-05-09 21:41 - 38600416 _____ (Simply Super Software ) C:\Users\Mateusz\Downloads\trjsetup692.exe
2015-05-04 12:48 - 2015-05-13 18:03 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 12:47 - 2015-05-04 12:47 - 00001126 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 12:47 - 2015-05-04 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-04 12:47 - 2015-05-04 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 12:47 - 2015-05-04 12:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-04 12:47 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-04 12:47 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-04 12:47 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-04 12:46 - 2015-05-04 12:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mateusz\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-04 11:36 - 2015-05-04 11:36 - 00000000 _____ () C:\autoexec.bat
2015-05-04 11:34 - 2015-05-04 11:35 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Mateusz\Downloads\SpyHunter-Installer.exe
2015-04-27 22:24 - 2015-04-27 22:24 - 00000000 __SHD () C:\Users\Mateusz\AppData\Local\EmieBrowserModeList
2015-04-24 21:53 - 2015-04-24 21:53 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Mozilla
2015-04-14 23:19 - 2015-04-14 23:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-14 23:19 - 2015-04-14 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-14 18:45 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 18:45 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 18:45 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 18:45 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 18:45 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 18:45 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 18:45 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 18:45 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 18:45 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 18:45 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 18:45 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 18:45 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 18:45 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 18:45 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 18:45 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 18:45 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 18:45 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 18:45 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 18:45 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 18:44 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 18:44 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 18:44 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 18:44 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 18:44 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 18:44 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 18:44 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 18:44 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 18:44 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 18:44 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 18:44 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 18:44 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 18:44 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 18:44 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 18:44 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 18:44 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 18:44 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 18:44 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 18:44 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 18:44 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 18:43 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 18:43 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 18:43 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 18:43 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 18:43 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 18:43 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 18:43 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 03:38 - 2015-04-14 03:38 - 01217192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL
2015-04-13 09:46 - 2015-04-13 09:46 - 12427896 _____ (Lenovo Group Limited ) C:\Users\Mateusz\Desktop\hew801ww.exe
2015-04-13 09:45 - 2015-04-13 09:46 - 12427896 _____ (Lenovo Group Limited ) C:\Users\Mateusz\Downloads\hew801ww.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-13 18:13 - 2014-03-18 20:58 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA.job
2015-05-13 18:05 - 2015-02-26 02:39 - 01556567 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-13 18:04 - 2013-03-09 23:53 - 00000000 ___RD () C:\Users\Mateusz\Dysk Google
2015-05-13 18:02 - 2014-07-02 14:40 - 00001064 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf95fb36a36a9d.job
2015-05-13 18:01 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-13 18:00 - 2013-08-22 15:44 - 00482960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 18:00 - 2013-03-13 19:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 18:00 - 2013-03-13 19:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 17:58 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-13 17:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 17:57 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 17:54 - 2014-04-13 17:34 - 17703948 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-13 17:54 - 2012-11-15 11:05 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-05-13 17:39 - 2014-10-25 09:34 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cff02e80cf44da.job
2015-05-13 17:39 - 2014-02-07 11:17 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf23edd2f23013.job
2015-05-13 17:26 - 2013-11-21 13:53 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-13 17:18 - 2014-10-22 21:08 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1cfee33ee9d4310.job
2015-05-13 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-13 15:44 - 2014-05-04 17:46 - 00003980 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAEA2F8E-D2E2-4030-A17C-B90EFED800D1}
2015-05-12 22:56 - 2013-03-08 13:03 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4180348483-3892570222-3344817083-1002
2015-05-12 22:55 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 22:44 - 2013-03-11 11:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 22:41 - 2013-08-15 14:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 22:35 - 2013-03-08 14:23 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:32 - 2013-03-13 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:29 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 22:18 - 2014-07-02 22:24 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1cf963bf2184d9c.job
2015-05-10 17:41 - 2013-03-08 13:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-10 14:10 - 2013-03-13 17:32 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\uTorrent
2015-05-10 10:19 - 2014-11-15 23:13 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1d001216a742995.job
2015-05-10 10:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-10 10:13 - 2013-03-08 12:55 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\VirtualStore
2015-05-09 23:08 - 2014-04-09 22:16 - 00000000 ____D () C:\Users\Mateusz
2015-05-09 22:24 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-05-09 20:23 - 2013-03-09 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-05 18:59 - 2015-03-12 21:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2015-03-12 21:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 13:34 - 2013-11-17 22:34 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Spotify
2015-05-03 23:24 - 2013-11-17 22:34 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Spotify
2015-05-02 22:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-30 20:22 - 2014-03-10 15:36 - 00001078 _____ () C:\Users\Mateusz\Desktop\Dropbox.lnk
2015-04-30 20:22 - 2014-03-10 15:36 - 00000000 ___RD () C:\Users\Mateusz\Dropbox
2015-04-30 20:22 - 2014-03-10 15:34 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-30 20:22 - 2014-03-10 15:33 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Dropbox
2015-04-24 21:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:19 - 2013-11-05 17:22 - 00000000 ____D () C:\ProgramData\Skype
2015-04-14 23:18 - 2012-07-26 06:26 - 00000191 _____ () C:\WINDOWS\win.ini
2015-04-14 23:15 - 2014-12-13 23:20 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 23:15 - 2014-07-10 23:24 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 19:26 - 2013-11-21 13:53 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 18:43 - 2014-11-12 12:48 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 18:36 - 2013-09-30 05:15 - 01825074 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-14 18:36 - 2013-09-30 04:56 - 00807160 _____ () C:\WINDOWS\system32\perfh015.dat
2015-04-14 18:36 - 2013-09-30 04:56 - 00163478 _____ () C:\WINDOWS\system32\perfc015.dat
 
==================== Files in the root of some directories =======
 
2013-04-22 09:22 - 2013-04-22 09:22 - 0003584 _____ () C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 22:32 - 2015-03-29 22:32 - 0013314 _____ () C:\Users\Mateusz\AppData\Local\recently-used.xbel
2012-11-15 10:45 - 2012-11-15 10:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-24 15:26 - 2013-03-24 15:26 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpeCE2F.dll
 
Files to move or delete:
====================
C:\ProgramData\hpeCE2F.dll
 
 
Some content of TEMP:
====================
C:\Users\Mateusz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptmyau3.dll
C:\Users\Mateusz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpza6d4s.dll
C:\Users\Mateusz\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Mateusz\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Mateusz\AppData\Local\Temp\Quarantine.exe
C:\Users\Mateusz\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-06 20:39
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 13 May 2015 - 08:35 PM

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 mawlo89

mawlo89
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 15 May 2015 - 04:11 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 8.1 Pro x64
Ran by Mateusz on 2015-05-15 at 19:08:37,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4180348483-3892570222-3344817083-1002
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\wininit.ini
Successfully deleted: [File] C:\Users\Mateusz\appdata\local\google\chrome\user data\default\local storage\http_www.best-deals-products.com_0.localstorage
Successfully deleted: [File] C:\Users\Mateusz\appdata\local\google\chrome\user data\default\local storage\http_www.best-deals-products.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Mateusz\appdata\local\google\chrome\user data\default\local storage\https_www.best-deals-products.com_0.localstorage
Successfully deleted: [File] C:\Users\Mateusz\appdata\local\google\chrome\user data\default\local storage\https_www.best-deals-products.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-05-15 at 19:11:40,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Emsisoft Emergency Kit -Wersja 9.0
Ostatnia aktualizacja: 2015-05-15 19:30:55
Nazwa użytkownika: mawlo\Mateusz
 
Ustawienia skanera:
 
Typ skanu: Pełny skan
Obiekty: Rootkity, Pamięć, Ślady, C:\, D:\, F:\, G:\
 
Wykrywanie PNP: Włączone
Skanowanie plików skompresowanych: Włączone
Skanowanie ADS: Włączone
Filtr rozszerzeń plików: Wyłączone
Zaawansowana pamięć podręczna: Włączone
Bezpośredni dostęp do dysku: Wyłączone
 
Skanowanie uruchomiono: 2015-05-15 19:34:25
Value: HKEY_USERS\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Wykryto: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Wykryto: Setting.DisableRegistryTools (A)
 
Przeskanowano: 349714
Wykryto: 2
 
Koniec skanu: 2015-05-15 21:57:36
Skan trwał: 2:23:11
 
Value: HKEY_USERS\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Poddany kwarantannie Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Poddany kwarantannie Setting.DisableTaskMgr (A)
 
Poddany kwarantannie 2
 
 
 
 


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 16 May 2015 - 04:42 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 mawlo89

mawlo89
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 19 May 2015 - 10:51 AM

Still infected.... even now is worst :/

 

here is screenshot:

http://i.imgur.com/dogHBW0.png


Edited by mawlo89, 19 May 2015 - 10:53 AM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 20 May 2015 - 03:31 PM

Please run FRST again and post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 mawlo89

mawlo89
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 May 2015 - 01:45 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Mateusz (administrator) on MAWLO on 21-05-2015 19:37:26
Running from C:\Users\Mateusz\Desktop
Loaded Profiles: Mateusz &  (Available profiles: Mateusz & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Facebook Inc.) C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Lenovo) C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771544 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770520 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-15] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-15] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [2086984 2012-11-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\Quick Time\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1906192 2015-05-07] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Sony Ericsson PC Suite] => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [466944 2011-06-17] (Sony Ericsson Mobile Communications AB)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [ALLUpdate] => D:\ALLPlayer\ALLUpdate.exe [2995712 2013-04-14] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Spotify] => C:\Users\Mateusz\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Spotify Web Helper] => C:\Users\Mateusz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Facebook Update] => C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-05] (Facebook Inc.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [Google Update] => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-18] (Google Inc.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [DVDFab VDrive] => C:\Program Files\DVDFab Virtual Drive\vdrive.exe [364960 2014-05-12] (DVDFab Software)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\...\MountPoints2: {8d4ce55f-1e46-11e4-befe-b888e39970e9} - "H:\Baldur.exe" 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony Ericsson PC Suite] => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [466944 2011-06-17] (Sony Ericsson Mobile Communications AB)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ALLUpdate] => D:\ALLPlayer\ALLUpdate.exe [2995712 2013-04-14] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Mateusz\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Mateusz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-05] (Facebook Inc.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-18] (Google Inc.)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DVDFab VDrive] => C:\Program Files\DVDFab Virtual Drive\vdrive.exe [364960 2014-05-12] (DVDFab Software)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8d4ce55f-1e46-11e4-befe-b888e39970e9} - "H:\Baldur.exe" 
HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-05] (Oracle Corporation)
BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> D:\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AE8E5C4F-4758-4C1A-B6C0-93071C4D650C}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll [2012-02-14] (id Software Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-20] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @talk.google.com/O1DPlugin -> C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Mateusz\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mateusz\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://lenovo13.msn.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "\r\nhxxp://www.idg.pl/start\r\n"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.co.uk/{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-05-22]
CHR Extension: (UK TV Live) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedincdnmklibidmafmgcbijgbgdjigh [2014-09-10]
CHR Extension: (Google Drive) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (YouTube) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2013-05-22]
CHR Extension: (Juventus Social Wall) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafaiapjnboakngjebdcgbaabglhjego [2013-05-22]
CHR Extension: (All United Kingdom Newspapers) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiphjikgdmioglkkbgdangkbfjpekfa [2014-09-10]
CHR Extension: (3D Bowling ) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-05-22]
CHR Extension: (AdBlock) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-03]
CHR Extension: (Bookmark Manager) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-10]
CHR Extension: (Next Bus London) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod [2014-09-10]
CHR Extension: (Full Movies) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnklkphpkeohjnlnmcpnbeboidifemk [2014-09-10]
CHR Extension: (Flash Player) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpbajmogfhlafbipjjklkdhloplicgc [2014-09-10]
CHR Extension: (Virgin Media - TV Guide) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcibkmlmeajifpnkkagcokggjlmcone [2014-09-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Maps) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-05-22]
CHR Extension: (Google Wallet) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (House Of Fear) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojphiilgoeagpamnpgpmgepoomcmhemj [2014-09-10]
CHR Extension: (Paper Notes) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\peiamebfimhocbnbdfdihoehhidbifko [2013-05-22]
CHR Extension: (Gmail) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
CHR Extension: (Abstract-Blue) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2135304 2010-03-10] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S4 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-08-07] (Alcohol Soft Development Team)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-15] (Emsisoft GmbH)
R1 dvdfabio; C:\WINDOWS\system32\drivers\dvdfabio.sys [12704 2014-05-12] (DVDFab Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-07] (Duplex Secure Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 MpKsl5136b7ea; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED2954EA-4EBB-4F9E-8F37-8F58FCFF9CB4}\MpKsl5136b7ea.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 19:37 - 2015-05-21 19:38 - 00035084 _____ () C:\Users\Mateusz\Desktop\FRST.txt
2015-05-19 16:58 - 2015-05-21 19:37 - 00000000 ____D () C:\Users\Mateusz\Desktop\FRST-OlderVersion
2015-05-15 20:11 - 2015-05-21 19:29 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4180348483-3892570222-3344817083-1002
2015-05-15 19:25 - 2015-05-15 19:25 - 00000763 _____ () C:\Users\Mateusz\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-15 19:24 - 2015-05-19 17:01 - 00000000 ____D () C:\EEK
2015-05-15 19:23 - 2015-05-15 19:24 - 154740584 _____ () C:\Users\Mateusz\Downloads\EmsisoftEmergencyKit.exe
2015-05-15 19:08 - 2015-05-15 19:08 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-MAWLO-Windows-8.1-Pro-(64-bit).dat
2015-05-15 19:08 - 2015-05-15 19:08 - 00000000 ____D () C:\RegBackup
2015-05-15 19:07 - 2015-05-15 19:08 - 02721175 _____ (Thisisu) C:\Users\Mateusz\Downloads\JRT.exe
2015-05-13 18:13 - 2015-05-21 19:37 - 02108416 _____ (Farbar) C:\Users\Mateusz\Desktop\FRST64.exe
2015-05-13 18:06 - 2015-05-13 18:06 - 00057571 _____ () C:\Users\Mateusz\Downloads\Addition.txt
2015-05-13 18:05 - 2015-05-13 18:06 - 00053128 _____ () C:\Users\Mateusz\Downloads\FRST.txt
2015-05-13 18:00 - 2015-05-13 18:00 - 00000320 _____ () C:\WINDOWS\PFRO.log
2015-05-13 17:48 - 2015-05-21 19:37 - 00000000 ____D () C:\FRST
2015-05-13 17:48 - 2015-05-13 17:54 - 00000000 ____D () C:\AdwCleaner
2015-05-13 17:48 - 2015-05-13 17:48 - 02102784 _____ (Farbar) C:\Users\Mateusz\Downloads\FRST64.exe
2015-05-13 17:47 - 2015-05-13 17:47 - 02204160 _____ () C:\Users\Mateusz\Downloads\adwcleaner_4.203.exe
2015-05-12 22:55 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 22:55 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 22:41 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:41 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:03 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 22:03 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 22:03 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 22:03 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 22:02 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 22:02 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 22:02 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 22:02 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 22:02 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 22:02 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 22:02 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 22:01 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 22:01 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 22:01 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 22:01 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 22:01 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 22:01 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 22:01 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 22:01 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 22:01 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 22:01 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 22:01 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 22:01 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 22:00 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 22:00 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 22:00 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 22:00 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 22:00 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 22:00 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 22:00 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 22:00 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 22:00 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 22:00 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 22:00 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 22:00 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 22:00 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 21:59 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 21:59 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 21:58 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 21:58 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 21:58 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 21:58 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 21:58 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 21:58 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 21:58 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 21:58 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 21:58 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 21:58 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 21:58 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 21:58 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 21:58 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 21:58 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 21:58 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 21:58 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 21:58 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 21:58 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 21:58 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 21:58 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 21:58 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 21:58 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 21:58 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 21:58 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 21:58 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 21:58 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 21:58 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 21:58 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 21:58 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 21:58 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 21:58 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 21:58 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 21:58 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 21:58 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 21:58 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 21:58 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 21:58 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 21:58 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 21:58 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-10 17:41 - 2015-05-15 20:06 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-10 17:41 - 2015-05-10 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-10 14:16 - 2015-05-21 19:24 - 00003708 _____ () C:\WINDOWS\setupact.log
2015-05-10 14:16 - 2015-05-10 14:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-10 10:18 - 2015-05-10 10:18 - 00012598 _____ () C:\Users\Mateusz\Desktop\hijackthis.log
2015-05-10 10:14 - 2015-05-10 10:14 - 00012899 _____ () C:\Users\Mateusz\Downloads\hijackthis.log
2015-05-10 10:12 - 2015-05-10 10:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mateusz\Downloads\HijackThis.exe
2015-05-10 10:10 - 2015-05-19 16:51 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-05-09 21:46 - 2015-05-09 21:46 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-09 21:43 - 2015-05-12 21:54 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\Users\Mateusz\Documents\Simply Super Software
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Simply Super Software
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-05-09 21:43 - 2015-05-09 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-05-09 21:41 - 2015-05-09 21:41 - 38600416 _____ (Simply Super Software ) C:\Users\Mateusz\Downloads\trjsetup692 (1).exe
2015-05-09 21:40 - 2015-05-09 21:41 - 38600416 _____ (Simply Super Software ) C:\Users\Mateusz\Downloads\trjsetup692.exe
2015-05-04 12:48 - 2015-05-19 22:43 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 12:47 - 2015-05-04 12:47 - 00001126 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 12:47 - 2015-05-04 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-04 12:47 - 2015-05-04 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 12:47 - 2015-05-04 12:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-04 12:47 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-04 12:47 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-04 12:47 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-04 12:46 - 2015-05-04 12:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mateusz\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-04 11:36 - 2015-05-04 11:36 - 00000000 _____ () C:\autoexec.bat
2015-05-04 11:34 - 2015-05-04 11:35 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Mateusz\Downloads\SpyHunter-Installer.exe
2015-04-27 22:24 - 2015-04-27 22:24 - 00000000 __SHD () C:\Users\Mateusz\AppData\Local\EmieBrowserModeList
2015-04-24 21:53 - 2015-04-24 21:53 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Mozilla
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 19:32 - 2014-05-04 17:46 - 00003980 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAEA2F8E-D2E2-4030-A17C-B90EFED800D1}
2015-05-21 19:29 - 2015-02-26 02:39 - 01699629 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 19:26 - 2013-11-21 13:53 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-21 19:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-21 19:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-21 19:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-20 03:39 - 2014-10-25 09:34 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cff02e80cf44da.job
2015-05-20 03:39 - 2014-02-07 11:17 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf23edd2f23013.job
2015-05-20 03:18 - 2014-10-22 21:08 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1cfee33ee9d4310.job
2015-05-20 03:13 - 2014-03-18 20:58 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA.job
2015-05-20 03:12 - 2015-02-06 23:56 - 00001064 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d042601ce450a0.job
2015-05-20 03:12 - 2015-02-04 11:13 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1d040633b1dcf04.job
2015-05-20 03:12 - 2014-11-14 00:34 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfff9a6b5b9e87.job
2015-05-20 03:07 - 2015-02-06 23:56 - 00003804 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d042601ce450a0
2015-05-20 03:07 - 2014-11-14 00:34 - 00004040 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cfff9a6b5b9e87
2015-05-19 23:01 - 2014-07-02 14:40 - 00001064 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf95fb36a36a9d.job
2015-05-19 22:18 - 2014-07-02 22:24 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1cf963bf2184d9c.job
2015-05-19 22:12 - 2014-11-15 23:13 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1d001216a742995.job
2015-05-19 22:07 - 2015-02-04 11:13 - 00004028 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002UA1d040633b1dcf04
2015-05-19 22:07 - 2014-11-15 23:13 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4180348483-3892570222-3344817083-1002Core1d001216a742995
2015-05-19 16:43 - 2013-03-09 23:53 - 00000000 ___RD () C:\Users\Mateusz\Dysk Google
2015-05-16 22:16 - 2014-04-13 17:34 - 17787004 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-16 22:16 - 2013-03-12 01:45 - 00000441 _____ () C:\Users\Mateusz\Desktop\notki.txt
2015-05-15 22:12 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-15 22:12 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-13 18:00 - 2013-08-22 15:44 - 00482960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 18:00 - 2013-03-13 19:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 18:00 - 2013-03-13 19:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 17:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 17:57 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 17:54 - 2012-11-15 11:05 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-05-12 22:44 - 2013-03-11 11:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 22:41 - 2013-08-15 14:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 22:35 - 2013-03-08 14:23 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:32 - 2013-03-13 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:29 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-10 17:41 - 2013-03-08 13:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-10 14:10 - 2013-03-13 17:32 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\uTorrent
2015-05-10 10:13 - 2013-03-08 12:55 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\VirtualStore
2015-05-09 23:08 - 2014-04-09 22:16 - 00000000 ____D () C:\Users\Mateusz
2015-05-09 22:24 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-05-09 20:23 - 2013-03-09 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-05 18:59 - 2015-03-12 21:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2015-03-12 21:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 13:34 - 2013-11-17 22:34 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Spotify
2015-05-03 23:24 - 2013-11-17 22:34 - 00000000 ____D () C:\Users\Mateusz\AppData\Local\Spotify
2015-05-02 22:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-30 20:22 - 2014-03-10 15:36 - 00001078 _____ () C:\Users\Mateusz\Desktop\Dropbox.lnk
2015-04-30 20:22 - 2014-03-10 15:36 - 00000000 ___RD () C:\Users\Mateusz\Dropbox
2015-04-30 20:22 - 2014-03-10 15:34 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-30 20:22 - 2014-03-10 15:33 - 00000000 ____D () C:\Users\Mateusz\AppData\Roaming\Dropbox
2015-04-24 21:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
 
==================== Files in the root of some directories =======
 
2013-04-22 09:22 - 2013-04-22 09:22 - 0003584 _____ () C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 22:32 - 2015-03-29 22:32 - 0013314 _____ () C:\Users\Mateusz\AppData\Local\recently-used.xbel
2012-11-15 10:45 - 2012-11-15 10:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-24 15:26 - 2013-03-24 15:26 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpeCE2F.dll
 
Files to move or delete:
====================
C:\ProgramData\hpeCE2F.dll
 
 
Some files in TEMP:
====================
C:\Users\Mateusz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptmyau3.dll
C:\Users\Mateusz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpza6d4s.dll
C:\Users\Mateusz\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Mateusz\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Mateusz\AppData\Local\Temp\Quarantine.exe
C:\Users\Mateusz\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-06 20:39
 
==================== End of log ============================


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 24 May 2015 - 09:37 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   9.63KB   2 downloads

 

 

how is your machine running now?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 mawlo89

mawlo89
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 24 May 2015 - 09:57 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Mateusz at 2015-05-24 15:43:29 Run:1
Running from C:\Users\Mateusz\Desktop
Loaded Profiles: Mateusz &  (Available profiles: Mateusz & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
SearchScopes: HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {937B4BF9-8254-4904-9B78-5752533E0C5E} URL = 
Tcpip\..\Interfaces\{AE8E5C4F-4758-4C1A-B6C0-93071C4D650C}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CHR StartupUrls: Default -> "hxxp://google.com/", "\r\nhxxp://www.idg.pl/start\r\n"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.co.uk/{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Extension: (Entanglement Web App) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-05-22]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2013-05-22]
CHR Extension: (Juventus Social Wall) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafaiapjnboakngjebdcgbaabglhjego [2013-05-22]
CHR Extension: (3D Bowling ) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-05-22]
CHR Extension: (Paper Notes) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\peiamebfimhocbnbdfdihoehhidbifko [2013-05-22]
CHR Extension: (Gmail) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
CHR Extension: (Abstract-Blue) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-22]
CHR HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
2015-03-29 22:32 - 2015-03-29 22:32 - 0013314 _____ () C:\Users\Mateusz\AppData\Local\recently-used.xbel
2012-11-15 10:45 - 2012-11-15 10:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-24 15:26 - 2013-03-24 15:26 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpeCE2F.dll
 
 
 
*****************
 
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
http://www.idg.pl/start => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
http://www.idg.pl/start => Error: No automatic fix found for this entry.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{937B4BF9-8254-4904-9B78-5752533E0C5E}" => Key Deleted successfully.
HKCR\CLSID\{937B4BF9-8254-4904-9B78-5752533E0C5E} => Key not found. 
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{937B4BF9-8254-4904-9B78-5752533E0C5E}" => Key Deleted successfully.
HKCR\CLSID\{937B4BF9-8254-4904-9B78-5752533E0C5E} => Key not found. 
HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{937B4BF9-8254-4904-9B78-5752533E0C5E}" => Key Deleted successfully.
HKCR\CLSID\{937B4BF9-8254-4904-9B78-5752533E0C5E} => Key not found. 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE8E5C4F-4758-4C1A-B6C0-93071C4D650C}\\NameServer => value Deleted successfully.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key Deleted successfully.
C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key Deleted successfully.
C:\Users\Mateusz\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
Chrome DefaultSuggestURL not detected.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd => Moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe => Moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafaiapjnboakngjebdcgbaabglhjego => Moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm => Moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\peiamebfimhocbnbdfdihoehhidbifko => Moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa => Moved successfully.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key Deleted successfully.
C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => Key not found. 
"C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx" => File/Directory not found.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key Deleted successfully.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key Deleted successfully.
"C:\Users\Mateusz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx" => File/Directory not found.
"HKU\S-1-5-21-4180348483-3892570222-3344817083-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key Deleted successfully.
C:\Users\Mateusz\AppData\Local\recently-used.xbel => Moved successfully.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\ProgramData\hpeCE2F.dll => Moved successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 15:50:24)<=
 
C:\ProgramData\DP45977C.lfl => Is moved successfully.
 
==== End of Fixlog 15:50:24 ====
 
 
 
Unfortunatelly still infected :( 
When I open any page, ESET still is blocking http://www.superfish.com


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 25 May 2015 - 09:02 AM

Let's reset Google Chrome.

http://malwaretips.com/blogs/reset-chrome-settings/

Let me know how it does after you reset it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 27 May 2015 - 08:19 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 mawlo89

mawlo89
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 28 May 2015 - 02:08 PM

Can you please don't close topic? I'm on holiday now and I don't have a laptop. I'll do it after 6.06 and i will let you know is everything alright with it. Thx.



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 30 May 2015 - 10:18 AM

Ok i will keep it open until then. GO ahead and completly uninstall Google Chrome and reinstall it. then let me know how it goes.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users