Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown ransomware and files deleted from 'Documents'


  • This topic is locked This topic is locked
5 replies to this topic

#1 karko

karko

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 18 April 2016 - 07:13 AM

Hi,
 
This is my first post on this forum, except the 'Hello' one. I've run into some serious problems a week ago!
 
We've opened an e-mail that informed about a postal package delivery - a fake one obviously. Right after opening the attachment the whole PC got infected.
 
Let me just say that I had no backup of those files. I have now just finished creating a windows back up for what I have now.
 
There are two things that I've noticed:
1. All the documents from Documents/My Documents directory were deleted - EXCEPT of photos (all encrypted).
2. Ransomware infection - files encypted, (HOW TO RESTORE FILES.txt, and *.encrypted files generated),
 
1. This is my main concern. I have no idea how to start the investigation. I've read many threads about files being moved to TEMP or hidden but I was unsuccessful in finding any evidence of records move or deletion. I would be happy if I can just understand what happend to those files. Whether these were deleted before the encryption took place by different virus? Or were deleted after? I really have no idea! I don't know exactly when I've noticed that all directories in My Documents are empty. My first thought was that I have deleted something by MalwareBytes or Norton, but I found nothing like that in the logs. So I went to the forum and found a thread describing just the same problem: 
 
I thought I might be having another virus that deleted all files.
 
2. Ransomware infection - so here I've noticed that majority of the files have .encrypted added. Then I noticed those files called 'HOW_TO_RESTORE_FILES.txt'. This obviously led me to a conclusion that this must have been a ransomware virus. I wanted to identify the infection so I went to https://id-ransomware.malwarehunterteam.com/ but I am getting a 'Sorry you have been blocked' message from any PC I am trying to upload files with. I've already contacted DemonSlay335 about this and [UPDATE] and I was just told that it looks like Crypt0L0cker that cannot be easily decrypted [/UPDATE]. In the mean time I've started with Malware Bytes scan and Norton Power Eraser (logs attached - you may need to change txt to xml for better view). Both found same issues in 3 files:
- Ransom.TorrentLocker - 2 files
- PUP.Optional.ASK - 1 files
 
When initially I saw the above results I went to forums and I read how to recover TorrentLocker, found a tool for that. I have applied a sample file, encrypted and original and generated a key. Made a test and was successful. So I've run it on the whole C: drive. And this didn't work. The files were decrypted but are corrupted. So the key must have been wrong. Any ways I have a backup of all those files created automatically by TorrentUnlocker tool. 
 
After that I've run Norton Power Eraser. It found a virus and deleted some executables. Attached a log. So this is my second issue. To be honest I am less worried about those encrypted files because key files were in My Documents. I first would like to restore those and then focus on decryption. 
 
In summary - your help will be much appreciated. If only I can understand what happend to the files in Documents I would have a good starting point.
 
Attaching also the FRST logs as requsted in the guidance.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Kasia (administrator) on KASIA_VAIO (18-04-2016 14:01:57)
Running from C:\Users\Kasia\Downloads
Loaded Profiles: Kasia (Available Profiles: Kasia)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Everything\Everything.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HUAWEI Technologies Co., Ltd.) C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\Kasia\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\nacl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\nacl64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\conathst.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Kasia\Downloads\EnglishFRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKLM\...\Run: [adolotmz] => "C:\Windows\iluhivyp.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-07-14] (cyberlink)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\...\Run: [GoogleChromeAutoLaunch_42B72D3BF0A26A851EE99173FC66C2F5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-13] (Google Inc.)
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\...\Run: [BingSvc] => C:\Users\Kasia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\...\MountPoints2: {9b992244-5695-11e2-be57-88532e7bdf0d} - "E:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive dla firm.lnk [2016-03-16]
ShortcutTarget: OneDrive dla firm.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2016-01-24]
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 78.152.23.66 78.152.23.67
Tcpip\..\Interfaces\{D02EF9EE-A79C-4F27-AD27-A23ABD01388F}: [DhcpNameServer] 78.152.23.66 78.152.23.67

Internet Explorer:
==================
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-766829609-1434260023-3320017889-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-766829609-1434260023-3320017889-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-766829609-1434260023-3320017889-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-766829609-1434260023-3320017889-1000 -> {DA8E4312-DE42-4D3C-8DBB-A4CFBFB4DAC7} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll [2011-04-26] (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-01-03] (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll [2014-01-16] (McAfee, Inc.)
BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll [2011-04-26] (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-766829609-1434260023-3320017889-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-03-16] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\z06d83us.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2013-01-03] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\z06d83us.default\searchplugins\bing-.xml [2015-11-14]
FF Extension: Classic Compact Options - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\z06d83us.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2015-04-26]
FF Extension: PEKAO S.A. Sign Plugin - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\z06d83us.default\extensions\SignPlugin@pekao.pl [2016-03-01]
FF Extension: Bing Search - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\z06d83us.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-13]
FF Extension: Classic Compact - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\z06d83us.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2014-02-09] [not signed]
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2016-04-18] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-03-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Dokumenty Google) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Dysk Google) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-28]
CHR Extension: (Google Search) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-23]
CHR Extension: (Bing) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-11-14]
CHR Extension: (Arkusze Google) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-14]
CHR Extension: (Skype) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-15]
CHR Extension: (Norton Safe) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-27]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Website Logon) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo [2014-10-14]
CHR Extension: (Gmail) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-766829609-1434260023-3320017889-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-766829609-1434260023-3320017889-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx [2010-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-06-24] (CyberLink)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
R2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160225.001\IDSvia64.sys [767224 2016-02-17] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160226.003\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160226.003\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-20] ()
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 14:01 - 2016-04-18 14:02 - 00038048 _____ C:\Users\Kasia\Downloads\FRST.txt
2016-04-18 11:39 - 2016-04-18 11:39 - 10108904 _____ (Symantec Corporation) C:\Users\Kasia\Downloads\NPE (1).exe
2016-04-18 11:22 - 2016-04-18 14:01 - 00000000 ____D C:\FRST
2016-04-18 10:44 - 2016-04-18 10:44 - 02375680 _____ (Farbar) C:\Users\Kasia\Downloads\EnglishFRST64.exe
2016-04-18 08:16 - 2016-04-18 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-04-18 08:16 - 2016-04-18 08:16 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-04-18 08:15 - 2016-04-18 08:16 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Kasia\Downloads\cbSetup.exe
2016-04-17 21:23 - 2016-04-17 21:39 - 00103828 _____ C:\Users\Kasia\Downloads\SystemLook.txt
2016-04-17 21:23 - 2016-04-17 21:23 - 00139264 _____ C:\Users\Kasia\Downloads\SystemLook.exe
2016-04-17 21:19 - 2016-04-17 21:35 - 00185549 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-04-17 21:19 - 2016-04-17 21:19 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-04-17 21:19 - 2016-04-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-17 21:19 - 2016-04-17 21:19 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-17 21:17 - 2016-04-17 21:18 - 21105944 _____ (Tweaking.com) C:\Users\Kasia\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-04-17 21:09 - 2016-04-17 21:11 - 00002336 _____ C:\Users\Kasia\Desktop\unhide.txt
2016-04-17 21:09 - 2016-04-17 21:09 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kasia\Downloads\unhide.exe
2016-04-17 11:27 - 2016-04-17 11:32 - 453896548 _____ C:\Users\Kasia\Downloads\takeout-20160417T092518Z.zip
2016-04-17 08:05 - 2016-04-18 13:50 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\Everything
2016-04-17 08:05 - 2016-04-17 08:05 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-04-17 08:05 - 2016-04-17 08:05 - 00000000 ____D C:\Program Files\Everything
2016-04-17 08:04 - 2016-04-17 08:04 - 00559063 _____ () C:\Users\Kasia\Downloads\Everything-1.3.4.686.x64-Setup.exe
2016-04-16 21:10 - 2016-04-17 10:40 - 00003432 _____ C:\Users\Kasia\photorec.cfg
2016-04-16 21:09 - 2016-04-16 21:09 - 10105868 _____ C:\Users\Kasia\Downloads\testdisk-7.0.win64.zip
2016-04-16 21:09 - 2016-04-16 21:09 - 00000000 ____D C:\Users\Kasia\Downloads\testdisk-7.0.win64
2016-04-16 20:58 - 2016-04-16 21:00 - 00000000 ____D C:\Users\Kasia\Downloads\encrytest
2016-04-16 20:03 - 2016-04-16 20:03 - 00000351 _____ C:\splash.idx
2016-04-16 20:00 - 2016-04-16 20:05 - 04154499 _____ C:\Users\Kasia\Downloads\Logo fundacji Europejczyk - Maciej Nadobnik.rar
2016-04-16 19:56 - 2016-04-16 19:56 - 09850667 _____ C:\Users\Kasia\Downloads\Muzyka_mową_dźwięków.pdf
2016-04-16 19:50 - 2016-04-16 19:50 - 00001890 _____ C:\Users\Kasia\Desktop\IrfanView Thumbnails.lnk
2016-04-16 19:50 - 2016-04-16 19:50 - 00000998 _____ C:\Users\Kasia\Desktop\IrfanView.lnk
2016-04-16 19:50 - 2016-04-16 19:50 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-04-16 19:50 - 2016-04-16 19:50 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\IrfanView
2016-04-16 19:50 - 2016-04-16 19:50 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-04-16 19:49 - 2016-04-16 19:49 - 02131936 _____ (Irfan Skiljan) C:\Users\Kasia\Downloads\iview442_setup.exe
2016-04-16 19:43 - 2016-04-16 21:38 - 00000000 ____D C:\Users\Kasia\AppData\Local\TorrentUnlocker
2016-04-16 19:42 - 2016-04-16 19:42 - 03437489 _____ (NathanScott Apps) C:\Users\Kasia\Downloads\TorrentUnlocker.exe
2016-04-16 19:16 - 2016-04-16 19:16 - 00987728 _____ (Google Inc.) C:\Users\Kasia\Downloads\ChromeSetup(1).exe
2016-04-16 19:08 - 2016-04-16 19:08 - 00098919 _____ C:\Users\Kasia\Downloads\id_tool.exe
2016-04-16 19:04 - 2016-04-16 19:04 - 00000000 ____D C:\NPE
2016-04-16 19:04 - 2016-04-16 19:03 - 00111098 _____ C:\Windows\ntbtlog.txt
2016-04-16 19:03 - 2016-04-16 19:03 - 00000000 ____D C:\ProgramData\SMR501
2016-04-16 18:56 - 2016-04-18 11:39 - 00000000 ____D C:\Users\Kasia\AppData\Local\NPE
2016-04-16 18:56 - 2016-04-16 18:56 - 00248714 _____ C:\Users\Kasia\Downloads\OCF_20131025.zip
2016-04-16 18:56 - 2016-04-16 18:56 - 00000000 ____D C:\Users\Kasia\Downloads\OCF_20131025
2016-04-16 18:55 - 2016-04-16 18:55 - 10108904 _____ (Symantec Corporation) C:\Users\Kasia\Downloads\NPE.exe
2016-04-16 18:52 - 2016-04-18 13:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-16 18:52 - 2016-04-16 18:52 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-16 18:52 - 2016-04-16 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-16 18:52 - 2016-04-16 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-16 18:52 - 2016-04-16 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-16 18:52 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-16 18:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-16 18:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-16 18:51 - 2016-04-16 18:51 - 22851472 _____ (Malwarebytes ) C:\Users\Kasia\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-04-16 18:49 - 2016-04-16 18:49 - 22851472 _____ (Malwarebytes ) C:\Users\Kasia\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-16 10:12 - 2016-04-16 18:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-15 14:58 - 2016-04-15 14:58 - 00003838 _____ C:\Users\Public\HOW_TO_RESTORE_FILES.html
2016-04-15 14:58 - 2016-04-15 14:58 - 00003838 _____ C:\Users\Kasia\Downloads\HOW_TO_RESTORE_FILES.html
2016-04-15 14:58 - 2016-04-15 14:58 - 00003838 _____ C:\HOW_TO_RESTORE_FILES.html
2016-04-15 14:58 - 2016-04-15 14:58 - 00001204 _____ C:\Users\Public\HOW_TO_RESTORE_FILES.txt
2016-04-15 14:58 - 2016-04-15 14:58 - 00001204 _____ C:\Users\Kasia\Downloads\HOW_TO_RESTORE_FILES.txt
2016-04-15 14:58 - 2016-04-15 14:58 - 00001204 _____ C:\HOW_TO_RESTORE_FILES.txt
2016-04-15 14:54 - 2016-04-16 19:33 - 00003838 _____ C:\Users\Kasia\Desktop\HOW_TO_RESTORE_FILES.html
2016-04-15 14:54 - 2016-04-16 19:33 - 00001204 _____ C:\Users\Kasia\Desktop\HOW_TO_RESTORE_FILES.txt
2016-04-15 14:54 - 2016-04-15 14:57 - 00000000 ____D C:\ProgramData\idetufamyjucypyj
2016-04-15 14:54 - 2016-04-15 14:54 - 00003838 _____ C:\Users\Default\HOW_TO_RESTORE_FILES.html
2016-04-15 14:54 - 2016-04-15 14:54 - 00001204 _____ C:\Users\Default\HOW_TO_RESTORE_FILES.txt
2016-04-13 03:29 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 03:29 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 03:29 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 03:29 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 03:29 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 03:29 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 03:29 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 03:29 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 03:29 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 03:29 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 03:29 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 03:29 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 03:29 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 03:29 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 03:29 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 03:29 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 03:29 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 03:29 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 03:29 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 03:29 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 03:29 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 03:29 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 03:29 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 03:29 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 03:29 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 03:29 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 03:29 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 03:29 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 03:29 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 03:29 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 03:29 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 03:29 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 03:29 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 03:29 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 03:29 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 03:29 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 03:29 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 03:29 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 03:29 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 03:29 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 03:29 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 03:29 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 03:29 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 03:29 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 03:29 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 03:29 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 03:29 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 03:29 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 03:29 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 03:29 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 03:29 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 03:29 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 03:29 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 03:29 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 03:29 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 03:29 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 03:29 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 03:29 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 03:29 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 03:29 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 03:29 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 03:29 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 03:29 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 03:29 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 03:29 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 03:29 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 03:29 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 03:29 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 03:29 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 03:29 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 03:29 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 03:29 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 03:29 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 03:29 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 03:29 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 03:29 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 03:29 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 03:29 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 03:29 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 03:29 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 03:29 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 03:29 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 03:29 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 03:29 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 03:29 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 03:29 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 03:29 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 03:29 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 03:29 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 03:29 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 03:29 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 03:29 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 03:29 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 03:29 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 03:29 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 03:29 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 03:29 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 03:29 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 03:29 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 03:29 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 03:29 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 03:29 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 03:29 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 03:29 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 03:29 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 03:29 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 03:29 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 03:29 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 03:29 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 03:29 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 03:29 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 03:29 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 03:29 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 03:29 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 03:29 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 03:29 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 03:29 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 03:29 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 03:29 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 03:29 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 03:29 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 03:29 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 03:29 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 03:29 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 03:29 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 03:29 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 03:29 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 03:29 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 03:29 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 03:29 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 03:29 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 03:29 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 03:29 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 03:29 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 03:29 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 03:29 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 03:29 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 03:29 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 03:29 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 03:29 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 03:29 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 03:29 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 03:29 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 03:29 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 03:29 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 03:29 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 03:29 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 03:29 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 03:29 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 03:29 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 03:29 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 03:29 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 03:29 - 2016-02-05 21:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-04-13 03:29 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 03:29 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 03:29 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 03:29 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 03:29 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 03:29 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-08 21:09 - 2016-04-15 14:54 - 00000703 _____ C:\Users\Kasia\Desktop\~$timado Samuel y Magdalena.docx.encrypted
2016-04-08 11:13 - 2016-04-15 14:54 - 00027205 _____ C:\Users\Kasia\Desktop\przemowa śubna.docx.encrypted
2016-04-07 14:21 - 2016-04-15 14:54 - 00605790 _____ C:\Users\Kasia\Desktop\paszporty.zip.encrypted
2016-04-06 17:29 - 2016-04-15 14:58 - 00009023 _____ C:\Users\Kasia\Downloads\operacja(4).pdf.encrypted
2016-04-06 17:25 - 2016-04-15 14:58 - 00008963 _____ C:\Users\Kasia\Downloads\operacja(3).pdf.encrypted
2016-04-06 17:21 - 2016-04-15 14:58 - 00009023 _____ C:\Users\Kasia\Downloads\operacja(2).pdf.encrypted
2016-04-06 17:16 - 2016-04-15 14:58 - 00008964 _____ C:\Users\Kasia\Downloads\operacja(1).pdf.encrypted
2016-03-20 15:38 - 2016-04-15 14:54 - 00256582 _____ C:\Users\Kasia\Desktop\Churchill.pptx.encrypted
2016-03-20 11:40 - 2016-03-20 11:40 - 01127752 _____ (Microsoft Corporation) C:\Users\Kasia\Downloads\Setup.x86.pl-pl_GrooveRetail_3V9N8-W93CC-FQPB8-Y9WVF-TVGJ3_TX_PR_(2).exe
2016-03-20 11:37 - 2016-03-20 11:37 - 08076992 _____ (Microsoft Corporation) C:\Users\Kasia\Downloads\OneDriveSetup(1).exe
2016-03-19 08:52 - 2016-04-15 14:54 - 00057520 _____ C:\Users\Kasia\Desktop\Szczegoly_operacji_2016-03-19_07-51-04.pdf.encrypted
2016-03-19 08:51 - 2016-04-15 14:58 - 00053745 _____ C:\Users\Kasia\Downloads\Szczegoly_operacji_2016-03-19_07-51-04.pdf.encrypted

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 14:00 - 2011-02-14 22:50 - 00744058 _____ C:\Windows\system32\perfh015.dat
2016-04-18 14:00 - 2011-02-14 22:50 - 00157508 _____ C:\Windows\system32\perfc015.dat
2016-04-18 14:00 - 2009-07-14 07:13 - 01679426 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-18 14:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-18 13:54 - 2016-03-13 19:45 - 00000000 ___RD C:\Users\Kasia\Dysk Google
2016-04-18 13:54 - 2014-10-14 10:46 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-18 13:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-18 13:51 - 2013-12-15 22:42 - 02176000 ___SH C:\Users\Kasia\Desktop\Thumbs.db
2016-04-18 13:35 - 2013-06-04 17:26 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-18 13:10 - 2014-10-14 10:46 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-18 09:14 - 2009-07-14 06:45 - 00031808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 09:14 - 2009-07-14 06:45 - 00031808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-17 10:56 - 2013-08-13 21:07 - 00000000 ____D C:\Users\Kasia\AppData\Local\CrashDumps
2016-04-16 22:28 - 2013-01-03 21:26 - 00000000 ____D C:\Users\Kasia\Documents\Pliki programu Outlook
2016-04-16 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2016-04-16 21:10 - 2013-01-03 14:50 - 00000000 ____D C:\Users\Kasia
2016-04-16 20:04 - 2016-03-16 23:59 - 00000000 ___RD C:\Users\Kasia\SharePoint
2016-04-16 20:04 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Public\Libraries
2016-04-16 20:03 - 2013-01-03 12:29 - 00000000 ____D C:\_FS_SWRINFO
2016-04-16 19:30 - 2016-03-10 10:36 - 00000000 ____D C:\Users\Kasia\Documents\artykuł,pogadanki
2016-04-16 19:30 - 2016-02-09 14:16 - 00000000 ____D C:\Users\Kasia\Documents\Budowa_Antrejka
2016-04-16 19:30 - 2016-02-01 15:28 - 00000000 ____D C:\Users\Kasia\Documents\mama zdj
2016-04-16 19:30 - 2016-01-18 13:37 - 00000000 ____D C:\Users\Kasia\Documents\Marta
2016-04-16 19:30 - 2015-09-06 15:07 - 00000000 ____D C:\Users\Kasia\Documents\ang nagrania fiszki
2016-04-16 19:30 - 2015-07-23 20:51 - 00000000 ____D C:\Users\Kasia\Documents\Edukacja_domowa
2016-04-16 19:30 - 2015-05-21 17:46 - 00000000 ____D C:\Users\Kasia\Documents\Imprezy_rodzinne
2016-04-16 19:30 - 2015-05-21 17:44 - 00000000 ____D C:\Users\Kasia\Documents\Nuty
2016-04-16 19:30 - 2015-02-23 18:01 - 00000000 ____D C:\Users\Kasia\Documents\filmiki asi
2016-04-16 19:30 - 2015-02-13 17:09 - 00000000 ____D C:\Users\Kasia\Documents\OD
2016-04-16 19:30 - 2014-12-19 14:08 - 00000000 ___SD C:\Users\Kasia\Documents\Moje źródła danych
2016-04-16 19:30 - 2014-10-14 09:58 - 00000000 ____D C:\Users\Kasia\Documents\Hiszpania
2016-04-16 19:30 - 2014-08-14 13:38 - 00000000 ____D C:\Users\Kasia\Documents\Franciszek Michnowicz
2016-04-16 19:30 - 2014-04-20 22:16 - 00000000 ____D C:\Users\Kasia\Documents\Dom
2016-04-16 19:30 - 2014-04-20 22:14 - 00000000 ____D C:\Users\Kasia\Documents\Saxum
2016-04-16 19:30 - 2013-11-04 21:04 - 00000000 ____D C:\Users\Kasia\Documents\moje nuty
2016-04-16 19:30 - 2013-08-19 13:10 - 00000000 ____D C:\Users\Kasia\Documents\Fundacja
2016-04-16 19:30 - 2013-05-28 22:28 - 00000000 ____D C:\Users\Kasia\Documents\MuseScore
2016-04-16 19:30 - 2013-01-04 19:59 - 00000000 ____D C:\Users\Kasia\Documents\Kasia
2016-04-16 19:30 - 2013-01-03 18:05 - 00000000 ____D C:\Users\Kasia\Documents\Symantec
2016-04-16 19:17 - 2014-10-14 12:48 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-16 19:17 - 2014-10-14 12:48 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-16 19:04 - 2013-03-01 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-16 18:56 - 2013-01-03 18:02 - 00000000 ____D C:\ProgramData\Norton
2016-04-16 09:47 - 2009-07-14 06:45 - 05033512 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-16 09:45 - 2014-12-11 20:58 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-15 15:17 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-04-15 15:09 - 2013-01-05 11:20 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-15 14:58 - 2016-03-16 11:47 - 00251657 _____ C:\Users\Kasia\Downloads\wniosek_o_aneks_wz__r.docx.encrypted
2016-04-15 14:58 - 2016-03-16 11:33 - 00047133 _____ C:\Users\Kasia\Downloads\wniosek_o_aneks_bckk.doc.encrypted
2016-04-15 14:58 - 2016-03-15 09:45 - 00017599 _____ C:\Users\Kasia\Downloads\RP_223218_12_20160315084547.pdf.encrypted
2016-04-15 14:58 - 2016-03-09 14:26 - 346591403 _____ C:\Users\Kasia\Downloads\wetransfer-072e28.zip.encrypted
2016-04-15 14:58 - 2016-03-04 10:31 - 00053990 _____ C:\Users\Kasia\Downloads\Szczegoly_operacji_2016-03-04_09-31-26.pdf.encrypted
2016-04-15 14:58 - 2016-03-02 10:21 - 00103683 _____ C:\Users\Kasia\Downloads\ulotka Antrejka.docx.encrypted
2016-04-15 14:58 - 2016-02-25 18:46 - 00203544 _____ C:\Users\Kasia\Downloads\PRO_169250_2016.pdf.encrypted
2016-04-15 14:58 - 2016-02-09 14:15 - 00041240 _____ C:\Users\Kasia\Downloads\Pełnomocnictwo - AQ.pdf.encrypted
2016-04-15 14:58 - 2016-02-03 12:55 - 00008977 _____ C:\Users\Kasia\Downloads\operacja.pdf.encrypted
2016-04-15 14:58 - 2016-01-27 21:46 - 01378398 _____ C:\Users\Kasia\Downloads\scan0624.pdf.encrypted
2016-04-15 14:58 - 2016-01-27 21:41 - 00012953 _____ C:\Users\Kasia\Downloads\RS_500117_2_20160127204100.pdf.encrypted
2016-04-15 14:58 - 2016-01-04 19:42 - 00053953 _____ C:\Users\Kasia\Downloads\Szczegoly_operacji_2016-01-04_18-42-14.pdf.encrypted
2016-04-15 14:58 - 2015-12-17 10:33 - 00012950 _____ C:\Users\Kasia\Downloads\RS_500117_2_20151217093242.pdf.encrypted
2016-04-15 14:58 - 2015-12-14 16:04 - 00115741 _____ C:\Users\Kasia\Downloads\oferta realizacji zadania publicznego 2016 WZÓR .doc.encrypted
2016-04-15 14:58 - 2015-12-11 16:53 - 00007203 _____ C:\Users\Kasia\Downloads\Święta 2015.xlsx.encrypted
2016-04-15 14:58 - 2015-12-07 15:49 - 00118301 _____ C:\Users\Kasia\Downloads\pobrany plik (1).doc.encrypted
2016-04-15 14:58 - 2015-12-07 15:49 - 00108061 _____ C:\Users\Kasia\Downloads\pobrany plik.doc.encrypted
2016-04-15 14:58 - 2015-10-01 10:53 - 00296423 _____ C:\Users\Kasia\Downloads\polski_g1_1.pdf.encrypted
2016-04-15 14:58 - 2015-09-23 09:13 - 21671830 _____ C:\Users\Kasia\Downloads\plakat wspomnienie lata2.pdf.encrypted
2016-04-15 14:58 - 2015-09-02 11:40 - 00280197 _____ C:\Users\Kasia\Downloads\Potwierdzenie.pdf.encrypted
2016-04-15 14:58 - 2015-08-28 16:26 - 00114706 _____ C:\Users\Kasia\Downloads\plan LEKCJE wer. 28 sierpnia 2015.pdf.encrypted
2016-04-15 14:58 - 2015-08-27 17:12 - 01206811 _____ C:\Users\Kasia\Downloads\papa-francesco_20150524_enciclica-laudato-si_pl.pdf.encrypted
2016-04-15 14:58 - 2015-07-07 23:28 - 00101063 _____ C:\Users\Kasia\Downloads\preistraeger-pdf112.pdf.encrypted
2016-04-15 14:58 - 2015-06-22 17:09 - 00055325 _____ C:\Users\Kasia\Downloads\Regulamin (1).doc.encrypted
2016-04-15 14:58 - 2015-06-22 15:12 - 00494176 _____ C:\Users\Kasia\Downloads\Richard Marx - Right Here Waiting.pdf.encrypted
2016-04-15 14:58 - 2015-06-16 22:30 - 00133696 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434486600.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:27 - 00099637 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434486456.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:19 - 00068332 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485945.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:16 - 00083689 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485786.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:14 - 00093740 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485669.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:12 - 00090560 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485552.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:10 - 00084393 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485397.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:06 - 00148089 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485217.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 22:05 - 00078867 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434485130.jpg.encrypted
2016-04-15 14:58 - 2015-06-16 21:58 - 00092348 _____ C:\Users\Kasia\Downloads\PhotoFunia-1434484731.jpg.encrypted
2016-04-15 14:58 - 2015-02-24 19:03 - 00053824 _____ C:\Users\Kasia\Downloads\Szczegoly_operacji_2015-02-24_18-03-05.pdf.encrypted
2016-04-15 14:58 - 2015-02-20 15:23 - 00041501 _____ C:\Users\Kasia\Downloads\regulamin_kf2015.doc.encrypted
2016-04-15 14:58 - 2015-01-26 10:35 - 00043366 _____ C:\Users\Kasia\Downloads\W-FI_01.05.2010.pdf.encrypted
2016-04-15 14:58 - 2015-01-26 10:04 - 00045212 _____ C:\Users\Kasia\Downloads\W-ES01.05.2010.pdf.encrypted
2016-04-15 14:58 - 2015-01-26 10:00 - 00050852 _____ C:\Users\Kasia\Downloads\W-WZ_01.05.2010.pdf.encrypted
2016-04-15 14:58 - 2014-12-29 12:43 - 00012919 _____ C:\Users\Kasia\Downloads\RS_500117_2_20141229114351.pdf.encrypted
2016-04-15 14:58 - 2014-12-29 12:17 - 00023581 _____ C:\Users\Kasia\Downloads\Zal4_oswiadczenieozalacznikach.doc.encrypted
2016-04-15 14:58 - 2014-12-27 15:10 - 00024605 _____ C:\Users\Kasia\Downloads\Zal7_kryteria oceny wnioskow do priorytetu nr 5.xls.encrypted
2016-04-15 14:58 - 2014-12-27 12:23 - 00024605 _____ C:\Users\Kasia\Downloads\Zal6_kryteria oceny wnioskow do priorytetu nr 2.xls.encrypted
2016-04-15 14:58 - 2014-11-26 22:21 - 00293741 _____ C:\Users\Kasia\Downloads\Wniosek 2014.11.26 21.21.30.pdf.encrypted
2016-04-15 14:58 - 2014-11-13 12:34 - 00289470 _____ C:\Users\Kasia\Downloads\Wniosek 2014.11.13 11.34.05.pdf.encrypted
2016-04-15 14:58 - 2014-11-11 23:26 - 00286054 _____ C:\Users\Kasia\Downloads\Wniosek 2014.11.11 22.26.30.pdf.encrypted
2016-04-15 14:58 - 2014-10-25 16:39 - 00473630 _____ C:\Users\Kasia\Downloads\p_39 2014.pdf.encrypted
2016-04-15 14:58 - 2014-10-21 21:12 - 00642083 _____ C:\Users\Kasia\Downloads\Notatki z lekcji Barok.pdf.encrypted
2016-04-15 14:58 - 2014-10-21 21:12 - 00565677 _____ C:\Users\Kasia\Downloads\Notatki z lekcji - Klasycyzm.pdf.encrypted
2016-04-15 14:58 - 2014-10-21 15:13 - 18574975 _____ C:\Users\Kasia\Downloads\WhatsApp.apk.encrypted
2016-04-15 14:58 - 2014-10-16 10:38 - 00239239 _____ C:\Users\Kasia\Downloads\wyciag092014.pdf.encrypted
2016-04-15 14:58 - 2014-10-13 21:05 - 00509593 _____ C:\Users\Kasia\Downloads\WP_20140914_003.jpg.encrypted
2016-04-15 14:58 - 2014-09-10 17:13 - 00974756 _____ C:\Users\Kasia\Downloads\sprawdzian_szostoklasisty.zip.encrypted
2016-04-15 14:58 - 2014-08-02 22:17 - 00136676 _____ C:\Users\Kasia\Downloads\przykladowy_test_predyspozycji.pdf.encrypted
2016-04-15 14:58 - 2014-07-10 21:14 - 00268081 _____ C:\Users\Kasia\Downloads\wyciag062014(1).pdf.encrypted
2016-04-15 14:58 - 2014-07-10 21:13 - 00236556 _____ C:\Users\Kasia\Downloads\wyciag062014.pdf.encrypted
2016-04-15 14:58 - 2014-07-08 12:31 - 00154848 _____ C:\Users\Kasia\Downloads\WYKAZ PODRĘCZNIKÓWPOPa.pdf.encrypted
2016-04-15 14:58 - 2014-06-15 20:15 - 02113388 _____ C:\Users\Kasia\Downloads\WDFirmwareUpdater.zip.encrypted
2016-04-15 14:58 - 2014-05-19 11:04 - 00012918 _____ C:\Users\Kasia\Downloads\RS_500117_2_20140519110405.pdf.encrypted
2016-04-15 14:58 - 2014-04-20 17:04 - 00319247 _____ C:\Users\Kasia\Downloads\zdjcia.zip.encrypted
2016-04-15 14:58 - 2014-02-20 17:09 - 00016639 _____ C:\Users\Kasia\Downloads\Święta zad. dom. z ang. dod.(1).docx.encrypted
2016-04-15 14:58 - 2014-02-11 21:04 - 00016574 _____ C:\Users\Kasia\Downloads\Święta zad. dom. z ang. dod..docx.encrypted
2016-04-15 14:58 - 2014-02-04 14:47 - 00015071 _____ C:\Users\Kasia\Downloads\Na piernika z Kopernikiem.docx.encrypted
2016-04-15 14:58 - 2014-01-16 15:09 - 00062947 _____ C:\Users\Kasia\Downloads\rozklad_jazdy_linii_01_-_01.01.2014..pdf.encrypted
2016-04-15 14:58 - 2013-11-26 19:28 - 04194845 _____ C:\Users\Kasia\Downloads\nck_pl_nr_2alldo_iv_korekty.pdf.encrypted
2016-04-15 14:58 - 2013-11-12 12:35 - 00760569 _____ C:\Users\Kasia\Downloads\praca_dyplomowa_PD.docx.encrypted
2016-04-15 14:58 - 2013-06-04 18:40 - 00047101 _____ C:\Users\Kasia\Downloads\Wprawki_na_ujednolicenie_samogłosek i same wprawki.pdf.encrypted
2016-04-15 14:58 - 2013-05-16 11:15 - 09851208 _____ C:\Users\Kasia\Downloads\Muzyka_mową_dźwięków.pdf.encrypted
2016-04-15 14:58 - 2013-05-03 17:32 - 00351943 _____ C:\Users\Kasia\Downloads\Oh Happy Day(1)sister act2.pdf.encrypted
2016-04-15 14:58 - 2013-05-03 17:32 - 00351943 _____ C:\Users\Kasia\Downloads\Oh Happy Day(1)sister act2(1).pdf.encrypted
2016-04-15 14:58 - 2013-05-03 17:18 - 00433098 _____ C:\Users\Kasia\Downloads\Sister Act - Oh Happy Day.pdf.encrypted
2016-04-15 14:58 - 2013-05-03 17:16 - 00252322 _____ C:\Users\Kasia\Downloads\Oh happy day(1).pdf.encrypted
2016-04-15 14:58 - 2013-04-29 12:25 - 00134669 _____ C:\Users\Kasia\Downloads\OmniDieDicMariae(Gorczycki).pdf.encrypted
2016-04-15 14:58 - 2013-04-26 11:27 - 00045085 _____ C:\Users\Kasia\Downloads\podanie_na_studia_podyplomowe_2013.doc.encrypted
2016-04-15 14:58 - 2013-04-24 22:01 - 00027677 _____ C:\Users\Kasia\Downloads\Podanie.doc.encrypted
2016-04-15 14:58 - 2013-04-24 21:57 - 00014942 _____ C:\Users\Kasia\Downloads\życiorys Marty.docx.encrypted
2016-04-15 14:58 - 2013-04-03 20:50 - 00191105 _____ C:\Users\Kasia\Downloads\POLSKI - SPR.docx.encrypted
2016-04-15 14:58 - 2013-04-03 20:50 - 00139975 _____ C:\Users\Kasia\Downloads\Polski spr..docx.encrypted
2016-04-15 14:58 - 2013-02-26 19:18 - 01522717 _____ C:\Users\Kasia\Downloads\sylabusy - wszystkie.doc.encrypted
2016-04-15 14:58 - 2013-02-19 23:13 - 00064541 _____ C:\Users\Kasia\Downloads\pedagogika (1).doc.encrypted
2016-04-15 14:58 - 2013-02-18 12:02 - 00024368 _____ C:\Users\Kasia\Downloads\Ocena lekcji dyplomowej.pdf.encrypted
2016-04-15 14:58 - 2013-02-17 18:03 - 00046681 _____ C:\Users\Kasia\Downloads\Terminarz_matura_2013.pdf.encrypted
2016-04-15 14:58 - 2013-02-06 23:37 - 00027165 _____ C:\Users\Kasia\Downloads\urlop.doc.encrypted
2016-04-15 14:58 - 2013-02-05 11:36 - 00064541 _____ C:\Users\Kasia\Downloads\pedagogika.doc.encrypted
2016-04-15 14:58 - 2013-02-04 22:13 - 00045597 _____ C:\Users\Kasia\Downloads\podst_muzyka.doc.encrypted
2016-04-15 14:58 - 2013-01-26 22:59 - 00049540 _____ C:\Users\Kasia\Downloads\O Happy Day (Edvin Hawkins Singers) - Coral.zip.encrypted
2016-04-15 14:58 - 2013-01-26 22:52 - 00260447 _____ C:\Users\Kasia\Downloads\Only_You.PDF.encrypted
2016-04-15 14:58 - 2013-01-26 22:48 - 00252322 _____ C:\Users\Kasia\Downloads\Oh happy day.pdf.encrypted
2016-04-15 14:58 - 2013-01-23 20:19 - 00040477 _____ C:\Users\Kasia\Downloads\wyniki_P-4-12-12.doc.encrypted
2016-04-15 14:58 - 2013-01-23 20:14 - 00158749 _____ C:\Users\Kasia\Downloads\siwz_z_zalacznikami_i_umowaP31211.doc.encrypted
2016-04-15 14:58 - 2013-01-23 20:14 - 00076829 _____ C:\Users\Kasia\Downloads\Ogloszenie-1-12-11.doc.encrypted
2016-04-15 14:58 - 2013-01-15 15:52 - 00124957 _____ C:\Users\Kasia\Downloads\wniosek o przyjecie dziecka.doc.encrypted
2016-04-15 14:58 - 2013-01-12 23:58 - 00023581 _____ C:\Users\Kasia\Downloads\oswiadczenie.doc.encrypted
2016-04-15 14:58 - 2013-01-12 23:55 - 00039453 _____ C:\Users\Kasia\Downloads\strona_tytulowa_przyklad.doc.encrypted
2016-04-15 14:58 - 2013-01-12 23:55 - 00038429 _____ C:\Users\Kasia\Downloads\strona_tytulowa_wzor.doc.encrypted
2016-04-15 14:58 - 2013-01-08 17:20 - 00044061 _____ C:\Users\Kasia\Downloads\Wplyw_muzyki_na_rozwoj_osobowosci_dziecka_w_wieku_wczesnoszkolnym_Dorota_Szczepanska.doc.encrypted
2016-04-15 14:54 - 2016-02-21 20:48 - 00023449 _____ C:\Users\Kasia\Desktop\Strona logowania do usługi Office 365.docx.encrypted
2016-04-15 14:54 - 2015-11-09 15:48 - 00000000 ____D C:\Users\Kasia\.gimp-2.8
2016-04-15 14:54 - 2015-09-06 14:58 - 123774289 _____ C:\Users\Kasia\Desktop\Angielski_1000_fiszki.zip.encrypted
2016-04-15 14:54 - 2014-10-21 19:37 - 00000000 ____D C:\Users\Kasia\.gstreamer-0.10
2016-04-15 14:54 - 2014-09-15 12:20 - 00000706 _____ C:\Users\Kasia\Desktop\~$Beatyfikacja Alvaro.xlsx.encrypted
2016-04-15 14:54 - 2014-07-15 21:40 - 00018395 _____ C:\Users\Kasia\Desktop\Zeszyt1.xlsx.encrypted
2016-04-15 14:54 - 2013-12-03 12:51 - 00000703 _____ C:\Users\Kasia\Desktop\~$hortacja Papieża Franciszka wybrane pkt.docx.encrypted
2016-04-15 14:54 - 2013-11-18 12:31 - 00000703 _____ C:\Users\Kasia\Desktop\~$aca_dyplomowa_PD.docx.encrypted
2016-04-15 14:54 - 2013-05-15 22:33 - 00015617 _____ C:\Users\Kasia\Desktop\RZUTNIK.docx.encrypted
2016-04-15 14:54 - 2013-01-03 12:42 - 00000000 ____D C:\Infineon
2016-04-15 14:54 - 2013-01-03 12:41 - 00000000 ____D C:\SPLASH.SYS
2016-04-15 14:54 - 2013-01-03 12:41 - 00000000 ____D C:\SPLASH.000
2016-04-15 14:54 - 2013-01-03 12:28 - 00000000 ____D C:\Temp
2016-04-15 14:54 - 2011-02-14 23:24 - 01697228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-13 03:02 - 2016-03-13 19:42 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-13 03:02 - 2016-03-13 19:42 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-13 03:02 - 2016-03-13 19:42 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-13 03:02 - 2016-03-13 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-08 13:35 - 2013-06-04 17:26 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 13:35 - 2013-01-28 19:23 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 13:35 - 2013-01-03 12:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-06 10:18 - 2010-11-21 05:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-03-27 12:54 - 2015-04-04 19:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-27 12:54 - 2015-04-04 19:32 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-20 11:41 - 2016-03-16 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-20 11:41 - 2016-03-16 23:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-20 11:35 - 2016-03-16 23:28 - 00000000 ___RD C:\Users\Kasia\OneDrive

==================== Files in the root of some directories =======

2013-01-04 22:31 - 2013-01-04 22:47 - 0022050 _____ () C:\Users\Kasia\AppData\Roaming\Wartości oddzielone przecinkami (Windows).ADR
2015-06-16 18:48 - 2015-06-16 18:48 - 0005120 _____ () C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-11 10:00 - 2015-06-11 10:00 - 0000000 _____ () C:\Users\Kasia\AppData\Local\{9DB108E1-C10E-4C18-879A-F396B357E9D1}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 13:48

==================== End of FRST.txt ============================

Attached Files


Edited by karko, 18 April 2016 - 03:25 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 19 April 2016 - 05:44 PM

Hello karko and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

 

Encrypted files are very difficult to solve. But we can help,  for delete the virus. Sorry

Please let me know, If you want  to my delete the virus.

 

=============================================
Please see;
http://www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/?p=3885816

Any files that are encrypted with the newer variant of TeslaCrypt will have the .exx, .xyz, .zzz, .aaa, .abc or .ccc extension appended to the end of the filename. The .aaa/.abc/.ccc variant drops files (ransom notes) with names like Recovery_File_*****.html, Recovery_File_*****.txt, restore_files_*****.html, restore_files_*****.txt, recover_file_*****.txt, recover_file_*****.html, HOWTO_RESTORE_FILES_*****.txt, HOWTO_RESTORE_FILES_*****.html, howto_recover_file_*****.txt, howto_recover_file_*****.html (where ***** are random characters) and pretends to be CryptoWall 3.0.

https://securelist.com/blog/research/71371/teslacrypt-2-0-disguised-as-cryptowall/
http://www.bleepingcomputer.com/forums/t/587362/drweb-quietly-decrypting-torrentlocker-for-paid-customers-or-distributors/

Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection
You can request decryption:
https://news.drweb.com/show/?c=5&i=9713&lng=en
 
Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 karko

karko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 20 April 2016 - 01:34 AM

Hi olgun52,

 

Thanks for your reply. As I wrote before the virus was found/deleted by Norton Power Eraser.  What do you think about the deleted files in Documents folder? I used Recuva to search for the files. I found some entries indicating that the files were there but Recuva said those are not available on disk anymore. What is interesting is that those were not overwritten (!) they are just simply not available. Do you have any idea how to get a track or history of these files?

 

Cheers



#4 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 20 April 2016 - 03:04 AM

Hello again.
 
it programs several times I've tried. But I could not get a result.I personally, saving documents, more people,i did not see.Sorry.

But there are intensive works.
========================================
Hopefully, the following information can help.
 
ShadowExplorer:
http://www.bleepingcomputer.com/virus-removal/torrentlocker-cryptolocker-ransomware-information#shadow
 
http://www.forensicswiki.org/index.php?title=Tools:Data_Recovery
Forensicist...Deleted Shadow Copies
Recovering from deleted shadow copies

Good day.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 karko

karko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 20 April 2016 - 03:07 AM

Thank you, I will proceed with data recovery options. 

 

Best Regards, Szymon



#6 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 22 April 2016 - 05:55 PM

Good Luck  :thumbup2:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users