Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013 Ran by acer (administrator) on ACER-KOMPUTER on 23-10-2013 10:25:11 Running from C:\Users\acer\Desktop\programy Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\acer\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Akamai Technologies, Inc.) C:\Users\acer\AppData\Local\Akamai\netsession_win.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.190\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.53\deploy\LolClient.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Steam] - C:\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation) HKCU\...\Run: [WinTasks] - C:\Program Files (x86)\Windows NT\WinTasksSetup.exe [5374487 2013-05-07] (Microsoft Corporation ) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\acer\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION MountPoints2: E - E:\setup.exe MountPoints2: {c5dbf741-108a-11e1-a023-806e6f6e6963} - D:\cda_menu.exe MountPoints2: {dc591745-29ba-11e3-97cd-dc0ea1149a43} - F:\Launcher.exe HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-27] (CyberLink Corp.) HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266960 2013-05-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-08] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={84AEE3C6-6C7E-44FC-90EC-69C4AE052A88}&mid=09a3c08174044f8aad7183f93360af60-5bc1cf366acdd981a6df2840af6ef6eba6f2224e&lang=pl&ds=ik011&pr=&d=2013-01-28 12:05:05&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: ) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xgci4z4s.default-1352478021505 FF user.js: detected! => C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xgci4z4s.default-1352478021505\user.js FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @g2.com/iggweb3dupdater - C:\Users\acer\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG) FF Plugin HKCU: @g2.com/joyconnectshell - C:\Users\acer\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: No Name - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xgci4z4s.default-1352478021505\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (DealPly Shopping) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0 CHR HKLM-x32\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx ==================== Services (Whitelisted) ================= S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-06] (DealPly Technologies Ltd) S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-06] (DealPly Technologies Ltd) S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-06-08] () R3 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search) R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.) S3 cpuz135; \??\C:\Users\GO9495~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-23 10:25 - 2013-10-23 10:25 - 00000000 ____D C:\FRST 2013-10-21 21:53 - 2013-10-21 21:53 - 00032994 _____ C:\Users\acer\Downloads\ureschanger2.zip 2013-10-21 21:45 - 2013-10-21 21:45 - 00001797 _____ C:\Users\Public\Desktop\Evil Genius.lnk 2013-10-20 12:39 - 2013-10-20 12:39 - 00003320 _____ C:\Windows\PFRO.log 2013-10-19 23:43 - 2013-10-22 14:11 - 00000672 _____ C:\Windows\setupact.log 2013-10-19 23:43 - 2013-10-19 23:43 - 00000000 _____ C:\Windows\setuperr.log 2013-10-19 18:36 - 2013-10-19 18:36 - 00218928 _____ C:\Users\acer\Documents\backup1.reg 2013-10-19 18:36 - 2013-10-19 18:36 - 00011178 _____ C:\Users\acer\Documents\backup2.reg 2013-10-19 18:29 - 2013-10-19 18:29 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-10-19 18:29 - 2013-10-19 18:29 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-10-19 18:29 - 2013-10-19 18:29 - 00000000 ____D C:\Program Files\CCleaner 2013-10-19 18:27 - 2013-10-19 18:28 - 04369632 _____ (Piriform Ltd) C:\Users\acer\Downloads\ccsetup406.exe 2013-10-19 18:23 - 2013-10-19 18:23 - 00272409 _____ C:\Windows\SysWOW64\TmpA88178941 2013-10-19 15:25 - 2013-10-19 15:25 - 00000000 ____D C:\Users\acer\AppData\Roaming\InstallShield 2013-10-19 12:14 - 2013-10-19 12:14 - 00164536 _____ C:\Users\acer\Downloads\MyDefrag.dat 2013-10-19 00:07 - 2013-10-19 00:07 - 00000587 _____ C:\Users\acer\Downloads\MyDefrag.debuglog 2013-10-19 00:03 - 2013-10-19 00:03 - 00000000 ____D C:\Users\acer\AppData\Local\SlimWare Utilities Inc 2013-10-19 00:02 - 2013-10-22 21:25 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2013-10-19 00:02 - 2013-10-19 00:02 - 00003022 _____ C:\Windows\System32\Tasks\SlimCleaner Run 2013-10-19 00:02 - 2013-10-19 00:02 - 00002467 _____ C:\Users\Public\Desktop\SlimCleaner.lnk 2013-10-19 00:02 - 2013-10-19 00:02 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-10-19 00:01 - 2013-10-19 00:01 - 00801088 _____ (SlimWare Utilities, Inc.) C:\Users\acer\Downloads\SlimCleaner-setup.exe 2013-10-18 21:06 - 2013-10-18 21:06 - 00275131 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-18 21_06_40.520847.dmp 2013-10-17 18:24 - 2013-10-17 18:24 - 00000000 ____D C:\Users\acer\AppData\Roaming\WB Games 2013-10-17 17:23 - 2013-10-17 17:25 - 373871224 _____ (G Data Software AG) C:\Users\acer\Downloads\setup_is.exe 2013-10-17 17:15 - 2013-10-17 17:42 - 00000000 ____D C:\Users\acer\AppData\Local\WebPlayer 2013-10-17 17:14 - 2013-10-19 00:07 - 00000000 ____D C:\Users\acer\AppData\Roaming\DAEMON Tools Lite 2013-10-17 17:13 - 2013-10-17 17:49 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2013-10-17 17:13 - 2013-10-17 17:13 - 14021608 _____ (Disc Soft Ltd) C:\Users\acer\Downloads\DTLite4471-0337(dobreprogramy.pl).exe 2013-10-17 17:12 - 2013-10-17 17:12 - 00685248 _____ C:\Users\acer\Downloads\DAEMON-Tools-Lite(12708).exe 2013-10-17 15:25 - 2013-10-17 15:25 - 00000199 _____ C:\Users\acer\Desktop\Dota 2.url 2013-10-17 00:25 - 2013-10-17 00:25 - 00273248 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-17 00_25_07.175123.dmp 2013-10-16 14:52 - 2013-10-16 14:52 - 00273248 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-16 14_52_12.247990.dmp 2013-10-14 16:50 - 2013-10-14 16:50 - 00000200 _____ C:\Users\acer\Desktop\Sid Meier's Civilization V.url 2013-10-12 22:47 - 2013-10-12 22:47 - 00281056 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_47_15.238048.dmp 2013-10-12 22:43 - 2013-10-12 22:43 - 00278824 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_43_37.121572.dmp 2013-10-12 22:41 - 2013-10-12 22:41 - 00306586 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_41_29.081249.dmp 2013-10-12 22:41 - 2013-10-12 22:41 - 00281800 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_41_25.640052.dmp 2013-10-10 15:31 - 2013-10-10 16:37 - 00000764 _____ C:\Users\acer\Desktop\Neverwinter.lnk 2013-10-10 15:30 - 2013-10-10 15:30 - 03798712 _____ (Cryptic Studios) C:\Users\acer\Downloads\neverwinter_setup.exe 2013-10-06 17:30 - 2013-10-21 18:12 - 00000000 ____D C:\Users\acer\Documents\majesty2 2013-10-06 17:30 - 2013-10-06 17:30 - 00000992 _____ C:\Users\Public\Desktop\Majesty 2 Collection.lnk 2013-09-30 11:51 - 2013-09-30 11:51 - 00000000 ____D C:\Users\acer\AppData\Roaming\Red Alert 3 2013-09-30 10:42 - 2013-09-30 10:42 - 00001796 _____ C:\Users\Public\Desktop\Command & Conquer™ Red Alert™ 3.lnk 2013-09-26 21:10 - 2013-09-26 21:10 - 00000000 ____D C:\Users\acer\AppData\Roaming\Doublefine 2013-09-26 21:09 - 2013-09-26 21:09 - 00000000 ____D C:\ProgramData\Steam 2013-09-26 21:02 - 2013-09-26 21:02 - 00001619 _____ C:\Users\Public\Desktop\Brutal Legend.lnk 2013-09-25 00:50 - 2013-09-25 00:50 - 00000573 _____ C:\Users\Public\Desktop\Torchlight II.lnk ==================== One Month Modified Files and Folders ======= 2013-10-23 10:25 - 2013-10-23 10:25 - 00000000 ____D C:\FRST 2013-10-23 10:06 - 2013-08-06 18:01 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job 2013-10-23 10:01 - 2013-08-06 18:01 - 00000286 _____ C:\Windows\Tasks\Dealply.job 2013-10-23 09:57 - 2012-11-09 18:24 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-23 09:55 - 2012-11-08 04:06 - 00000000 ____D C:\Users\acer\Desktop\programy 2013-10-23 08:59 - 2011-11-16 21:43 - 01702818 _____ C:\Windows\WindowsUpdate.log 2013-10-23 00:21 - 2012-11-22 17:59 - 00000000 ____D C:\Users\acer\AppData\Roaming\TS3Client 2013-10-22 22:15 - 2013-04-04 00:10 - 00002338 _____ C:\Users\acer\Desktop\muz.txt 2013-10-22 21:59 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-22 21:59 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-22 21:27 - 2012-12-21 01:11 - 00000000 ____D C:\Users\acer\AppData\Roaming\uTorrent 2013-10-22 21:25 - 2013-10-19 00:02 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2013-10-22 14:11 - 2013-10-19 23:43 - 00000672 _____ C:\Windows\setupact.log 2013-10-22 09:57 - 2012-12-16 16:19 - 00000000 ____D C:\Users\acer\Desktop\studia 2013-10-21 21:53 - 2013-10-21 21:53 - 00032994 _____ C:\Users\acer\Downloads\ureschanger2.zip 2013-10-21 21:47 - 2012-11-12 16:57 - 00000000 ____D C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-10-21 21:47 - 2012-09-30 20:10 - 00000000 ____D C:\Users\acer\AppData\Local\VirtualStore 2013-10-21 21:45 - 2013-10-21 21:45 - 00001797 _____ C:\Users\Public\Desktop\Evil Genius.lnk 2013-10-21 21:41 - 2012-11-09 12:47 - 00000000 ____D C:\Gry 2013-10-21 20:55 - 2012-12-21 21:21 - 00000000 ____D C:\Obrazy płyt 2013-10-21 18:12 - 2013-10-06 17:30 - 00000000 ____D C:\Users\acer\Documents\majesty2 2013-10-20 13:12 - 2013-05-31 21:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-10-20 13:12 - 2013-03-25 00:02 - 00000000 ____D C:\Steam 2013-10-20 13:12 - 2012-11-08 01:27 - 00000000 ____D C:\ProgramData\clear.fi 2013-10-20 13:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-20 12:40 - 2013-08-06 18:01 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job 2013-10-20 12:39 - 2013-10-20 12:39 - 00003320 _____ C:\Windows\PFRO.log 2013-10-19 23:43 - 2013-10-19 23:43 - 00000000 _____ C:\Windows\setuperr.log 2013-10-19 18:36 - 2013-10-19 18:36 - 00218928 _____ C:\Users\acer\Documents\backup1.reg 2013-10-19 18:36 - 2013-10-19 18:36 - 00011178 _____ C:\Users\acer\Documents\backup2.reg 2013-10-19 18:35 - 2013-07-16 23:29 - 00000000 ____D C:\Users\acer\AppData\Roaming\Media Player Classic 2013-10-19 18:29 - 2013-10-19 18:29 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-10-19 18:29 - 2013-10-19 18:29 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-10-19 18:29 - 2013-10-19 18:29 - 00000000 ____D C:\Program Files\CCleaner 2013-10-19 18:28 - 2013-10-19 18:27 - 04369632 _____ (Piriform Ltd) C:\Users\acer\Downloads\ccsetup406.exe 2013-10-19 18:23 - 2013-10-19 18:23 - 00272409 _____ C:\Windows\SysWOW64\TmpA88178941 2013-10-19 18:23 - 2013-02-13 02:40 - 00000000 ____D C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2013-10-19 18:23 - 2013-02-13 02:40 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-10-19 18:20 - 2011-10-14 06:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-19 17:58 - 2013-08-20 12:46 - 00007597 _____ C:\Users\acer\AppData\Local\Resmon.ResmonCfg 2013-10-19 15:48 - 2013-08-06 18:01 - 00003658 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore 2013-10-19 15:25 - 2013-10-19 15:25 - 00000000 ____D C:\Users\acer\AppData\Roaming\InstallShield 2013-10-19 15:25 - 2012-12-09 13:47 - 00000000 ____D C:\Users\acer\AppData\Local\My Games 2013-10-19 12:14 - 2013-10-19 12:14 - 00164536 _____ C:\Users\acer\Downloads\MyDefrag.dat 2013-10-19 00:07 - 2013-10-19 00:07 - 00000587 _____ C:\Users\acer\Downloads\MyDefrag.debuglog 2013-10-19 00:07 - 2013-10-17 17:14 - 00000000 ____D C:\Users\acer\AppData\Roaming\DAEMON Tools Lite 2013-10-19 00:07 - 2013-01-08 08:38 - 00000000 ____D C:\Windows\Minidump 2013-10-19 00:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther 2013-10-19 00:03 - 2013-10-19 00:03 - 00000000 ____D C:\Users\acer\AppData\Local\SlimWare Utilities Inc 2013-10-19 00:02 - 2013-10-19 00:02 - 00003022 _____ C:\Windows\System32\Tasks\SlimCleaner Run 2013-10-19 00:02 - 2013-10-19 00:02 - 00002467 _____ C:\Users\Public\Desktop\SlimCleaner.lnk 2013-10-19 00:02 - 2013-10-19 00:02 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-10-19 00:01 - 2013-10-19 00:01 - 00801088 _____ (SlimWare Utilities, Inc.) C:\Users\acer\Downloads\SlimCleaner-setup.exe 2013-10-18 21:06 - 2013-10-18 21:06 - 00275131 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-18 21_06_40.520847.dmp 2013-10-18 17:54 - 2013-05-16 14:00 - 00000000 ____D C:\Users\acer\AppData\Roaming\Raptr 2013-10-18 17:53 - 2013-08-28 17:26 - 00000000 ____D C:\Program Files (x86)\G Data 2013-10-18 17:36 - 2013-08-28 17:23 - 00000000 ____D C:\ProgramData\G Data 2013-10-18 17:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-17 20:58 - 2012-09-30 20:10 - 00000000 ____D C:\Users\acer 2013-10-17 20:55 - 2013-05-10 02:21 - 00000000 ____D C:\Users\acer\AppData\Local\Akamai 2013-10-17 20:55 - 2012-09-30 20:40 - 00000000 ____D C:\Users\Gość 2013-10-17 20:55 - 2012-09-30 20:11 - 00000000 ____D C:\Users\acer\AppData\Local\PowerCinema 2013-10-17 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-10-17 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2013-10-17 18:24 - 2013-10-17 18:24 - 00000000 ____D C:\Users\acer\AppData\Roaming\WB Games 2013-10-17 17:49 - 2013-10-17 17:13 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2013-10-17 17:42 - 2013-10-17 17:15 - 00000000 ____D C:\Users\acer\AppData\Local\WebPlayer 2013-10-17 17:39 - 2013-08-28 18:19 - 00019016 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2013-10-17 17:33 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-17 17:30 - 2012-11-18 21:33 - 00000000 ____D C:\Users\acer\AppData\Roaming\SoftGrid Client 2013-10-17 17:25 - 2013-10-17 17:23 - 373871224 _____ (G Data Software AG) C:\Users\acer\Downloads\setup_is.exe 2013-10-17 17:19 - 2011-11-16 22:36 - 00739150 _____ C:\Windows\system32\perfh015.dat 2013-10-17 17:19 - 2011-11-16 22:36 - 00154970 _____ C:\Windows\system32\perfc015.dat 2013-10-17 17:19 - 2009-07-14 07:13 - 01666220 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-17 17:13 - 2013-10-17 17:13 - 14021608 _____ (Disc Soft Ltd) C:\Users\acer\Downloads\DTLite4471-0337(dobreprogramy.pl).exe 2013-10-17 17:12 - 2013-10-17 17:12 - 00685248 _____ C:\Users\acer\Downloads\DAEMON-Tools-Lite(12708).exe 2013-10-17 15:25 - 2013-10-17 15:25 - 00000199 _____ C:\Users\acer\Desktop\Dota 2.url 2013-10-17 00:25 - 2013-10-17 00:25 - 00273248 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-17 00_25_07.175123.dmp 2013-10-16 14:52 - 2013-10-16 14:52 - 00273248 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-16 14_52_12.247990.dmp 2013-10-14 17:55 - 2012-11-12 19:01 - 00000000 ____D C:\Users\acer\Documents\My Games 2013-10-14 16:50 - 2013-10-14 16:50 - 00000200 _____ C:\Users\acer\Desktop\Sid Meier's Civilization V.url 2013-10-12 22:47 - 2013-10-12 22:47 - 00281056 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_47_15.238048.dmp 2013-10-12 22:43 - 2013-10-12 22:43 - 00278824 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_43_37.121572.dmp 2013-10-12 22:41 - 2013-10-12 22:41 - 00306586 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_41_29.081249.dmp 2013-10-12 22:41 - 2013-10-12 22:41 - 00281800 _____ C:\Users\acer\Documents\ts3_clientui-win64-1375773286-2013-10-12 22_41_25.640052.dmp 2013-10-10 16:37 - 2013-10-10 15:31 - 00000764 _____ C:\Users\acer\Desktop\Neverwinter.lnk 2013-10-10 15:30 - 2013-10-10 15:30 - 03798712 _____ (Cryptic Studios) C:\Users\acer\Downloads\neverwinter_setup.exe 2013-10-09 17:57 - 2012-11-09 18:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 17:57 - 2012-11-09 18:24 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-09 17:57 - 2011-10-14 06:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-06 17:30 - 2013-10-06 17:30 - 00000992 _____ C:\Users\Public\Desktop\Majesty 2 Collection.lnk 2013-10-06 12:30 - 2013-03-28 04:34 - 00000000 ____D C:\Users\acer\Desktop\teksty 2013-10-02 17:09 - 2013-06-27 14:37 - 00003726 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-10-02 17:08 - 2013-01-28 13:05 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-10-02 17:08 - 2013-01-28 13:05 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-09-30 12:12 - 2012-12-14 01:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-30 11:51 - 2013-09-30 11:51 - 00000000 ____D C:\Users\acer\AppData\Roaming\Red Alert 3 2013-09-30 10:42 - 2013-09-30 10:42 - 00001796 _____ C:\Users\Public\Desktop\Command & Conquer™ Red Alert™ 3.lnk 2013-09-29 20:41 - 2013-03-25 01:54 - 00000000 ____D C:\Program Files (x86)\INTERIAPL 2013-09-26 21:10 - 2013-09-26 21:10 - 00000000 ____D C:\Users\acer\AppData\Roaming\Doublefine 2013-09-26 21:09 - 2013-09-26 21:09 - 00000000 ____D C:\ProgramData\Steam 2013-09-26 21:02 - 2013-09-26 21:02 - 00001619 _____ C:\Users\Public\Desktop\Brutal Legend.lnk 2013-09-25 00:50 - 2013-09-25 00:50 - 00000573 _____ C:\Users\Public\Desktop\Torchlight II.lnk 2013-09-24 15:26 - 2013-06-08 12:14 - 00000000 ____D C:\ProgramData\Ubisoft Files to move or delete: ==================== C:\Users\acer\AppData\Roaming\skype.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-02 09:03 ==================== End Of Log ============================