Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirection to http://tfln.com/


  • This topic is locked This topic is locked
8 replies to this topic

#1 k_gopher

k_gopher

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 June 2015 - 05:19 PM

In firefox 38.0.5 when trying to go to http://images.google.com I am redirected to  http://tfln.com/ 

I didn't notice other redirections, or other symptoms.

Will be grateful for any help

 

FRST log follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Krzysiek (administrator) on BALON on 30-06-2015 00:13:03
Running from C:\Users\Krzysiek\Downloads
Loaded Profiles: Krzysiek (Available Profiles: Krzysiek & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Users\Krzysiek\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(IntelliBreeze Software) C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe
(Flux Software LLC) C:\Users\Krzysiek\AppData\Local\FluxSoftware\Flux\flux.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Dropbox, Inc.) C:\Users\Krzysiek\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-05-27] (VMware, Inc.)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [Google+ Auto Backup] => C:\Users\Krzysiek\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2827072 2014-04-21] (IntelliBreeze Software)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [f.lux] => C:\Users\Krzysiek\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [Dropbox Update] => C:\Users\Krzysiek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{40A84EA6-3705-4EA9-9EB4-B6FE8EF204C1}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default
FF Homepage: about:home
FF Keyword.URL: 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Krzysiek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Krzysiek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Krzysiek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Form History Control - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\formhistory@yahoo.com [2015-05-29]
FF Extension: Better Gmail 2 - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\bettergmail2@ginatrapani.org.xpi [2014-07-20]
FF Extension: Ghostery - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\firefox@ghostery.com.xpi [2014-09-11]
FF Extension: Leet Key - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2014-07-20]
FF Extension: BugMeNot Plugin - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-07-20]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}.xpi [2014-07-20]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-20]
FF Extension: Flash Video Resources Downloader - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\max@subfighter.com [2014-07-20]
FF Extension: Google Toolbar for Firefox - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-07-20]
FF Extension: iMacros for Firefox - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-28]
FF Extension: Plain Text to Link - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21} [2014-07-20]
FF Extension: No Name - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\linky@gemal.dk.xpi [2015-05-31]
FF Extension: New Tabs at the End - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\new-tabs-at-end@forerunnerdesigns.com.xpi [2015-05-28]
FF Extension: No Name - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\searchsite@DW-dev.xpi [2014-07-20]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2015-05-31]
FF Extension: BugMeNot Plugin - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-20]
FF HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Hola Better Internet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-06-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe http://www.sweet-page.com/?type=sc&ts=1411579558&from=cor&uid=ST3500418AS_9VMALQE4XXXX9VMALQE4
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-23] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-05-27] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-15] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-20] (Disc Soft Ltd)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-29] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-29] (Malwarebytes Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Krzysiek\AppData\Local\Temp\tmp16AB.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-29 23:57 - 2015-06-30 00:13 - 00029012 _____ C:\Users\Krzysiek\Downloads\FRST.txt
2015-06-29 23:57 - 2015-06-30 00:13 - 00000000 ____D C:\FRST
2015-06-29 23:56 - 2015-06-29 23:56 - 02112512 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe
2015-06-29 23:47 - 2015-06-29 23:47 - 00043524 _____ C:\ComboFix.txt
2015-06-29 23:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-29 23:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-29 23:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-29 23:15 - 2015-06-29 23:47 - 00000000 ____D C:\Qoobox
2015-06-29 23:14 - 2015-06-29 23:45 - 00000000 ____D C:\Windows\erdnt
2015-06-29 23:14 - 2015-06-29 23:14 - 05630589 ____R (Swearware) C:\Users\Krzysiek\Downloads\ComboFix.exe
2015-06-29 23:02 - 2015-06-29 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-29 23:02 - 2015-06-29 23:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 23:02 - 2015-06-29 23:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-29 23:01 - 2015-06-29 23:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Krzysiek\Downloads\mbar-1.09.1.1004.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 02950645 _____ (Malwarebytes Corporation) C:\Users\Krzysiek\Downloads\JRT.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 02244096 _____ C:\Users\Krzysiek\Downloads\AdwCleaner.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 23:01 - 2015-06-29 23:01 - 00000000 ____D C:\Users\Krzysiek\Desktop\mbar
2015-06-29 22:40 - 2015-06-29 22:40 - 00018766 _____ C:\Users\Krzysiek\Desktop\attach.txt
2015-06-29 22:10 - 2015-06-29 22:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Krzysiek\Downloads\HijackThis.exe
2015-06-27 14:09 - 2015-06-27 14:09 - 00141633 _____ C:\Users\Krzysiek\Desktop\watch.htm
2015-06-26 21:07 - 2015-06-26 21:07 - 12459304 _____ ( ) C:\Users\Krzysiek\Downloads\setup_bridge_constructor_medieval_trigger_rev3.exe
2015-06-26 21:07 - 2015-06-26 21:07 - 00000000 ____D C:\Users\Krzysiek\Downloads\resources
2015-06-26 21:07 - 2015-05-15 09:26 - 00001348 _____ C:\Users\Krzysiek\Downloads\setup.ini
2015-06-26 21:07 - 2015-05-15 09:26 - 00000141 _____ C:\Users\Krzysiek\Downloads\sku.sis
2015-06-26 21:07 - 2015-05-14 16:41 - 00194084 _____ C:\Users\Krzysiek\Downloads\splash.tga
2015-06-26 21:07 - 2014-09-05 00:12 - 01750784 _____ (Valve Corporation) C:\Users\Krzysiek\Downloads\Setup.exe
2015-06-26 21:07 - 2014-09-05 00:12 - 01138832 _____ C:\Users\Krzysiek\Downloads\SteamSetup.exe
2015-06-26 21:07 - 2014-09-05 00:12 - 00564416 _____ (Valve Corporation) C:\Users\Krzysiek\Downloads\SteamService.exe
2015-06-25 22:44 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\SymbolSourceSymbols
2015-06-25 22:44 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\RefSrcSymbols
2015-06-24 20:00 - 2015-06-24 20:00 - 01707109 _____ C:\Users\Krzysiek\Downloads\Prezentacja2.pptx
2015-06-23 23:07 - 2015-06-23 23:07 - 03416946 _____ C:\Users\Krzysiek\Downloads\update_2_0_3_5_colbox_kur.exe
2015-06-23 22:59 - 2015-06-23 22:59 - 02069947 _____ C:\Users\Krzysiek\Downloads\Carcassonne_Serialfix_HP.zip
2015-06-23 19:08 - 2015-06-23 19:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:08 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-23 19:08 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-23 18:58 - 2015-06-23 19:03 - 00000000 ____D C:\Users\Krzysiek\Documents\Virtual Machines
2015-06-23 18:53 - 2015-06-24 00:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\VMware
2015-06-23 18:53 - 2015-06-24 00:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\VMware
2015-06-23 18:51 - 2015-05-27 15:59 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-06-23 18:51 - 2015-05-27 15:59 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-06-23 18:51 - 2015-05-27 15:59 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-06-23 18:51 - 2015-05-27 15:58 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-06-23 18:51 - 2015-05-27 15:58 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-06-23 18:51 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-06-23 18:51 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-06-23 18:51 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-06-23 18:50 - 2015-06-23 18:50 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-06-23 18:50 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-06-23 18:49 - 2015-06-29 23:51 - 00000000 ____D C:\ProgramData\VMware
2015-06-23 18:49 - 2015-06-23 18:49 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-06-23 18:49 - 2015-06-23 18:49 - 00000000 ____D C:\Program Files (x86)\VMware
2015-06-23 18:46 - 2015-06-23 18:47 - 307860770 _____ C:\Users\Krzysiek\Downloads\Workstation.11.1.1.2771112.rar
2015-06-23 18:40 - 2015-06-23 18:41 - 111273672 _____ (Oracle Corporation) C:\Users\Krzysiek\Downloads\VirtualBox-4.3.28-100309-Win.exe
2015-06-21 13:44 - 2015-06-21 13:44 - 00762368 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź 1 Bałuty (1).xls
2015-06-20 13:33 - 2015-06-20 13:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Sublime Text 3
2015-06-20 13:33 - 2015-06-20 13:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Sublime Text 3
2015-06-20 13:30 - 2015-06-20 13:30 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-06-20 13:30 - 2015-06-20 13:30 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-06-20 12:54 - 2015-06-20 12:54 - 00000000 _____ C:\Windows\SysWOW64\REN9636.tmp
2015-06-20 12:51 - 2015-06-20 12:51 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\NuGet
2015-06-20 12:50 - 2015-06-20 12:55 - 00000000 ____D C:\ProgramData\chocolatey
2015-06-19 19:20 - 2015-06-19 19:20 - 00061440 _____ C:\Users\Krzysiek\Downloads\Vorschlag_Polkowice1.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00806912 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Wągrowiec.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00805888 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen_Łódź Widzew.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00740864 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Konstantynów Łódzki.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00059904 _____ C:\Users\Krzysiek\Downloads\Vorschlag_Polkowice.xls
2015-06-19 19:18 - 2015-06-19 19:18 - 00796672 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź 1 Bałuty.xls
2015-06-19 19:18 - 2015-06-19 19:18 - 00779776 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź Dąbrowa.xls
2015-06-19 19:17 - 2015-06-19 19:17 - 00089600 _____ C:\Users\Krzysiek\Downloads\Kopia Alphaliste_TERAZ.xls
2015-06-19 19:17 - 2015-06-19 19:17 - 00089600 _____ C:\Users\Krzysiek\Downloads\Kopia Alphaliste_TERAZ (1).xls
2015-06-19 19:16 - 2015-06-19 19:16 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź (2).xlsx
2015-06-19 19:15 - 2015-06-19 19:15 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź.xlsx
2015-06-19 19:15 - 2015-06-19 19:15 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź (1).xlsx
2015-06-19 19:06 - 2015-06-19 19:08 - 00000000 ____D C:\Users\Krzysiek\Desktop\grzes zdjecia
2015-06-19 18:04 - 2015-06-19 18:04 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-19 18:02 - 2015-06-30 00:07 - 00001174 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA.job
2015-06-19 18:02 - 2015-06-28 18:07 - 00001122 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core.job
2015-06-19 18:02 - 2015-06-19 18:02 - 00004154 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA
2015-06-19 18:02 - 2015-06-19 18:02 - 00003758 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core
2015-06-19 18:02 - 2015-06-19 18:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Dropbox
2015-06-19 18:02 - 2015-06-19 18:02 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-13 11:11 - 2015-06-13 11:11 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-12 20:45 - 2015-06-12 20:46 - 00647975 _____ C:\Users\Krzysiek\Downloads\Ziarno prawdy - Zygmunt Miloszewski.mobi
2015-06-11 22:08 - 2015-06-11 22:08 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 17:01 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 17:01 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 17:01 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 17:01 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 17:01 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 17:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 17:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 17:01 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 17:01 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 17:01 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 17:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 17:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 17:01 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 17:00 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 17:00 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 17:00 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 17:00 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 17:00 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 17:00 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 17:00 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 17:00 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 17:00 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 17:00 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 17:00 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 17:00 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 17:00 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 17:00 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 17:00 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 17:00 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 17:00 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 17:00 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 17:00 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 17:00 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:00 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 17:00 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 17:00 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 17:00 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 17:00 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 17:00 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 17:00 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 17:00 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 17:00 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 17:00 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 17:00 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 17:00 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 17:00 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 17:00 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 17:00 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 17:00 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 17:00 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 17:00 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 17:00 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 17:00 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 17:00 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 17:00 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 17:00 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 17:00 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 17:00 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 17:00 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 17:00 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 17:00 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 17:00 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 17:00 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 17:00 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 17:00 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 17:00 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 17:00 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 17:00 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 17:00 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 17:00 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 17:00 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 17:00 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 17:00 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 17:00 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 17:00 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 17:00 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 17:00 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 17:00 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 17:00 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 17:00 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 17:00 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 17:00 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 17:00 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 17:00 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 17:00 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 17:00 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 08:11 - 2015-06-09 08:11 - 00000000 ____D C:\.thumbnails
2015-06-09 08:10 - 2015-06-09 08:11 - 00000000 ____D C:\Camera
2015-06-04 11:08 - 2015-06-04 11:13 - 733177856 _____ C:\Users\Krzysiek\Downloads\Paddington.2014.PLDUB.BRRip.XviD-KiT.avi
2015-06-03 00:04 - 2015-06-03 08:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-30 00:04 - 2014-07-20 13:29 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 00:04 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 00:04 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 00:01 - 2014-07-20 12:55 - 01241973 _____ C:\Windows\WindowsUpdate.log
2015-06-29 23:58 - 2014-07-20 15:40 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-29 23:53 - 2014-07-23 00:18 - 00000000 ___RD C:\Users\Krzysiek\Dropbox
2015-06-29 23:53 - 2014-07-20 13:34 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Dropbox
2015-06-29 23:53 - 2014-05-16 18:06 - 00115523 _____ C:\Windows\setupact.log
2015-06-29 23:52 - 2014-07-22 00:55 - 00000000 ____D C:\Program Files (x86)\Gmail Notifier Pro
2015-06-29 23:51 - 2014-07-20 13:29 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 23:50 - 2014-07-20 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-29 23:50 - 2010-11-21 05:47 - 00125280 _____ C:\Windows\PFRO.log
2015-06-29 23:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-29 23:47 - 2014-08-02 19:42 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Apps\2.0
2015-06-29 23:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 23:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-29 23:42 - 2014-07-20 15:39 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Adobe
2015-06-29 23:15 - 2014-07-20 15:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA.job
2015-06-29 23:06 - 2014-09-24 21:38 - 00000000 ____D C:\AdwCleaner
2015-06-29 22:53 - 2014-07-20 13:40 - 00000000 ____D C:\ProgramData\MFAData
2015-06-29 22:22 - 2014-09-24 21:27 - 00000000 ____D C:\Users\Krzysiek\Downloads\backups
2015-06-29 21:20 - 2015-04-02 22:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Kodi
2015-06-29 21:15 - 2014-07-25 23:48 - 00002278 ____H C:\Users\Krzysiek\Documents\Default.rdp
2015-06-29 20:15 - 2014-07-20 15:41 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core.job
2015-06-27 14:10 - 2014-08-04 20:40 - 00000000 ____D C:\Users\Krzysiek\Desktop\Renia
2015-06-27 11:28 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 09:07 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-27 00:45 - 2014-07-20 22:34 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\uTorrent
2015-06-26 21:08 - 2014-07-23 19:40 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-25 22:44 - 2015-01-17 20:09 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\JetBrains
2015-06-25 22:43 - 2015-01-17 13:37 - 00000000 ____D C:\Users\Krzysiek\Documents\Visual Studio 2013
2015-06-23 23:50 - 2014-08-23 22:43 - 00000000 ____D C:\carcas
2015-06-23 23:13 - 2014-07-20 19:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-23 22:52 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-23 19:58 - 2014-07-20 15:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 19:58 - 2014-07-20 15:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 19:58 - 2014-07-20 15:40 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 19:09 - 2014-07-20 13:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 18:50 - 2014-05-16 17:18 - 01781228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-23 18:50 - 2011-04-12 15:21 - 00777946 _____ C:\Windows\system32\perfh015.dat
2015-06-23 18:50 - 2011-04-12 15:21 - 00168114 _____ C:\Windows\system32\perfc015.dat
2015-06-23 16:49 - 2014-10-26 16:41 - 00001005 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-23 16:49 - 2014-07-20 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-23 16:24 - 2014-07-20 19:43 - 00115856 _____ C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-23 16:23 - 2009-07-14 06:45 - 00441536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-22 21:05 - 2014-07-20 13:29 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 19:01 - 2014-07-22 00:58 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\GmailNotifierPro
2015-06-21 17:10 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-21 12:29 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-20 14:58 - 2015-04-11 13:18 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-20 14:57 - 2015-04-14 01:03 - 00000080 _____ C:\Users\Krzysiek\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-20 14:57 - 2015-04-11 13:17 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-20 13:28 - 2014-08-11 18:40 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-06-20 13:28 - 2014-08-11 18:40 - 00000000 ____D C:\Program Files\paint.net
2015-06-20 13:23 - 2014-07-20 13:30 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Notepad++
2015-06-20 13:23 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-20 12:54 - 2015-03-14 13:59 - 00002533 _____ C:\Users\Krzysiek\Desktop\Tropic Euro.lnk
2015-06-20 12:54 - 2014-07-20 13:30 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-06-20 12:54 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files\Java
2015-06-20 12:54 - 2014-07-20 13:29 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-13 11:05 - 2014-07-20 13:33 - 00002052 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00002050 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00002040 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-12 20:46 - 2014-11-05 16:25 - 00000000 ____D C:\Users\Krzysiek\Documents\My Kindle Content
2015-06-12 20:15 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-12 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 01:31 - 2014-07-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 01:30 - 2014-07-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 22:08 - 2014-07-20 13:37 - 00001853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-11 17:59 - 2009-07-14 07:13 - 01756134 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 17:54 - 2014-07-22 00:58 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\GmailNotifierPro
2015-06-11 17:50 - 2015-04-16 19:21 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 17:50 - 2014-05-16 17:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 17:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 01:14 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2015-06-11 01:07 - 2014-05-16 17:36 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 00:59 - 2014-05-16 17:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 17:35 - 2014-10-14 21:47 - 00000000 ____D C:\Users\Krzysiek\Documents\Moje skanowanie
2015-06-06 22:25 - 2015-05-11 21:22 - 00000000 ____D C:\szkoda
2015-06-03 23:04 - 2014-07-20 15:26 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-03 23:04 - 2014-07-20 15:26 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-03 23:04 - 2014-07-20 13:53 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-03 23:04 - 2014-07-20 13:53 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-03 11:37 - 2014-07-20 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-31 22:12 - 2015-05-28 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 
==================== Files in the root of some directories =======
 
2014-09-02 21:57 - 2014-11-23 21:39 - 0010752 _____ () C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 22:59 - 2015-03-15 00:53 - 0000600 _____ () C:\Users\Krzysiek\AppData\Local\PUTTY.RND
2015-04-21 00:56 - 2015-04-22 00:17 - 0000080 _____ () C:\Users\Krzysiek\AppData\Local\X-Plane Installer.prf
2015-04-22 00:17 - 2015-04-23 18:05 - 0000073 _____ () C:\Users\Krzysiek\AppData\Local\X-Plane_drm.prf
2015-04-21 19:15 - 2015-04-21 19:15 - 0000023 _____ () C:\Users\Krzysiek\AppData\Local\x-plane_install_10.txt
2014-07-20 21:15 - 2014-07-20 21:26 - 0001272 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Krzysiek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe5yzam.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 04 July 2015 - 05:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581322 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 k_gopher

k_gopher
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 04 July 2015 - 05:45 PM

In addition to first post - my second firefox profile (abcd) is not comprmised, only default.

 

New FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Krzysiek (administrator) on BALON on 05-07-2015 00:40:01
Running from C:\Users\Krzysiek\Downloads
Loaded Profiles: Krzysiek (Available Profiles: Krzysiek & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Google Inc.) C:\Users\Krzysiek\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(IntelliBreeze Software) C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe
(Flux Software LLC) C:\Users\Krzysiek\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(XBMC-Foundation) C:\Program Files (x86)\Kodi\Kodi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(BitTorrent Inc.) C:\Users\Krzysiek\AppData\Roaming\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-05-27] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [Google+ Auto Backup] => C:\Users\Krzysiek\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2827072 2014-04-21] (IntelliBreeze Software)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [f.lux] => C:\Users\Krzysiek\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [Dropbox Update] => C:\Users\Krzysiek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
IFEO\taskmgr.exe: [Debugger] "C:\SYSINTERNALS\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{40A84EA6-3705-4EA9-9EB4-B6FE8EF204C1}: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default
FF Homepage: about:home
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Krzysiek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Krzysiek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Krzysiek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Form History Control - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\formhistory@yahoo.com [2015-05-29]
FF Extension: Better Gmail 2 - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\bettergmail2@ginatrapani.org.xpi [2014-07-20]
FF Extension: Ghostery - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\firefox@ghostery.com.xpi [2014-09-11]
FF Extension: Leet Key - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2014-07-20]
FF Extension: BugMeNot Plugin - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-07-20]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-20]
FF Extension: Flash Video Resources Downloader - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\max@subfighter.com [2014-07-20]
FF Extension: Google Toolbar for Firefox - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-07-20]
FF Extension: iMacros for Firefox - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-28]
FF Extension: Plain Text to Link - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21} [2014-07-20]
FF Extension: No Name - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\linky@gemal.dk.xpi [2015-05-31]
FF Extension: New Tabs at the End - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\new-tabs-at-end@forerunnerdesigns.com.xpi [2015-05-28]
FF Extension: No Name - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\searchsite@DW-dev.xpi [2014-07-20]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2015-05-31]
FF Extension: BugMeNot Plugin - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-20]
FF HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Hola Better Internet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-06-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe http://www.sweet-page.com/?type=sc&ts=1411579558&from=cor&uid=ST3500418AS_9VMALQE4XXXX9VMALQE4

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-23] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-05-27] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-20] (Disc Soft Ltd)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Krzysiek\AppData\Local\Temp\tmp16AB.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 00:39 - 2015-07-05 00:39 - 00050477 _____ C:\Users\Krzysiek\Downloads\Defogger.exe
2015-07-05 00:39 - 2015-07-05 00:39 - 00000548 _____ C:\Users\Krzysiek\Downloads\defogger_disable.log
2015-07-05 00:39 - 2015-07-05 00:39 - 00000168 _____ C:\Users\Krzysiek\defogger_reenable
2015-07-01 22:03 - 2015-07-01 22:03 - 00000695 _____ C:\Users\Krzysiek\Desktop\World of Warships.lnk
2015-07-01 22:03 - 2015-07-01 22:03 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-07-01 22:02 - 2015-07-01 22:02 - 07049832 _____ (Wargaming.net ) C:\Users\Krzysiek\Downloads\WoWS_internet_install_eu.exe
2015-06-30 22:27 - 2015-06-30 22:27 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 22:27 - 2015-06-30 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 22:27 - 2015-06-30 22:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 22:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-30 22:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-30 22:26 - 2015-06-30 22:26 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Krzysiek\Downloads\mbam-setup-2.0.3.1025.exe
2015-06-30 22:11 - 2015-06-30 22:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-30 22:11 - 2015-06-30 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-30 22:07 - 2015-06-30 22:07 - 00000000 _____ C:\Windows\system32\REN8807.tmp
2015-06-30 22:06 - 2015-06-30 22:06 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-30 22:05 - 2015-06-30 22:05 - 00000000 _____ C:\Windows\SysWOW64\REND932.tmp
2015-06-30 22:04 - 2015-06-30 22:04 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\Krzysiek\Downloads\readerdc_pl_ha_install.exe
2015-06-30 22:03 - 2015-06-30 22:03 - 00562784 _____ (Oracle Corporation) C:\Users\Krzysiek\Downloads\jre-8u45-windows-i586-iftw.exe
2015-06-30 00:13 - 2015-06-30 00:14 - 00080695 _____ C:\Users\Krzysiek\Downloads\Addition.txt
2015-06-29 23:57 - 2015-07-05 00:40 - 00028033 _____ C:\Users\Krzysiek\Downloads\FRST.txt
2015-06-29 23:57 - 2015-07-05 00:40 - 00000000 ____D C:\FRST
2015-06-29 23:56 - 2015-06-29 23:56 - 02112512 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe
2015-06-29 23:47 - 2015-06-29 23:47 - 00043524 _____ C:\ComboFix.txt
2015-06-29 23:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-29 23:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-29 23:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-29 23:15 - 2015-06-29 23:47 - 00000000 ____D C:\Qoobox
2015-06-29 23:14 - 2015-06-29 23:45 - 00000000 ____D C:\Windows\erdnt
2015-06-29 23:14 - 2015-06-29 23:14 - 05630589 ____R (Swearware) C:\Users\Krzysiek\Downloads\ComboFix.exe
2015-06-29 23:02 - 2015-07-01 06:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 23:02 - 2015-07-01 06:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-29 23:02 - 2015-06-30 22:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-29 23:01 - 2015-06-29 23:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Krzysiek\Downloads\mbar-1.09.1.1004.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 02950645 _____ (Malwarebytes Corporation) C:\Users\Krzysiek\Downloads\JRT.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 02244096 _____ C:\Users\Krzysiek\Downloads\AdwCleaner.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 00000000 ____D C:\Users\Krzysiek\Desktop\mbar
2015-06-29 23:01 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 22:40 - 2015-06-29 22:40 - 00018766 _____ C:\Users\Krzysiek\Desktop\attach.txt
2015-06-29 22:10 - 2015-06-29 22:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Krzysiek\Downloads\HijackThis.exe
2015-06-27 14:09 - 2015-06-27 14:09 - 00141633 _____ C:\Users\Krzysiek\Desktop\watch.htm
2015-06-26 21:07 - 2015-06-26 21:07 - 12459304 _____ ( ) C:\Users\Krzysiek\Downloads\setup_bridge_constructor_medieval_trigger_rev3.exe
2015-06-26 21:07 - 2015-06-26 21:07 - 00000000 ____D C:\Users\Krzysiek\Downloads\resources
2015-06-26 21:07 - 2015-05-15 09:26 - 00001348 _____ C:\Users\Krzysiek\Downloads\setup.ini
2015-06-26 21:07 - 2015-05-15 09:26 - 00000141 _____ C:\Users\Krzysiek\Downloads\sku.sis
2015-06-26 21:07 - 2015-05-14 16:41 - 00194084 _____ C:\Users\Krzysiek\Downloads\splash.tga
2015-06-26 21:07 - 2014-09-05 00:12 - 01750784 _____ (Valve Corporation) C:\Users\Krzysiek\Downloads\Setup.exe
2015-06-26 21:07 - 2014-09-05 00:12 - 01138832 _____ C:\Users\Krzysiek\Downloads\SteamSetup.exe
2015-06-26 21:07 - 2014-09-05 00:12 - 00564416 _____ (Valve Corporation) C:\Users\Krzysiek\Downloads\SteamService.exe
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-25 22:44 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\SymbolSourceSymbols
2015-06-25 22:44 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\RefSrcSymbols
2015-06-24 20:00 - 2015-06-24 20:00 - 01707109 _____ C:\Users\Krzysiek\Downloads\Prezentacja2.pptx
2015-06-23 23:07 - 2015-06-23 23:07 - 03416946 _____ C:\Users\Krzysiek\Downloads\update_2_0_3_5_colbox_kur.exe
2015-06-23 22:59 - 2015-06-23 22:59 - 02069947 _____ C:\Users\Krzysiek\Downloads\Carcassonne_Serialfix_HP.zip
2015-06-23 19:08 - 2015-06-23 19:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:08 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-23 19:08 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-23 18:58 - 2015-06-23 19:03 - 00000000 ____D C:\Users\Krzysiek\Documents\Virtual Machines
2015-06-23 18:53 - 2015-06-24 00:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\VMware
2015-06-23 18:53 - 2015-06-24 00:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\VMware
2015-06-23 18:51 - 2015-05-27 15:59 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-06-23 18:51 - 2015-05-27 15:59 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-06-23 18:51 - 2015-05-27 15:59 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-06-23 18:51 - 2015-05-27 15:58 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-06-23 18:51 - 2015-05-27 15:58 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-06-23 18:51 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-06-23 18:51 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-06-23 18:51 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-06-23 18:50 - 2015-06-23 18:50 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-06-23 18:50 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-06-23 18:49 - 2015-07-04 11:12 - 00000000 ____D C:\ProgramData\VMware
2015-06-23 18:49 - 2015-06-23 18:49 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-06-23 18:49 - 2015-06-23 18:49 - 00000000 ____D C:\Program Files (x86)\VMware
2015-06-23 18:46 - 2015-06-23 18:47 - 307860770 _____ C:\Users\Krzysiek\Downloads\Workstation.11.1.1.2771112.rar
2015-06-23 18:40 - 2015-06-23 18:41 - 111273672 _____ (Oracle Corporation) C:\Users\Krzysiek\Downloads\VirtualBox-4.3.28-100309-Win.exe
2015-06-21 13:44 - 2015-06-21 13:44 - 00762368 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź 1 Bałuty (1).xls
2015-06-20 13:33 - 2015-06-20 13:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Sublime Text 3
2015-06-20 13:33 - 2015-06-20 13:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Sublime Text 3
2015-06-20 13:30 - 2015-06-20 13:30 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-06-20 13:30 - 2015-06-20 13:30 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-06-20 12:54 - 2015-06-20 12:54 - 00000000 _____ C:\Windows\SysWOW64\REN9636.tmp
2015-06-20 12:51 - 2015-06-20 12:51 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\NuGet
2015-06-20 12:50 - 2015-06-20 12:55 - 00000000 ____D C:\ProgramData\chocolatey
2015-06-19 19:20 - 2015-06-19 19:20 - 00061440 _____ C:\Users\Krzysiek\Downloads\Vorschlag_Polkowice1.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00806912 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Wągrowiec.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00805888 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen_Łódź Widzew.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00740864 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Konstantynów Łódzki.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00059904 _____ C:\Users\Krzysiek\Downloads\Vorschlag_Polkowice.xls
2015-06-19 19:18 - 2015-06-19 19:18 - 00796672 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź 1 Bałuty.xls
2015-06-19 19:18 - 2015-06-19 19:18 - 00779776 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź Dąbrowa.xls
2015-06-19 19:17 - 2015-06-19 19:17 - 00089600 _____ C:\Users\Krzysiek\Downloads\Kopia Alphaliste_TERAZ.xls
2015-06-19 19:17 - 2015-06-19 19:17 - 00089600 _____ C:\Users\Krzysiek\Downloads\Kopia Alphaliste_TERAZ (1).xls
2015-06-19 19:16 - 2015-06-19 19:16 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź (2).xlsx
2015-06-19 19:15 - 2015-06-19 19:15 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź.xlsx
2015-06-19 19:15 - 2015-06-19 19:15 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź (1).xlsx
2015-06-19 19:06 - 2015-06-19 19:08 - 00000000 ____D C:\Users\Krzysiek\Desktop\grzes zdjecia
2015-06-19 18:04 - 2015-06-19 18:04 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-19 18:02 - 2015-07-05 00:07 - 00001174 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA.job
2015-06-19 18:02 - 2015-07-04 18:07 - 00001122 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core.job
2015-06-19 18:02 - 2015-06-19 18:02 - 00004154 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA
2015-06-19 18:02 - 2015-06-19 18:02 - 00003758 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core
2015-06-19 18:02 - 2015-06-19 18:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Dropbox
2015-06-19 18:02 - 2015-06-19 18:02 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-06-13 11:11 - 2015-06-13 11:11 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-12 20:45 - 2015-06-12 20:46 - 00647975 _____ C:\Users\Krzysiek\Downloads\Ziarno prawdy - Zygmunt Miloszewski.mobi
2015-06-11 22:08 - 2015-06-11 22:08 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 17:01 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 17:01 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 17:01 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 17:01 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 17:01 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 17:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 17:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 17:01 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 17:01 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 17:01 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 17:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 17:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 17:01 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 17:00 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 17:00 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 17:00 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 17:00 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 17:00 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 17:00 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 17:00 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 17:00 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 17:00 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 17:00 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 17:00 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 17:00 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 17:00 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 17:00 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 17:00 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 17:00 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 17:00 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 17:00 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 17:00 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 17:00 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:00 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 17:00 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 17:00 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 17:00 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 17:00 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 17:00 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 17:00 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 17:00 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 17:00 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 17:00 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 17:00 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 17:00 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 17:00 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 17:00 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 17:00 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 17:00 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 17:00 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 17:00 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 17:00 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 17:00 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 17:00 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 17:00 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 17:00 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 17:00 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 17:00 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 17:00 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 17:00 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 17:00 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 17:00 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 17:00 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 17:00 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 17:00 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 17:00 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 17:00 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 17:00 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 17:00 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 17:00 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 17:00 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 17:00 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 17:00 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 17:00 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 17:00 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 17:00 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 17:00 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 17:00 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 17:00 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 17:00 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 17:00 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 17:00 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 17:00 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 17:00 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 17:00 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 17:00 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 16:38 - 2015-06-10 16:38 - 00226784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-06-09 08:11 - 2015-06-09 08:11 - 00000000 ____D C:\.thumbnails
2015-06-09 08:10 - 2015-06-09 08:11 - 00000000 ____D C:\Camera

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 00:39 - 2014-07-20 13:02 - 00000000 ____D C:\Users\Krzysiek
2015-07-05 00:36 - 2014-07-20 22:34 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\uTorrent
2015-07-05 00:15 - 2014-07-20 15:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA.job
2015-07-05 00:04 - 2014-07-20 13:29 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-04 23:58 - 2014-07-20 15:40 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-04 23:04 - 2014-07-20 13:40 - 00000000 ____D C:\ProgramData\MFAData
2015-07-04 20:15 - 2014-07-20 15:41 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core.job
2015-07-04 19:54 - 2014-07-20 12:55 - 01408697 _____ C:\Windows\WindowsUpdate.log
2015-07-04 16:43 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-04 16:43 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-04 14:04 - 2014-07-20 13:29 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-04 11:35 - 2015-04-02 22:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Kodi
2015-07-04 11:14 - 2014-05-16 18:06 - 00117035 _____ C:\Windows\setupact.log
2015-07-04 11:13 - 2014-07-23 00:18 - 00000000 ___RD C:\Users\Krzysiek\Dropbox
2015-07-04 11:13 - 2014-07-20 13:34 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Dropbox
2015-07-04 11:12 - 2014-07-22 00:55 - 00000000 ____D C:\Program Files (x86)\Gmail Notifier Pro
2015-07-04 11:11 - 2014-07-20 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-04 11:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-04 11:09 - 2014-10-26 16:41 - 00001005 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-04 11:09 - 2014-07-20 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-04 10:58 - 2015-06-03 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-04 10:58 - 2014-07-20 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 10:58 - 2010-11-21 05:47 - 00131054 _____ C:\Windows\PFRO.log
2015-07-03 21:14 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-03 01:42 - 2014-07-25 23:48 - 00002278 ____H C:\Users\Krzysiek\Documents\Default.rdp
2015-07-01 22:02 - 2014-09-27 22:14 - 00000000 ____D C:\Games
2015-07-01 06:02 - 2014-08-12 23:42 - 00000000 ____D C:\Windows\Sun
2015-06-30 22:11 - 2015-03-14 13:59 - 00002533 _____ C:\Users\Krzysiek\Desktop\Tropic Euro.lnk
2015-06-30 22:10 - 2014-07-20 13:29 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 23:47 - 2014-08-02 19:42 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Apps\2.0
2015-06-29 23:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 23:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-29 23:42 - 2014-07-20 15:39 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Adobe
2015-06-29 23:06 - 2014-09-24 21:38 - 00000000 ____D C:\AdwCleaner
2015-06-29 22:22 - 2014-09-24 21:27 - 00000000 ____D C:\Users\Krzysiek\Downloads\backups
2015-06-27 14:10 - 2014-08-04 20:40 - 00000000 ____D C:\Users\Krzysiek\Desktop\Renia
2015-06-27 09:07 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-26 21:08 - 2014-07-23 19:40 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-25 22:44 - 2015-01-17 20:09 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\JetBrains
2015-06-25 22:43 - 2015-01-17 13:37 - 00000000 ____D C:\Users\Krzysiek\Documents\Visual Studio 2013
2015-06-23 23:50 - 2014-08-23 22:43 - 00000000 ____D C:\carcas
2015-06-23 23:13 - 2014-07-20 19:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-23 22:52 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-23 19:58 - 2014-07-20 15:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 19:58 - 2014-07-20 15:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 19:58 - 2014-07-20 15:40 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 19:09 - 2014-07-20 13:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 18:50 - 2014-05-16 17:18 - 01781228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-23 18:50 - 2011-04-12 15:21 - 00777946 _____ C:\Windows\system32\perfh015.dat
2015-06-23 18:50 - 2011-04-12 15:21 - 00168114 _____ C:\Windows\system32\perfc015.dat
2015-06-23 16:24 - 2014-07-20 19:43 - 00115856 _____ C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-23 16:23 - 2009-07-14 06:45 - 00441536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-22 21:05 - 2014-07-20 13:29 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 19:01 - 2014-07-22 00:58 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\GmailNotifierPro
2015-06-21 17:10 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-21 12:29 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-20 14:58 - 2015-04-11 13:18 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-20 14:57 - 2015-04-14 01:03 - 00000080 _____ C:\Users\Krzysiek\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-20 14:57 - 2015-04-11 13:17 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-20 13:28 - 2014-08-11 18:40 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-06-20 13:28 - 2014-08-11 18:40 - 00000000 ____D C:\Program Files\paint.net
2015-06-20 13:23 - 2014-07-20 13:30 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Notepad++
2015-06-20 13:23 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-13 11:05 - 2014-07-20 13:33 - 00002052 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00002050 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00002040 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-12 20:46 - 2014-11-05 16:25 - 00000000 ____D C:\Users\Krzysiek\Documents\My Kindle Content
2015-06-12 20:15 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-12 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 01:31 - 2014-07-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 01:30 - 2014-07-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 22:08 - 2014-07-20 13:37 - 00001853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-11 17:59 - 2009-07-14 07:13 - 01756134 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 17:54 - 2014-07-22 00:58 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\GmailNotifierPro
2015-06-11 17:50 - 2015-04-16 19:21 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 17:50 - 2014-05-16 17:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 17:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 01:14 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2015-06-11 01:07 - 2014-05-16 17:36 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 00:59 - 2014-05-16 17:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 17:35 - 2014-10-14 21:47 - 00000000 ____D C:\Users\Krzysiek\Documents\Moje skanowanie
2015-06-06 22:25 - 2015-05-11 21:22 - 00000000 ____D C:\szkoda

==================== Files in the root of some directories =======

2014-09-02 21:57 - 2014-11-23 21:39 - 0010752 _____ () C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 22:59 - 2015-03-15 00:53 - 0000600 _____ () C:\Users\Krzysiek\AppData\Local\PUTTY.RND
2015-04-21 00:56 - 2015-04-22 00:17 - 0000080 _____ () C:\Users\Krzysiek\AppData\Local\X-Plane Installer.prf
2015-04-22 00:17 - 2015-04-23 18:05 - 0000073 _____ () C:\Users\Krzysiek\AppData\Local\X-Plane_drm.prf
2015-04-21 19:15 - 2015-04-21 19:15 - 0000023 _____ () C:\Users\Krzysiek\AppData\Local\x-plane_install_10.txt
2014-07-20 21:15 - 2014-07-20 21:26 - 0001272 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Krzysiek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm9i0j5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 23:19

==================== End of log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 05 July 2015 - 07:34 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
IFEO\taskmgr.exe: [Debugger] "C:\SYSINTERNALS\PROCEXP.EXE"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe http://www.sweet-page.com/?type=sc&ts=1411579558&from=cor&uid=ST3500418AS_9VMALQE4XXXX9VMALQE4
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Krzysiek\AppData\Local\Temp\tmp16AB.tmp [X]
AlternateDataStreams: C:\ProgramData\TEMP:10F6E97E
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#5 k_gopher

k_gopher
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 05 July 2015 - 03:47 PM

No luck. Default firefox profile is redirecting images.google.com->tfnl.com, second (and all other browsers) - not. Network settings are the same in both profiles, so I am excluding possilibty of fake DNS. I'm attaching fixlog from FRST and AdwCleaner, screenshots showing the redirection, and new FRST scan.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Krzysiek at 2015-07-05 18:18:44 Run:1
Running from C:\Users\Krzysiek\Downloads
Loaded Profiles: Krzysiek (Available Profiles: Krzysiek & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
IFEO\taskmgr.exe: [Debugger] "C:\SYSINTERNALS\PROCEXP.EXE"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe http://www.sweet-page.com/?type=sc&ts=1411579558&from=cor&uid=ST3500418AS_9VMALQE4XXXX9VMALQE4
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Krzysiek\AppData\Local\Temp\tmp16AB.tmp [X]
AlternateDataStreams: C:\ProgramData\TEMP:10F6E97E
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
catchme => Service removed successfully
VGPU => Service removed successfully
WinRing0_1_2_0 => Service removed successfully
C:\ProgramData\TEMP => ":10F6E97E" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.


The system needed a reboot..

==== End of Fixlog 18:19:16 ====

 

# AdwCleaner v4.207 - Utworzono raport 05/07/2015 o 18:27:32
# Ostatnia aktualizacja 21/06/2015 przez Xplode
# Baza danych : 2015-07-05.2 [Serwer]
# System operacyjny : Windows 7 Ultimate Service Pack 1 (x64)
# Nazwa u┐ytkownika : Krzysiek - BALON
# Uruchomiony z : C:\Users\Krzysiek\Downloads\AdwCleaner.exe
# Dzia│anie : Usu˝

***** [ Us│ugi ] *****


***** [ Pliki / Foldery ] *****

Plik usuniŕto : C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\linky@gemal.dk.xpi

***** [ Zaplanowane zadania ] *****


***** [ Skrˇty ] *****


***** [ Rejestr ] *****

Klucz usuniŕto : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Klucz usuniŕto : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Klucz usuniŕto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Przegl╣darki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 pl)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [9403 bajty] - [24/09/2014 21:38:40]
AdwCleaner[R1].txt - [2772 bajty] - [29/06/2015 23:02:25]
AdwCleaner[R2].txt - [1524 bajty] - [05/07/2015 18:24:57]
AdwCleaner[S0].txt - [7225 bajty] - [24/09/2014 21:40:30]
AdwCleaner[S1].txt - [2697 bajty] - [29/06/2015 23:05:43]
AdwCleaner[S2].txt - [1431 bajty] - [05/07/2015 18:27:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1490  bajty] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Krzysiek (administrator) on BALON on 05-07-2015 22:36:07
Running from C:\Users\Krzysiek\Downloads
Loaded Profiles: Krzysiek (Available Profiles: Krzysiek & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Google Inc.) C:\Users\Krzysiek\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(IntelliBreeze Software) C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe
(Flux Software LLC) C:\Users\Krzysiek\AppData\Local\FluxSoftware\Flux\flux.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dropbox, Inc.) C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-05-27] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [Google+ Auto Backup] => C:\Users\Krzysiek\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2827072 2014-04-21] (IntelliBreeze Software)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [f.lux] => C:\Users\Krzysiek\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Run: [Dropbox Update] => C:\Users\Krzysiek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Krzysiek\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{40A84EA6-3705-4EA9-9EB4-B6FE8EF204C1}: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\1a2j2312.default
FF Homepage: about:home
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Krzysiek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Krzysiek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1273147595-1044900121-2350154023-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Krzysiek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Flash Video Resources Downloader - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\max@subfighter.com [2014-07-20]
FF Extension: Google Toolbar for Firefox - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-07-20]
FF Extension: iMacros for Firefox - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-28]
FF Extension: Plain Text to Link - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21} [2014-07-20]
FF Extension: New Tabs at the End - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\new-tabs-at-end@forerunnerdesigns.com.xpi [2015-05-28]
FF Extension: Search Site - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\searchsite@DW-dev.xpi [2014-07-20]
FF Extension: Leet Key - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2015-05-31]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\ycrc01tu.abcd\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-20]
FF HKU\S-1-5-21-1273147595-1044900121-2350154023-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Hola Better Internet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-06-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-23] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-05-27] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-20] (Disc Soft Ltd)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 00:39 - 2015-07-05 00:39 - 00050477 _____ C:\Users\Krzysiek\Downloads\Defogger.exe
2015-07-05 00:39 - 2015-07-05 00:39 - 00000548 _____ C:\Users\Krzysiek\Downloads\defogger_disable.log
2015-07-05 00:39 - 2015-07-05 00:39 - 00000168 _____ C:\Users\Krzysiek\defogger_reenable
2015-07-01 22:03 - 2015-07-01 22:03 - 00000695 _____ C:\Users\Krzysiek\Desktop\World of Warships.lnk
2015-07-01 22:03 - 2015-07-01 22:03 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-07-01 22:02 - 2015-07-01 22:02 - 07049832 _____ (Wargaming.net ) C:\Users\Krzysiek\Downloads\WoWS_internet_install_eu.exe
2015-06-30 22:27 - 2015-06-30 22:27 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 22:27 - 2015-06-30 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 22:27 - 2015-06-30 22:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 22:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-30 22:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-30 22:26 - 2015-06-30 22:26 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Krzysiek\Downloads\mbam-setup-2.0.3.1025.exe
2015-06-30 22:11 - 2015-06-30 22:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-30 22:11 - 2015-06-30 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-30 22:07 - 2015-06-30 22:07 - 00000000 _____ C:\Windows\system32\REN8807.tmp
2015-06-30 22:06 - 2015-06-30 22:06 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-30 22:05 - 2015-06-30 22:05 - 00000000 _____ C:\Windows\SysWOW64\REND932.tmp
2015-06-30 22:04 - 2015-06-30 22:04 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\Krzysiek\Downloads\readerdc_pl_ha_install.exe
2015-06-30 22:03 - 2015-06-30 22:03 - 00562784 _____ (Oracle Corporation) C:\Users\Krzysiek\Downloads\jre-8u45-windows-i586-iftw.exe
2015-06-30 00:13 - 2015-07-05 00:41 - 00085152 _____ C:\Users\Krzysiek\Downloads\Addition.txt
2015-06-29 23:57 - 2015-07-05 22:36 - 00026481 _____ C:\Users\Krzysiek\Downloads\FRST.txt
2015-06-29 23:57 - 2015-07-05 22:36 - 00000000 ____D C:\FRST
2015-06-29 23:56 - 2015-06-29 23:56 - 02112512 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe
2015-06-29 23:47 - 2015-06-29 23:47 - 00043524 _____ C:\ComboFix.txt
2015-06-29 23:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-29 23:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-29 23:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-29 23:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-29 23:15 - 2015-06-29 23:47 - 00000000 ____D C:\Qoobox
2015-06-29 23:14 - 2015-06-29 23:45 - 00000000 ____D C:\Windows\erdnt
2015-06-29 23:14 - 2015-06-29 23:14 - 05630589 ____R (Swearware) C:\Users\Krzysiek\Downloads\ComboFix.exe
2015-06-29 23:02 - 2015-07-01 06:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 23:02 - 2015-07-01 06:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-29 23:02 - 2015-06-30 22:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-29 23:01 - 2015-06-29 23:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Krzysiek\Downloads\mbar-1.09.1.1004.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 02950645 _____ (Malwarebytes Corporation) C:\Users\Krzysiek\Downloads\JRT.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 02244096 _____ C:\Users\Krzysiek\Downloads\AdwCleaner.exe
2015-06-29 23:01 - 2015-06-29 23:01 - 00000000 ____D C:\Users\Krzysiek\Desktop\mbar
2015-06-29 23:01 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 22:40 - 2015-06-29 22:40 - 00018766 _____ C:\Users\Krzysiek\Desktop\attach.txt
2015-06-29 22:10 - 2015-06-29 22:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Krzysiek\Downloads\HijackThis.exe
2015-06-27 14:09 - 2015-06-27 14:09 - 00141633 _____ C:\Users\Krzysiek\Desktop\watch.htm
2015-06-26 21:07 - 2015-06-26 21:07 - 12459304 _____ ( ) C:\Users\Krzysiek\Downloads\setup_bridge_constructor_medieval_trigger_rev3.exe
2015-06-26 21:07 - 2015-06-26 21:07 - 00000000 ____D C:\Users\Krzysiek\Downloads\resources
2015-06-26 21:07 - 2015-05-15 09:26 - 00001348 _____ C:\Users\Krzysiek\Downloads\setup.ini
2015-06-26 21:07 - 2015-05-15 09:26 - 00000141 _____ C:\Users\Krzysiek\Downloads\sku.sis
2015-06-26 21:07 - 2015-05-14 16:41 - 00194084 _____ C:\Users\Krzysiek\Downloads\splash.tga
2015-06-26 21:07 - 2014-09-05 00:12 - 01750784 _____ (Valve Corporation) C:\Users\Krzysiek\Downloads\Setup.exe
2015-06-26 21:07 - 2014-09-05 00:12 - 01138832 _____ C:\Users\Krzysiek\Downloads\SteamSetup.exe
2015-06-26 21:07 - 2014-09-05 00:12 - 00564416 _____ (Valve Corporation) C:\Users\Krzysiek\Downloads\SteamService.exe
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-25 22:44 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\SymbolSourceSymbols
2015-06-25 22:44 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\RefSrcSymbols
2015-06-24 20:00 - 2015-06-24 20:00 - 01707109 _____ C:\Users\Krzysiek\Downloads\Prezentacja2.pptx
2015-06-23 23:07 - 2015-06-23 23:07 - 03416946 _____ C:\Users\Krzysiek\Downloads\update_2_0_3_5_colbox_kur.exe
2015-06-23 22:59 - 2015-06-23 22:59 - 02069947 _____ C:\Users\Krzysiek\Downloads\Carcassonne_Serialfix_HP.zip
2015-06-23 19:08 - 2015-06-23 19:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:08 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-23 19:08 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-23 18:58 - 2015-06-23 19:03 - 00000000 ____D C:\Users\Krzysiek\Documents\Virtual Machines
2015-06-23 18:53 - 2015-06-24 00:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\VMware
2015-06-23 18:53 - 2015-06-24 00:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\VMware
2015-06-23 18:51 - 2015-05-27 15:59 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-06-23 18:51 - 2015-05-27 15:59 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-06-23 18:51 - 2015-05-27 15:59 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-06-23 18:51 - 2015-05-27 15:58 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-06-23 18:51 - 2015-05-27 15:58 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-06-23 18:51 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-06-23 18:51 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-06-23 18:51 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-06-23 18:50 - 2015-06-23 18:50 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-06-23 18:50 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-06-23 18:49 - 2015-07-05 22:11 - 00000000 ____D C:\ProgramData\VMware
2015-06-23 18:49 - 2015-06-23 18:49 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-06-23 18:49 - 2015-06-23 18:49 - 00000000 ____D C:\Program Files (x86)\VMware
2015-06-23 18:46 - 2015-06-23 18:47 - 307860770 _____ C:\Users\Krzysiek\Downloads\Workstation.11.1.1.2771112.rar
2015-06-23 18:40 - 2015-06-23 18:41 - 111273672 _____ (Oracle Corporation) C:\Users\Krzysiek\Downloads\VirtualBox-4.3.28-100309-Win.exe
2015-06-21 13:44 - 2015-06-21 13:44 - 00762368 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź 1 Bałuty (1).xls
2015-06-20 13:33 - 2015-06-20 13:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Sublime Text 3
2015-06-20 13:33 - 2015-06-20 13:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Sublime Text 3
2015-06-20 13:30 - 2015-06-20 13:30 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-06-20 13:30 - 2015-06-20 13:30 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-06-20 12:54 - 2015-06-20 12:54 - 00000000 _____ C:\Windows\SysWOW64\REN9636.tmp
2015-06-20 12:51 - 2015-06-20 12:51 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\NuGet
2015-06-20 12:50 - 2015-06-20 12:55 - 00000000 ____D C:\ProgramData\chocolatey
2015-06-19 19:20 - 2015-06-19 19:20 - 00061440 _____ C:\Users\Krzysiek\Downloads\Vorschlag_Polkowice1.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00806912 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Wągrowiec.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00805888 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen_Łódź Widzew.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00740864 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Konstantynów Łódzki.xls
2015-06-19 19:19 - 2015-06-19 19:19 - 00059904 _____ C:\Users\Krzysiek\Downloads\Vorschlag_Polkowice.xls
2015-06-19 19:18 - 2015-06-19 19:18 - 00796672 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź 1 Bałuty.xls
2015-06-19 19:18 - 2015-06-19 19:18 - 00779776 _____ C:\Users\Krzysiek\Downloads\EzG_4_Systematik_DB_mit_Aufkleber_mit_Eingabemaske_inkl._Expansionen _Łódź Dąbrowa.xls
2015-06-19 19:17 - 2015-06-19 19:17 - 00089600 _____ C:\Users\Krzysiek\Downloads\Kopia Alphaliste_TERAZ.xls
2015-06-19 19:17 - 2015-06-19 19:17 - 00089600 _____ C:\Users\Krzysiek\Downloads\Kopia Alphaliste_TERAZ (1).xls
2015-06-19 19:16 - 2015-06-19 19:16 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź (2).xlsx
2015-06-19 19:15 - 2015-06-19 19:15 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź.xlsx
2015-06-19 19:15 - 2015-06-19 19:15 - 00024503 _____ C:\Users\Krzysiek\Downloads\Ortsliste_Łódź (1).xlsx
2015-06-19 19:06 - 2015-06-19 19:08 - 00000000 ____D C:\Users\Krzysiek\Desktop\grzes zdjecia
2015-06-19 18:04 - 2015-06-19 18:04 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-19 18:02 - 2015-07-05 22:07 - 00001174 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA.job
2015-06-19 18:02 - 2015-07-04 18:07 - 00001122 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core.job
2015-06-19 18:02 - 2015-06-19 18:02 - 00004154 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA
2015-06-19 18:02 - 2015-06-19 18:02 - 00003758 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core
2015-06-19 18:02 - 2015-06-19 18:02 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Dropbox
2015-06-19 18:02 - 2015-06-19 18:02 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-06-13 11:11 - 2015-06-13 11:11 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-12 20:45 - 2015-06-12 20:46 - 00647975 _____ C:\Users\Krzysiek\Downloads\Ziarno prawdy - Zygmunt Miloszewski.mobi
2015-06-11 22:08 - 2015-06-11 22:08 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 17:01 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 17:01 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 17:01 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 17:01 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 17:01 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 17:01 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 17:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 17:01 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 17:01 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 17:01 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 17:01 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 17:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 17:01 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 17:01 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 17:00 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 17:00 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 17:00 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 17:00 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 17:00 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 17:00 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 17:00 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 17:00 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 17:00 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 17:00 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 17:00 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 17:00 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 17:00 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 17:00 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 17:00 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 17:00 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 17:00 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 17:00 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 17:00 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 17:00 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 17:00 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 17:00 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 17:00 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 17:00 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 17:00 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 17:00 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:00 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:00 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 17:00 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 17:00 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 17:00 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 17:00 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 17:00 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 17:00 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 17:00 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 17:00 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 17:00 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 17:00 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 17:00 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 17:00 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 17:00 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 17:00 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 17:00 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 17:00 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 17:00 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 17:00 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 17:00 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 17:00 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 17:00 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 17:00 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 17:00 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 17:00 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 17:00 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 17:00 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 17:00 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 17:00 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 17:00 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 17:00 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 17:00 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 17:00 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 17:00 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 17:00 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 17:00 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 17:00 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 17:00 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 17:00 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 17:00 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 17:00 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 17:00 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 17:00 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 17:00 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 17:00 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 17:00 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 17:00 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 17:00 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 17:00 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 17:00 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 17:00 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 17:00 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 17:00 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 17:00 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 17:00 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 16:38 - 2015-06-10 16:38 - 00226784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-06-09 08:11 - 2015-06-09 08:11 - 00000000 ____D C:\.thumbnails
2015-06-09 08:10 - 2015-06-09 08:11 - 00000000 ____D C:\Camera

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 22:22 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-05 22:22 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-05 22:17 - 2014-07-20 12:55 - 01449840 _____ C:\Windows\WindowsUpdate.log
2015-07-05 22:15 - 2014-07-20 15:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001UA.job
2015-07-05 22:13 - 2014-05-16 18:06 - 00118043 _____ C:\Windows\setupact.log
2015-07-05 22:12 - 2014-07-23 00:18 - 00000000 ___RD C:\Users\Krzysiek\Dropbox
2015-07-05 22:12 - 2014-07-20 13:34 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Dropbox
2015-07-05 22:11 - 2014-07-22 00:55 - 00000000 ____D C:\Program Files (x86)\Gmail Notifier Pro
2015-07-05 22:10 - 2014-07-20 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-05 22:10 - 2014-07-20 13:29 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 22:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-05 22:04 - 2014-07-20 13:29 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 21:58 - 2014-07-20 15:40 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 20:15 - 2014-07-20 15:41 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1273147595-1044900121-2350154023-1001Core.job
2015-07-05 18:36 - 2015-04-02 22:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Kodi
2015-07-05 18:27 - 2014-09-24 21:38 - 00000000 ____D C:\AdwCleaner
2015-07-05 11:35 - 2014-07-20 13:40 - 00000000 ____D C:\ProgramData\MFAData
2015-07-05 02:01 - 2014-07-20 22:34 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\uTorrent
2015-07-05 00:39 - 2014-07-20 13:02 - 00000000 ____D C:\Users\Krzysiek
2015-07-04 11:09 - 2014-10-26 16:41 - 00001005 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-04 11:09 - 2014-07-20 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-04 10:58 - 2015-06-03 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-04 10:58 - 2014-07-20 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 10:58 - 2010-11-21 05:47 - 00131054 _____ C:\Windows\PFRO.log
2015-07-03 21:14 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-03 01:42 - 2014-07-25 23:48 - 00002278 ____H C:\Users\Krzysiek\Documents\Default.rdp
2015-07-01 22:02 - 2014-09-27 22:14 - 00000000 ____D C:\Games
2015-07-01 06:02 - 2014-08-12 23:42 - 00000000 ____D C:\Windows\Sun
2015-06-30 22:11 - 2015-03-14 13:59 - 00002533 _____ C:\Users\Krzysiek\Desktop\Tropic Euro.lnk
2015-06-30 22:10 - 2014-07-20 13:29 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 23:47 - 2014-08-02 19:42 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Apps\2.0
2015-06-29 23:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 23:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-29 23:42 - 2014-07-20 15:39 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Adobe
2015-06-29 22:22 - 2014-09-24 21:27 - 00000000 ____D C:\Users\Krzysiek\Downloads\backups
2015-06-27 14:10 - 2014-08-04 20:40 - 00000000 ____D C:\Users\Krzysiek\Desktop\Renia
2015-06-27 09:07 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-26 21:08 - 2014-07-23 19:40 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-25 22:44 - 2015-01-17 20:09 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\JetBrains
2015-06-25 22:43 - 2015-01-17 13:37 - 00000000 ____D C:\Users\Krzysiek\Documents\Visual Studio 2013
2015-06-23 23:50 - 2014-08-23 22:43 - 00000000 ____D C:\carcas
2015-06-23 23:13 - 2014-07-20 19:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-23 22:52 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-23 19:58 - 2014-07-20 15:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 19:58 - 2014-07-20 15:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 19:58 - 2014-07-20 15:40 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 19:09 - 2014-07-20 13:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 18:50 - 2014-05-16 17:18 - 01781228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-23 18:50 - 2011-04-12 15:21 - 00777946 _____ C:\Windows\system32\perfh015.dat
2015-06-23 18:50 - 2011-04-12 15:21 - 00168114 _____ C:\Windows\system32\perfc015.dat
2015-06-23 16:24 - 2014-07-20 19:43 - 00115856 _____ C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-23 16:23 - 2009-07-14 06:45 - 00441536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-22 21:05 - 2014-07-20 13:29 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 19:01 - 2014-07-22 00:58 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\GmailNotifierPro
2015-06-21 17:10 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-21 12:29 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-20 14:58 - 2015-04-11 13:18 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-20 14:57 - 2015-04-14 01:03 - 00000080 _____ C:\Users\Krzysiek\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-20 14:57 - 2015-04-11 13:17 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-20 13:28 - 2014-08-11 18:40 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-06-20 13:28 - 2014-08-11 18:40 - 00000000 ____D C:\Program Files\paint.net
2015-06-20 13:23 - 2014-07-20 13:30 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Notepad++
2015-06-20 13:23 - 2014-07-20 13:30 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-13 11:05 - 2014-07-20 13:33 - 00002052 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00002050 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00002040 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-13 11:05 - 2014-07-20 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-12 20:46 - 2014-11-05 16:25 - 00000000 ____D C:\Users\Krzysiek\Documents\My Kindle Content
2015-06-12 20:15 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-12 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 01:31 - 2014-07-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 01:30 - 2014-07-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 22:08 - 2014-07-20 13:37 - 00001853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-11 17:59 - 2009-07-14 07:13 - 01756134 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 17:54 - 2014-07-22 00:58 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\GmailNotifierPro
2015-06-11 17:50 - 2015-04-16 19:21 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 17:50 - 2014-05-16 17:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 17:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 01:14 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2015-06-11 01:07 - 2014-05-16 17:36 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 00:59 - 2014-05-16 17:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 17:35 - 2014-10-14 21:47 - 00000000 ____D C:\Users\Krzysiek\Documents\Moje skanowanie
2015-06-06 22:25 - 2015-05-11 21:22 - 00000000 ____D C:\szkoda

==================== Files in the root of some directories =======

2014-09-02 21:57 - 2014-11-23 21:39 - 0010752 _____ () C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 22:59 - 2015-03-15 00:53 - 0000600 _____ () C:\Users\Krzysiek\AppData\Local\PUTTY.RND
2015-04-21 00:56 - 2015-04-22 00:17 - 0000080 _____ () C:\Users\Krzysiek\AppData\Local\X-Plane Installer.prf
2015-04-22 00:17 - 2015-04-23 18:05 - 0000073 _____ () C:\Users\Krzysiek\AppData\Local\X-Plane_drm.prf
2015-04-21 19:15 - 2015-04-21 19:15 - 0000023 _____ () C:\Users\Krzysiek\AppData\Local\x-plane_install_10.txt
2014-07-20 21:15 - 2014-07-20 21:26 - 0001272 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Krzysiek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjv2bzf.dll
C:\Users\Krzysiek\AppData\Local\Temp\Quarantine.exe
C:\Users\Krzysiek\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 23:19

==================== End of log ============================
 

Attached Files


Edited by k_gopher, 05 July 2015 - 03:48 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 06 July 2015 - 06:59 AM

Try this.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Keep me posted.

#7 k_gopher

k_gopher
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 July 2015 - 11:57 AM

Deleting browser history solved the problem. Thanks for help



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 06 July 2015 - 12:19 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 12 July 2015 - 06:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users