Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads from adk2x instead of embed videos


  • This topic is locked This topic is locked
6 replies to this topic

#1 Nathanielxd

Nathanielxd

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 04 April 2016 - 04:13 PM

Hello!

 

I have the same problem as in those topics:

http://www.bleepingcomputer.com/forums/t/608508/banner-ads-from-adk2x-interfering-with-websites/

http://www.bleepingcomputer.com/forums/t/608679/adk2x-reinstalled-windows-and-its-still-there/

 

I am getting ads in some of the websites that I visit. 

Websites should show videos, but the only thing I see is the ad instead of video.

 
 

Browsers affected:

Google Chrome 49.0.2623.110 m (my main browser), Mozilla Firefox, Microsoft Edge

 

Browsers not affected:

Internet Explorer

 

I have Windows 10 Pro 64-bit.

I have three computer in my home wifi network - only this one is infected. 

I have used Malwarebytes Anti-Malware, Junkware Removal Tool, CCleaner, Adwcleaner, ESET Online Scanner, 360 Total Security.

(programs cleaned something but the problem remain).

 

I attached Addition.txt in attach files.

 

Here's a log from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Nathaniel (administrator) on DESKTOP-2KT20LR (04-04-2016 23:00:50)
Running from C:\Users\Nathaniel\Downloads
Loaded Profiles: Nathaniel (Available Profiles: Nathaniel)
Platform: Windows 10 Pro (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\NapiProjekt\napisy.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16719_none_11647d1561f368c0\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Nathaniel\Downloads\EnglishFRST64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3458728 2015-07-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [334304 2016-03-10] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\Run: [CreativeTaskScheduler] => C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-08-15] (BitTorrent, Inc.)
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\RunOnce: [Uninstall C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\RunOnce: [Uninstall C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\RunOnce: [Uninstall C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\RunOnce: [Uninstall C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\RunOnce: [Uninstall C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\RunOnce: [Uninstall C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathaniel\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\MountPoints2: {570f6b18-4381-11e5-9bcc-d8cb8a57c0cc} - "J:\setup.exe" 
HKU\S-1-5-21-4033507343-4276649364-4039286402-1001\...\MountPoints2: {bcf1e8ad-436d-11e5-9bcb-d8cb8a57c0cc} - "I:\autorun.exe" 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2016-01-25]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-01-31]
ShortcutTarget: Telegram.lnk -> C:\Users\Nathaniel\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1eaf13aa-4fc7-416a-a254-7b4f19b6467f}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-03]
CHR Extension: (Dokumenty Google) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Dysk Google) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Adblock Plus) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-04-03]
CHR Extension: (Arkusze Google) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [23504 2014-12-25] (Micro-Star Int'l Co., Ltd.)
R3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-03] (SurfRight B.V.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-11-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
R3 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1741992 2015-07-30] (Micro-Star INT'L CO., LTD.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-10] (Electronic Arts)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914400 2016-03-10] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2016-03-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-03-10] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-03-10] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-03-10] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-03-10] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-03-10] (360.cn)
U1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-03-10] (360.cn)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-08-31] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-08-31] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-15] (Disc Soft Ltd)
R3 e1rexpress; C:\Windows\system32\DRIVERS\e1r64x64.sys [458520 2013-08-22] (Intel Corporation)
S3 ksaud; C:\Windows\system32\drivers\ksaud.sys [1589248 2015-05-12] (Creative Technology Ltd.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-08-13] (Intel Corporation)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
S3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-11-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [9584 2013-03-07] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-10-31] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2015-08-17] (WIBU-SYSTEMS AG)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-04 23:00 - 2016-04-04 23:01 - 00028054 _____ C:\Users\Nathaniel\Downloads\FRST.txt
2016-04-04 22:57 - 2016-04-04 22:57 - 00001051 _____ C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funkcje opcjonalne.lnk
2016-04-04 22:57 - 2015-07-09 20:39 - 04847104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-04-04 22:57 - 2015-07-09 20:36 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-04-04 22:57 - 2015-07-09 20:28 - 06358016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-04-04 22:57 - 2015-07-09 20:25 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-04-04 22:57 - 2015-07-09 20:25 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-04-04 22:53 - 2016-04-04 22:53 - 00000857 _____ C:\Users\Nathaniel\Desktop\forum.txt
2016-04-04 22:46 - 2016-04-04 22:46 - 02374144 _____ (Farbar) C:\Users\Nathaniel\Downloads\EnglishFRST64.exe
2016-04-04 21:57 - 2016-04-04 21:57 - 02870984 _____ (ESET) C:\Users\Nathaniel\Downloads\esetsmartinstaller_enu.exe
2016-04-04 21:57 - 2016-04-04 21:57 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-04 21:56 - 2016-04-04 21:56 - 01610352 _____ (Malwarebytes) C:\Users\Nathaniel\Downloads\JRT (3).exe
2016-04-04 21:50 - 2016-04-04 21:50 - 01610352 _____ (Malwarebytes) C:\Users\Nathaniel\Downloads\JRT (2).exe
2016-04-04 21:46 - 2016-04-04 21:46 - 04404574 _____ C:\Users\Nathaniel\Desktop\Summary.nfo
2016-04-04 21:43 - 2016-04-04 21:43 - 00010750 _____ C:\Users\Nathaniel\Desktop\MTB.txt
2016-04-04 21:42 - 2016-04-04 21:43 - 00891392 _____ (Farbar) C:\Users\Nathaniel\Downloads\MiniToolBox.exe
2016-04-04 21:39 - 2016-04-04 21:39 - 03119168 _____ C:\Users\Nathaniel\Downloads\adwcleaner_5.109.exe
2016-04-04 21:36 - 2016-04-04 21:38 - 00001842 _____ C:\Users\Nathaniel\Downloads\SystemLook.txt
2016-04-04 21:35 - 2016-04-04 21:36 - 00139264 _____ C:\Users\Nathaniel\Downloads\SystemLook.exe
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-04 21:05 - 2016-04-04 21:05 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-2KT20LR_Nathaniel_HistoryPrediction.bin
2016-04-04 17:58 - 2016-04-04 17:58 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-04 17:57 - 2016-04-04 18:22 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-04 17:57 - 2016-04-04 17:57 - 00000637 _____ C:\Users\Nathaniel\Desktop\fff.txt
2016-04-04 16:50 - 2016-04-04 17:57 - 24003656 _____ C:\Users\Nathaniel\Downloads\RogueKillerX64.exe
2016-04-04 16:01 - 2016-04-03 16:41 - 00021143 _____ C:\Users\Nathaniel\Downloads\New.Girl.S05E12.HDTV.x264-FUM.txt
2016-04-03 20:05 - 2016-04-03 20:05 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\Mozilla
2016-04-03 19:52 - 2016-04-03 19:52 - 00017942 _____ C:\Users\Nathaniel\Downloads\Dragon Ball Super 037 - 720p.mp4.torrent
2016-04-03 15:48 - 2016-04-03 15:48 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 15:48 - 2016-04-03 15:48 - 00002342 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-03 15:32 - 2016-04-04 21:11 - 00000000 ____D C:\Users\Nathaniel\AppData\LocalLow\360WD
2016-04-03 15:32 - 2016-04-03 15:36 - 00000000 ____D C:\ProgramData\360Quarant
2016-04-03 15:32 - 2016-04-03 15:32 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2016-04-03 15:32 - 2016-04-03 15:32 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\360TotalSecurity
2016-04-03 15:32 - 2016-04-03 15:32 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\360safe
2016-04-03 15:32 - 2016-04-03 15:32 - 00000000 ____D C:\ProgramData\360TotalSecurity
2016-04-03 15:32 - 2016-04-03 15:32 - 00000000 ____D C:\ProgramData\360safe
2016-04-03 15:32 - 2016-03-10 11:57 - 00370768 _____ (360.cn) C:\WINDOWS\system32\Drivers\360fsflt.sys
2016-04-03 15:32 - 2016-03-10 11:57 - 00077904 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2016-04-03 15:31 - 2016-04-03 15:31 - 00001226 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-04-03 15:31 - 2016-04-03 15:31 - 00000000 _RSHD C:\360SANDBOX
2016-04-03 15:31 - 2016-04-03 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-04-03 15:31 - 2016-04-03 15:31 - 00000000 ____D C:\Program Files (x86)\360
2016-04-03 15:31 - 2016-03-10 11:57 - 00319568 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2016-04-03 15:31 - 2016-03-10 11:57 - 00181328 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS
2016-04-03 15:31 - 2016-03-10 11:57 - 00137808 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2016-04-03 15:31 - 2016-03-10 11:57 - 00077904 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2016-04-03 15:31 - 2016-03-10 11:57 - 00040520 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys
2016-04-03 15:30 - 2016-04-03 15:30 - 42876848 _____ C:\Users\Nathaniel\Downloads\360TS_Setup.exe
2016-04-03 15:29 - 2016-04-04 21:55 - 00000550 _____ C:\Users\Nathaniel\Desktop\JRT.txt
2016-04-03 15:29 - 2016-04-03 15:24 - 00001913 _____ C:\Users\Nathaniel\Desktop\Fixlog.txt
2016-04-03 15:23 - 2016-04-03 15:27 - 01610352 _____ (Malwarebytes) C:\Users\Nathaniel\Downloads\JRT (1).exe
2016-04-03 15:22 - 2016-04-03 15:30 - 01371256 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\Nathaniel\Downloads\360TS_Setup_Mini.exe
2016-04-03 13:18 - 2016-04-03 13:18 - 08817122 _____ C:\Users\Nathaniel\Desktop\AutoRuns.arn
2016-04-03 13:15 - 2016-04-03 13:15 - 00000000 ____D C:\Users\Nathaniel\Downloads\Autoruns
2016-04-03 13:14 - 2016-04-03 13:14 - 00615478 _____ C:\Users\Nathaniel\Downloads\Autoruns.zip
2016-04-03 13:02 - 2016-04-03 13:04 - 00002008 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-03 13:02 - 2016-04-03 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-03 13:00 - 2016-04-03 13:04 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-03 13:00 - 2016-04-03 13:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-03 12:59 - 2016-04-03 12:59 - 11316968 _____ C:\Users\Nathaniel\Downloads\Hitman Pro 3.7.3 Build 193 - 64bit.rar
2016-04-03 12:59 - 2016-04-03 12:59 - 00000000 ____D C:\Users\Nathaniel\Downloads\Hitman Pro 3.7.3 Build 193 - 64bit
2016-04-03 12:54 - 2016-04-03 12:54 - 01610352 _____ (Malwarebytes) C:\Users\Nathaniel\Downloads\JRT.exe
2016-04-03 11:47 - 2016-04-04 21:48 - 00000841 _____ C:\Users\Nathaniel\Downloads\Fixlog.txt
2016-04-03 11:47 - 2016-04-03 11:47 - 02374144 _____ (Farbar) C:\Users\Nathaniel\Downloads\FRST64.exe
2016-04-03 11:44 - 2016-04-03 11:44 - 00602112 _____ (OldTimer Tools) C:\Users\Nathaniel\Downloads\OTL.exe
2016-04-03 11:39 - 2016-04-03 11:39 - 00000000 _____ C:\Users\Nathaniel\Desktop\Nowy dokument tekstowy.txt
2016-04-03 01:39 - 2015-01-14 15:15 - 00000074 ____N C:\Users\Nathaniel\Downloads\Napisy24.pl.url
2016-04-03 00:17 - 2016-04-03 00:17 - 00000000 ___RD C:\Users\test\OneDrive
2016-04-02 23:53 - 2016-04-03 00:18 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps
2016-04-02 23:53 - 2016-04-02 23:53 - 00000000 ____D C:\Users\test\AppData\Roaming\Creative
2016-04-02 23:53 - 2016-04-02 23:53 - 00000000 ____D C:\Users\test\AppData\Roaming\Apple Computer
2016-04-02 23:53 - 2016-04-02 23:53 - 00000000 ____D C:\Users\test\AppData\Local\Adobe
2016-04-02 23:52 - 2016-04-03 01:22 - 00000000 ____D C:\Users\test
2016-04-02 23:52 - 2016-04-03 00:17 - 00000000 ____D C:\Users\test\AppData\Local\Packages
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Ustawienia lokalne
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Szablony
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Moje dokumenty
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Menu Start
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Documents\Moje wideo
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Documents\Moje obrazy
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Documents\Moja muzyka
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\Dane aplikacji
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\AppData\Local\Historia
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 _SHDL C:\Users\test\AppData\Local\Dane aplikacji
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\test\AppData\Local\TileDataLayer
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA Corporation
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA
2016-04-02 23:52 - 2016-04-02 23:52 - 00000000 ____D C:\Users\test\AppData\Local\Google
2016-04-02 23:52 - 2016-03-06 19:24 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2016-04-02 23:20 - 2016-04-04 21:47 - 00079599 _____ C:\Users\Nathaniel\Desktop\Shortcut.txt
2016-04-02 23:19 - 2016-04-04 21:47 - 00071673 _____ C:\Users\Nathaniel\Desktop\Addition.txt
2016-04-02 23:19 - 2016-04-04 21:47 - 00067972 _____ C:\Users\Nathaniel\Desktop\FRST.txt
2016-04-02 23:18 - 2016-04-04 23:00 - 00000000 ____D C:\FRST
2016-04-02 22:36 - 2016-04-03 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-02 22:35 - 2016-04-02 22:35 - 00000000 ____D C:\Users\Nathaniel\Downloads\! CCleaner 5.02.5101 Professional [Full]_ PL
2016-04-02 22:34 - 2016-04-02 22:34 - 06116940 _____ C:\Users\Nathaniel\Downloads\! CCleaner 5.02.5101 Professional [Full]_ PL.rar
2016-04-02 22:23 - 2016-04-03 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Odkurzacz
2016-04-02 22:23 - 2016-04-03 00:21 - 00000000 ____D C:\Program Files (x86)\Odkurzacz
2016-04-02 22:04 - 2016-04-04 21:39 - 00000000 ____D C:\AdwCleaner
2016-04-02 20:57 - 2016-04-02 21:09 - 00000000 ____D C:\Users\Nathaniel\Downloads\Bitdefender Total Security 2016   Key
2016-04-02 20:53 - 2016-04-02 21:06 - 00003927 _____ C:\bdlog.txt
2016-04-02 20:52 - 2016-04-02 20:52 - 00000000 ____D C:\ProgramData\BDLogging
2016-04-02 20:48 - 2016-04-02 20:48 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\QuickScan
2016-04-02 20:48 - 2016-01-09 16:50 - 00000265 _____ C:\Users\Nathaniel\Downloads\Key.txt
2016-04-02 20:43 - 2016-04-02 20:43 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\Sun
2016-04-02 20:43 - 2016-04-02 20:43 - 00000000 ____D C:\Users\Nathaniel\AppData\LocalLow\Sun
2016-04-02 20:43 - 2016-04-02 20:43 - 00000000 ____D C:\Users\Nathaniel\.oracle_jre_usage
2016-04-02 20:42 - 2016-04-02 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-02 20:42 - 2016-04-02 20:43 - 00000000 ____D C:\ProgramData\Oracle
2016-04-02 20:42 - 2016-04-02 20:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-02 19:38 - 2016-04-02 19:38 - 00014358 _____ C:\Users\Nathaniel\Downloads\fúsi_n24_pl_93736.zip
2016-04-01 12:25 - 2016-04-01 12:25 - 00000430 _____ C:\Users\Nathaniel\Downloads\Bitdefender Total Security 2016   klucz do 24.08.2020.rar
2016-03-31 08:18 - 2007-07-20 10:14 - 00025088 _____ C:\Users\Nathaniel\Downloads\Frosted Glass.mat
2016-03-31 08:16 - 2007-02-23 17:06 - 00080896 _____ C:\Users\Nathaniel\Downloads\Milky Acid Glass.mat
2016-03-31 08:15 - 2016-03-31 08:15 - 00005632 _____ C:\Users\Nathaniel\Downloads\milky glass_by_Strikee9627.mat
2016-03-31 00:36 - 2016-03-31 00:36 - 08966144 _____ C:\Users\Nathaniel\Desktop\36daysoftype_C_02_progresive.max
2016-03-30 22:59 - 2016-03-31 08:25 - 08962048 _____ C:\Users\Nathaniel\Desktop\36daysoftype_C_02.max
2016-03-30 21:37 - 2016-03-30 21:37 - 11437217 _____ C:\Users\Nathaniel\Downloads\133884.54610146a00b6.zip
2016-03-30 21:22 - 2016-03-30 22:17 - 01060864 _____ C:\Users\Nathaniel\Desktop\36daysoftype_C.max
2016-03-30 20:59 - 2016-03-30 20:59 - 00362065 _____ C:\Users\Nathaniel\Desktop\3d-perspective-grid-very-long.svg
2016-03-30 19:07 - 2016-03-30 19:07 - 44651047 _____ C:\Users\Nathaniel\Desktop\505981852.mp4
2016-03-29 20:04 - 2016-03-29 20:04 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\Macromedia
2016-03-28 22:51 - 2016-03-28 23:44 - 00000000 ____D C:\ProgramData\TrackmaniaTurbo
2016-03-28 22:51 - 2016-03-28 22:52 - 00000000 ____D C:\Users\Nathaniel\Documents\TrackmaniaTurbo
2016-03-28 22:48 - 2016-04-02 21:09 - 00000000 ____D C:\Program Files\Trackmania Turbo
2016-03-28 21:27 - 2016-03-28 21:29 - 00051939 _____ C:\Users\Nathaniel\Downloads\KAB018115286.PDF
2016-03-23 18:26 - 2016-03-23 18:26 - 00743360 _____ C:\Users\Nathaniel\Desktop\20160323130004963.pdf
2016-03-20 21:24 - 2016-04-01 14:14 - 00000000 ____D C:\PhoenixFD
2016-03-20 21:23 - 2016-03-20 21:57 - 00000000 ____D C:\Users\Nathaniel\Documents\Phoenix FD
2016-03-15 23:53 - 2016-03-15 23:53 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe SpeedGrade CC 2015.lnk
2016-03-13 22:23 - 2016-03-13 22:29 - 16297149 _____ C:\Users\Nathaniel\Downloads\A Prank Time.mp4
2016-03-09 23:58 - 2016-03-09 23:58 - 00076832 _____ C:\Users\Nathaniel\PresetEffects.xml.backup
2016-03-09 23:51 - 2016-03-09 23:51 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2016-03-09 23:50 - 2015-12-21 13:25 - 15555584 _____ (Trapcode AB) C:\WINDOWS\system32\TCParticleBuilder.dll
2016-03-09 22:53 - 2016-02-23 16:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 22:53 - 2016-02-23 16:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 22:53 - 2016-02-23 16:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 22:53 - 2016-02-23 16:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 22:53 - 2016-02-23 16:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 22:53 - 2016-02-23 16:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 22:53 - 2016-02-23 16:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 22:53 - 2016-02-23 16:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 22:53 - 2016-02-23 16:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 22:53 - 2016-02-23 16:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 22:53 - 2016-02-23 16:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 22:53 - 2016-02-23 16:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 22:53 - 2016-02-23 16:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 22:53 - 2016-02-23 16:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 22:53 - 2016-02-23 16:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 22:53 - 2016-02-23 16:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 22:53 - 2016-02-23 16:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 22:53 - 2016-02-23 16:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 22:53 - 2016-02-23 16:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 22:53 - 2016-02-23 15:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 22:53 - 2016-02-23 15:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 22:53 - 2016-02-23 15:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 22:53 - 2016-02-23 15:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 22:53 - 2016-02-23 15:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 22:53 - 2016-02-23 15:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 22:53 - 2016-02-23 15:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 22:53 - 2016-02-23 15:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 22:53 - 2016-02-23 15:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 22:53 - 2016-02-23 15:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 22:53 - 2016-02-23 15:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 22:53 - 2016-02-23 14:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 22:53 - 2016-02-23 14:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 22:53 - 2016-02-23 14:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 22:53 - 2016-02-23 14:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 22:53 - 2016-02-23 14:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 22:53 - 2016-02-23 14:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 22:53 - 2016-02-23 14:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 22:53 - 2016-02-23 14:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 22:53 - 2016-02-23 14:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 22:53 - 2016-02-23 14:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 22:53 - 2016-02-23 14:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 22:53 - 2016-02-23 14:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 22:53 - 2016-02-23 14:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 22:53 - 2016-02-23 14:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 22:53 - 2016-02-23 13:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 22:53 - 2016-02-23 13:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 22:53 - 2016-02-23 13:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 22:53 - 2016-02-23 13:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 22:53 - 2016-02-23 13:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 22:53 - 2016-02-23 13:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 22:53 - 2016-02-23 13:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 22:53 - 2016-02-23 13:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 22:53 - 2016-02-23 13:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 22:53 - 2016-02-23 13:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 22:53 - 2016-02-23 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 22:53 - 2016-02-23 13:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 22:53 - 2016-02-23 13:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 22:53 - 2016-02-23 13:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 22:53 - 2016-02-23 13:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 22:53 - 2016-02-23 13:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 22:53 - 2016-02-23 13:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 22:53 - 2016-02-23 13:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 22:53 - 2016-02-23 13:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 22:53 - 2016-02-23 13:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 22:53 - 2016-02-23 13:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 22:53 - 2016-02-23 12:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 22:53 - 2016-02-23 12:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 22:53 - 2016-02-23 12:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 22:53 - 2016-02-23 12:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 22:53 - 2016-02-23 12:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 22:53 - 2016-02-23 12:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 22:53 - 2016-02-23 12:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 22:53 - 2016-02-23 12:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 22:53 - 2016-02-23 12:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 22:53 - 2016-02-23 12:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 22:53 - 2016-02-23 12:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 22:53 - 2016-02-23 12:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 22:53 - 2016-02-23 12:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 22:53 - 2016-02-23 12:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 22:53 - 2016-02-23 12:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 22:53 - 2016-02-23 12:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 22:53 - 2016-02-23 12:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 22:53 - 2016-02-23 12:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 22:53 - 2016-02-23 12:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 22:53 - 2016-02-23 12:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 22:53 - 2016-02-23 11:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 22:31 - 2016-04-03 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-06 19:42 - 2016-04-02 22:26 - 00000000 ____D C:\Users\Nathaniel\Documents\efile-backup
2016-03-06 19:24 - 2016-03-06 19:24 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
2016-03-06 19:24 - 2016-03-06 19:24 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\e-Deklaracje
2016-03-06 19:24 - 2016-03-06 19:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-03-06 19:24 - 2016-03-06 19:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-03-06 18:27 - 2016-04-03 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity
2016-03-06 18:27 - 2016-03-06 19:30 - 00000000 ____D C:\Users\Nathaniel\Documents\efile
2016-03-06 18:27 - 2016-03-06 18:27 - 00001258 _____ C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2015 - program, pity roczne, e-deklaracje.lnk
2016-03-06 18:27 - 2016-03-06 18:27 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\fillUp
2016-03-06 18:27 - 2016-03-06 18:27 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\com.efile.epity2015
2016-03-06 18:27 - 2016-03-06 18:27 - 00000000 ____D C:\Program Files (x86)\e-file
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-04 22:57 - 2015-07-10 18:31 - 00000000 ____D C:\WINDOWS\OCR
2016-04-04 22:57 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-04 22:54 - 2015-08-30 15:11 - 00004234 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73E6DA55-E498-4992-B09C-DB084B8B5B71}
2016-04-04 22:08 - 2015-08-15 22:54 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\vlc
2016-04-04 22:08 - 2015-08-13 19:43 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-04 21:51 - 2016-02-06 00:15 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\CrashDumps
2016-04-04 21:51 - 2015-08-15 20:21 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\uTorrent
2016-04-04 20:11 - 2015-08-20 06:15 - 00005368 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-2KT20LR-Nathaniel DESKTOP-2KT20LR
2016-04-04 20:01 - 2015-08-16 12:06 - 00000000 ___RD C:\Users\Nathaniel\Creative Cloud Files
2016-04-04 20:01 - 2015-08-16 12:03 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\Adobe
2016-04-04 20:00 - 2015-08-16 13:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-04 20:00 - 2015-08-16 12:08 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\Telegram Desktop
2016-04-04 20:00 - 2015-08-13 19:43 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-04 16:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-03 20:20 - 2015-08-13 18:47 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-03 20:20 - 2015-07-10 18:30 - 00812520 _____ C:\WINDOWS\system32\perfh015.dat
2016-04-03 20:20 - 2015-07-10 18:30 - 00156054 _____ C:\WINDOWS\system32\perfc015.dat
2016-04-03 20:20 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-03 20:13 - 2015-08-13 19:48 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\Google
2016-04-03 20:02 - 2015-08-16 13:00 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\MPC-HC
2016-04-03 16:24 - 2015-08-16 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-03 15:48 - 2015-08-13 19:43 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-03 15:40 - 2015-08-13 19:43 - 00000000 ____D C:\Program Files\Google
2016-04-03 15:36 - 2015-11-14 13:50 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-03 15:36 - 2015-08-16 13:19 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-04-03 15:36 - 2015-08-16 12:11 - 00003094 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-04-03 15:36 - 2015-08-13 19:43 - 00000000 ____D C:\ProgramData\Norton
2016-04-03 15:36 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-04-03 15:32 - 2015-08-13 19:43 - 00003600 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-03 15:32 - 2015-08-13 19:43 - 00003376 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-03 15:32 - 2015-08-13 19:16 - 00003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-04-03 15:32 - 2015-08-13 19:16 - 00002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-04-03 15:26 - 2015-08-18 22:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-03 15:26 - 2015-08-16 12:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-03 15:25 - 2015-08-13 18:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-03 15:25 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-03 15:25 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-04-03 12:55 - 2015-08-17 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2016-04-03 12:55 - 2015-08-17 23:13 - 00000000 ____D C:\Program Files\Common Files\ChaosGroup
2016-04-03 11:48 - 2015-08-13 18:44 - 00000000 ____D C:\Users\Nathaniel
2016-04-03 01:34 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-03 01:22 - 2015-08-29 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2016-04-03 01:22 - 2015-08-17 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Composite 2014
2016-04-03 01:22 - 2015-08-17 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 3ds Max 2014
2016-04-03 01:22 - 2015-08-16 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2016-04-03 01:22 - 2015-08-16 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-03 01:22 - 2015-08-15 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-03 01:22 - 2015-08-13 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-03 00:22 - 2015-08-16 12:14 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\NapiProjekt
2016-04-03 00:22 - 2015-08-13 18:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-03 00:22 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-03 00:21 - 2016-01-14 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-03 00:21 - 2015-11-05 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-03 00:21 - 2015-10-20 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl
2016-04-03 00:21 - 2015-10-10 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-04-03 00:21 - 2015-10-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2016-04-03 00:21 - 2015-09-12 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quixel
2016-04-03 00:21 - 2015-08-30 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REVisionEffects
2016-04-03 00:21 - 2015-08-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.5
2016-04-03 00:21 - 2015-08-18 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-03 00:21 - 2015-08-18 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-03 00:21 - 2015-08-17 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itoo Software
2016-04-03 00:21 - 2015-08-17 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2016-04-03 00:21 - 2015-08-17 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Backburner 2014
2016-04-03 00:21 - 2015-08-17 22:27 - 00000000 ____D C:\ProgramData\FLEXnet
2016-04-03 00:21 - 2015-08-17 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Backburner 2016
2016-04-03 00:21 - 2015-08-17 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-04-03 00:21 - 2015-08-17 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2016-04-03 00:21 - 2015-08-17 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ori and the Blind Forest
2016-04-03 00:21 - 2015-08-16 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-03 00:21 - 2015-08-16 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-03 00:21 - 2015-08-16 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-03 00:21 - 2015-08-16 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt
2016-04-03 00:21 - 2015-08-16 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-04-03 00:21 - 2015-08-15 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
2016-04-03 00:21 - 2015-08-15 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-04-03 00:21 - 2015-08-15 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-04-03 00:21 - 2015-08-15 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-04-03 00:21 - 2015-08-13 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 2.5
2016-04-03 00:21 - 2015-08-13 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-04-03 00:21 - 2015-08-13 19:21 - 00000000 ____D C:\NVIDIA
2016-04-03 00:21 - 2015-08-13 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-03 00:21 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2016-04-03 00:20 - 2015-10-28 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPortal
2016-04-03 00:20 - 2015-09-08 19:58 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\Mozilla
2016-04-03 00:20 - 2015-08-17 23:14 - 00000000 ____D C:\Program Files\Chaos Group
2016-04-03 00:20 - 2015-08-16 12:10 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-04-03 00:20 - 2015-08-15 19:55 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\DAEMON Tools Lite
2016-04-03 00:20 - 2015-08-15 18:23 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\foobar2000
2016-04-03 00:20 - 2015-08-13 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-04-03 00:20 - 2015-07-10 18:35 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-03 00:20 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows NT
2016-04-03 00:20 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-03 00:17 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-03 00:14 - 2015-08-15 18:56 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\ElevatedDiagnostics
2016-04-02 22:37 - 2015-08-13 19:39 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-02 21:09 - 2015-10-07 21:05 - 00000000 ____D C:\ProgramData\VideoCopilot
2016-03-25 00:23 - 2015-08-15 21:17 - 00000000 ____D C:\Users\Nathaniel\Documents\ManiaPlanet
2016-03-24 23:46 - 2015-08-15 21:16 - 00000000 ____D C:\ProgramData\ManiaPlanet
2016-03-17 23:18 - 2015-08-21 00:19 - 00000000 ____D C:\Users\Nathaniel\AppData\Local\Ori and the Blind Forest
2016-03-15 23:53 - 2015-08-16 12:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-15 23:53 - 2015-08-16 12:12 - 00000000 ____D C:\Program Files\Adobe
2016-03-15 23:53 - 2015-08-13 18:44 - 00000000 ____D C:\Users\Nathaniel\AppData\Roaming\Adobe
2016-03-13 18:03 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-13 18:03 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-13 18:03 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-13 18:03 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 22:45 - 2015-08-13 18:45 - 00002423 _____ C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 22:45 - 2015-08-13 18:45 - 00000000 ___RD C:\Users\Nathaniel\OneDrive
2016-03-10 21:58 - 2015-08-16 12:43 - 00000033 _____ C:\Users\Nathaniel\AppData\Roaming\AdobeWLCMCache.dat
2016-03-10 00:51 - 2015-08-13 18:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 00:48 - 2015-08-13 18:57 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 23:51 - 2015-08-29 12:59 - 00000000 ____D C:\Program Files (x86)\Red Giant
2016-03-09 23:50 - 2015-08-29 12:59 - 00000000 ____D C:\ProgramData\Red Giant
2016-03-09 23:05 - 2015-08-16 12:19 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-03-09 22:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-09 18:54 - 2015-08-16 13:18 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-03-08 09:10 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 09:10 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-06 19:24 - 2015-08-16 12:06 - 00000000 ____D C:\ProgramData\Adobe
2016-03-06 19:24 - 2015-08-16 12:05 - 00000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2015-08-16 12:43 - 2016-03-10 21:58 - 0000033 _____ () C:\Users\Nathaniel\AppData\Roaming\AdobeWLCMCache.dat
2015-09-06 14:03 - 2015-09-06 16:31 - 0001456 _____ () C:\Users\Nathaniel\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-11-23 23:01 - 2015-11-23 23:01 - 0007602 _____ () C:\Users\Nathaniel\AppData\Local\Resmon.ResmonCfg
2015-08-15 18:10 - 2010-06-29 15:04 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
2015-08-15 18:10 - 2013-04-03 12:50 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
2015-08-13 18:56 - 2015-08-13 18:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Nathaniel\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-03 21:33
 
==================== End of FRST.txt ============================

 

Sorry for my english!

Attached Files


Edited by Nathanielxd, 04 April 2016 - 04:19 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 05 April 2016 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Please let me know if the problem persists with this computer.

#3 Nathanielxd

Nathanielxd
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 05 April 2016 - 02:10 PM

I think everything is ok now - no more ads!

Thank you.

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 06 April 2016 - 08:10 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 Nathanielxd

Nathanielxd
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 09 April 2016 - 05:36 AM

Unfortunately ads returned today :/
I think they're in all browsers - internet explorer, google chrome, mozilla firefox, microsoft edge.
Previously I've not seen ads in internet explorer. 
 
Now they're on two computers in home network. Maybe it's a problem with router?
I tried to reset router to default settings, but it not help.
 
Now I even see ad in "reply to this topic" on bleeping computer:

Attached Files

  • Attached File  ads.png   241.63KB   0 downloads

Edited by Nathanielxd, 09 April 2016 - 07:01 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 09 April 2016 - 07:32 AM

Next time you see the popup please right click on the image copy and past the URL (Link) and post it for my review.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 15 April 2016 - 07:06 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users