Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by marlena (administrator) on MARLENA-KOMP on 09-03-2014 19:59:40
Running from C:\Users\marlena\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(ASUS) C:\Windows\AsScrPro.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\secpro.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(GG Network S.A.) C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Runonce: [Del32171165] - cmd.exe /Q /D /c del "C:\Users\marlena\AppData\Local\Temp\0.del" [X]
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {1807a8af-2beb-11e2-b2cb-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {1badbd6e-b406-11e1-a1d8-e4d53d8093f8} - F:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {1badbd7d-b406-11e1-a1d8-e4d53d8093f8} - H:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {5dad1d42-7bc5-11e3-bde7-001e101f63cf} - I:\AutoRunCardDetector.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {5dad1d5d-7bc5-11e3-bde7-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {5dad1f7e-7bc5-11e3-bde7-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {8c222e5d-0a39-11e2-8ca8-e4d53d8093f8} - F:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {a614874e-0d3f-11e2-b2ae-e4d53d8093f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {a6148757-0d3f-11e2-b2ae-e4d53d8093f8} - F:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {a6148766-0d3f-11e2-b2ae-e4d53d8093f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {be5074d3-b5a5-11e1-8cb5-001e101f8aaa} - H:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {c4aeacfa-23bc-11e2-9b7a-e4d53d8093f8} - F:\AutoRun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {e19ea246-101a-11e2-a150-e4d53d8093f8} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {e831f184-6d4e-11e2-a06c-e4d53d8093f8} - G:\setup.exe
HKU\S-1-5-21-3771276668-3479054325-1734754795-1000\...\MountPoints2: {f054f3c8-81ec-11e3-a5e7-001e101f82a0} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.doko-search.com/?babsrc=HP_ss&mntrId=008E001E101F1838&affID=125839&tsp=5038
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\8.8\dealioToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\8.8\dealioToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1382051602
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={1535BDEE-9173-4B4D-88EC-22CE9D8139AB}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&tt=3712_1&babsrc=SP_ss&mntrId=008edbb0000000000000001e101fd318
SearchScopes: HKCU - {1A765F6F-B138-4A85-A6D4-79987161F830} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=847320&p={searchTerms}
SearchScopes: HKCU - {1FD14DB0-29D6-4E0A-A01A-DF738A2EFD17} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F4A865D8-1FD3-45BF-AEBA-6E9915E20A2E&apn_sauid=F80F3B84-9DEE-4185-9431-89739E9DEE04
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-04&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9966863D-AB1C-4B6D-9F55-E299BAC10A44}&mid=a0976be9078147d08b74359c7b647a0b-0b19ba19d08890d75b505c77d285cb7acc1d6cc7&lang=&ds=&pr=&d=&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6R8F7bhhXe&i=26
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={1535BDEE-9173-4B4D-88EC-22CE9D8139AB}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\8.8\dealioToolbarIE.dll (Spigot, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\marlena\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\8.8\dealioToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM-x32 - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\8.8\dealioToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\..\Interfaces\{F4C9A2D5-7948-4FDB-BB31-02582A6BF4E2}: [NameServer]217.116.104.104 217.116.100.100

FireFox:
========
FF ProfilePath: C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698
FF NewTab: hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=wpm0226&utm_campaign=ST9500325AS_S2W72X2SXXXXS2W72X2S&utm_content=nt&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455
FF DefaultSearchEngine: SecureSearch
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-04&ent=hp&u=59E308408CF310382FB0B75316221DC0
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=847320&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\marlena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: General Crawler - C:\Users\marlena\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-05]
FF Extension: Quick Start - C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698\Extensions\quick_start@gmail.com [2014-03-07]
FF Extension: SaveSense - C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} [2014-03-07]
FF Extension: Address Bar Search - C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]
FF Extension: BonanzaDeals - C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-18]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013-05-21]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\marlena\AppData\Roaming\Mozilla\Firefox\Profiles\i38wm3od.default-1362675341698\extensions\quick_start@gmail.com [2014-03-07]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455

Chrome: 
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-04&ent=hp&u=59E308408CF310382FB0B75316221DC0
CHR RestoreOnStartup: "hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=008E001E101F1838&affID=125839&tsp=5038"],
			"startup_urls":	["hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-04&ent=hp&u=59E308408CF310382FB0B75316221DC0"
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultSearchURL: http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455&type=default&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\marlena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Extension: (BonanzaDeals) - C:\Users\marlena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-10-18]
CHR Extension: (Lightning Newtab) - C:\Users\marlena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-26]
CHR Extension: (AVG Security Toolbar) - C:\Users\marlena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-11-10]
CHR Extension: (Extended Protection) - C:\Users\marlena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-02-26]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\marlena\AppData\Roaming\BabSolution\CR\Doko.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\marlena\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-18]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\marlena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=ST9500325AS_S2W72X2SXXXXS2W72X2S&ts=1393443455

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-08-02] (Atheros)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-18] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-18] (BonanzaDeals)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-02-26] (Cherished Technololgy LIMITED)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-02-03] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2014-01-20] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-06-11] ()
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-03-07] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-03-07] (SaveSense)
R2 SecStore; C:\Windows\SysWOW64\secpro.exe [61440 2011-12-20] ()
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-02] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] ()
R3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
R3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2014-01-20] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S1 uughltwu; \??\C:\Windows\system32\drivers\uughltwu.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-09 19:59 - 2014-03-09 19:59 - 00034735 _____ () C:\Users\marlena\Desktop\FRST.txt
2014-03-09 19:58 - 2014-03-09 19:59 - 00000000 ____D () C:\FRST
2014-03-09 19:56 - 2014-03-09 19:57 - 02157056 _____ (Farbar) C:\Users\marlena\Desktop\FRST64.exe
2014-03-08 02:28 - 2014-03-08 02:28 - 00169700 _____ () C:\Users\marlena\Desktop\OTL.Txt
2014-03-08 02:28 - 2014-03-08 02:28 - 00111294 _____ () C:\Users\marlena\Desktop\Extras.Txt
2014-03-08 02:24 - 2014-03-08 02:24 - 00000000 _____ () C:\Users\marlena\Desktop\Nowy dokument tekstowy.txt
2014-03-07 19:45 - 2014-03-07 19:45 - 00001303 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk
2014-03-07 19:45 - 2014-03-07 19:45 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-03-07 19:45 - 2013-10-09 15:34 - 03381832 _____ () C:\Windows\system32\BootMan.exe
2014-03-07 19:45 - 2013-10-09 15:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe
2014-03-07 19:45 - 2013-03-07 09:49 - 00100936 _____ () C:\Windows\system32\setupempdrvx64.exe
2014-03-07 19:45 - 2013-03-07 09:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe
2014-03-07 19:45 - 2013-03-07 09:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll
2014-03-07 19:45 - 2013-03-07 09:49 - 00017480 _____ () C:\Windows\system32\epmntdrv.sys
2014-03-07 19:45 - 2013-03-07 09:49 - 00016256 _____ () C:\Windows\system32\EuEpmGdi.dll
2014-03-07 19:45 - 2013-03-07 09:49 - 00014920 _____ () C:\Windows\SysWOW64\epmntdrv.sys
2014-03-07 19:45 - 2013-03-07 09:49 - 00009800 _____ () C:\Windows\system32\EuGdiDrv.sys
2014-03-07 19:45 - 2013-03-07 09:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys
2014-03-07 19:44 - 2014-03-09 19:49 - 00000934 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-07 19:44 - 2014-03-09 19:49 - 00000930 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-03-07 19:44 - 2014-03-09 19:44 - 00000300 _____ () C:\Windows\Tasks\SaveSense.job
2014-03-07 19:44 - 2014-03-07 19:44 - 18607760 _____ (EaseUS ) C:\Users\marlena\Downloads\EASEUS Partition Master Professional Edition 9.3.0.exe
2014-03-07 19:44 - 2014-03-07 19:44 - 00003930 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-03-07 19:44 - 2014-03-07 19:44 - 00003678 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2014-03-07 19:44 - 2014-03-07 19:44 - 00003252 _____ () C:\Windows\System32\Tasks\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Local\SaveSenseLive
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Local\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-03-07 19:43 - 2014-03-07 19:43 - 00597632 _____ ( ) C:\Users\marlena\Desktop\EASEUS Partition Master Professional Edition 9.3.0_isdmgr.exe
2014-03-07 19:26 - 2014-03-07 19:26 - 00000648 _____ () C:\Users\marlena\Desktop\Total Commander 64 bit.lnk
2014-03-07 19:26 - 2014-03-07 19:26 - 00000634 _____ () C:\Users\marlena\Desktop\Total Commander.lnk
2014-03-07 19:26 - 2014-03-07 19:26 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\GHISLER
2014-03-07 19:26 - 2014-03-07 19:26 - 00000000 ____D () C:\totalcmd
2014-03-07 19:25 - 2014-03-07 19:25 - 06344480 _____ (Ghisler Software GmbH) C:\Users\marlena\Desktop\tcm850x32_64.exe
2014-03-05 11:55 - 2014-03-05 11:56 - 00482440 _____ () C:\Windows\Minidump\030514-54631-01.dmp
2014-03-05 11:03 - 2014-03-05 11:03 - 00000000 ____D () C:\Windows\pss
2014-03-04 20:32 - 2014-03-04 20:32 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\LavasoftStatistics
2014-03-04 19:57 - 2014-03-06 20:17 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-04 19:57 - 2014-03-04 19:57 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\SecureSearch
2014-03-04 19:54 - 2014-03-04 19:54 - 01727624 _____ () C:\Users\marlena\Downloads\Adaware_Installer.exe
2014-03-04 19:54 - 2014-03-04 19:54 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-04 19:53 - 2014-03-04 19:53 - 00673248 _____ ( ) C:\Users\marlena\AdAware-Free-Antivirus(12969).exe
2014-03-04 19:50 - 2014-03-06 20:22 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\Opera Software
2014-03-04 19:50 - 2014-03-06 20:22 - 00000000 ____D () C:\Users\marlena\AppData\Local\Opera Software
2014-03-04 19:49 - 2014-03-04 19:49 - 00003266 _____ () C:\Windows\System32\Tasks\Opera D7
2014-03-04 19:49 - 2014-03-04 19:49 - 00003266 _____ () C:\Windows\System32\Tasks\Opera D6
2014-03-04 19:48 - 2014-03-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-04 19:48 - 2014-03-04 19:48 - 08951984 _____ () C:\Users\marlena\Downloads\rmtool-setup-x86.exe
2014-03-04 19:47 - 2014-03-04 19:47 - 00673248 _____ ( ) C:\Users\marlena\9lab-Removal-Tool(42788).exe
2014-03-02 12:32 - 2014-03-02 12:50 - 00000000 ____D () C:\Users\marlena\Desktop\aaaaaa
2014-02-26 20:38 - 2014-03-09 18:51 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\WinZipper
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\SupTab
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-21 18:41 - 2014-02-21 18:41 - 00000000 ____D () C:\Program Files (x86)\Dealio Toolbar
2014-02-21 18:41 - 2014-02-21 18:41 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-02-20 21:49 - 2014-02-20 21:50 - 00769408 _____ () C:\Windows\Minidump\022014-54007-01.dmp
2014-02-20 18:09 - 2014-02-21 11:45 - 00000000 ____D () C:\Users\marlena\Desktop\Nowy folder
2014-02-18 19:44 - 2014-03-02 12:37 - 00000000 ____D () C:\Users\marlena\Desktop\reszel
2014-02-16 19:06 - 2014-02-19 11:39 - 00000000 ____D () C:\Users\marlena\Desktop\peugeot
2014-02-15 10:32 - 2014-03-09 19:32 - 00000300 _____ () C:\Windows\Tasks\Update Bonanza.job
2014-02-15 10:32 - 2014-02-15 10:32 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\UpdateBonanza
2014-02-15 10:14 - 2014-03-09 19:14 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-15 10:14 - 2014-02-15 10:14 - 00003252 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-15 10:14 - 2014-02-15 10:14 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\DigitalSites
2014-02-15 10:13 - 2014-02-15 10:19 - 00000000 ____D () C:\Users\marlena\Desktop\wywołać
2014-02-14 13:54 - 2014-02-14 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2014-03-09 19:59 - 2014-03-09 19:59 - 00034735 _____ () C:\Users\marlena\Desktop\FRST.txt
2014-03-09 19:59 - 2014-03-09 19:58 - 00000000 ____D () C:\FRST
2014-03-09 19:57 - 2014-03-09 19:56 - 02157056 _____ (Farbar) C:\Users\marlena\Desktop\FRST64.exe
2014-03-09 19:49 - 2014-03-07 19:44 - 00000934 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-09 19:49 - 2014-03-07 19:44 - 00000930 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-03-09 19:49 - 2012-06-13 15:39 - 00001086 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3771276668-3479054325-1734754795-1000UA.job
2014-03-09 19:44 - 2014-03-07 19:44 - 00000300 _____ () C:\Windows\Tasks\SaveSense.job
2014-03-09 19:32 - 2014-02-15 10:32 - 00000300 _____ () C:\Windows\Tasks\Update Bonanza.job
2014-03-09 19:32 - 2013-12-29 20:32 - 00000298 _____ () C:\Windows\Tasks\Bonanza.job
2014-03-09 19:19 - 2013-10-18 00:14 - 00000928 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-03-09 19:17 - 2012-09-02 18:58 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-09 19:14 - 2014-02-15 10:14 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-09 19:13 - 2013-10-18 00:13 - 00000300 _____ () C:\Windows\Tasks\DigitalSite.job
2014-03-09 18:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-09 18:51 - 2014-02-26 20:38 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-03-09 18:48 - 2011-11-30 10:27 - 01320952 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 13:10 - 2012-06-11 16:47 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\AIMP3
2014-03-09 13:09 - 2009-07-14 05:51 - 00009751 _____ () C:\Windows\setupact.log
2014-03-09 12:29 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 12:29 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 10:12 - 2013-12-04 13:18 - 00563944 _____ () C:\Windows\IE11_main.log
2014-03-08 02:28 - 2014-03-08 02:28 - 00169700 _____ () C:\Users\marlena\Desktop\OTL.Txt
2014-03-08 02:28 - 2014-03-08 02:28 - 00111294 _____ () C:\Users\marlena\Desktop\Extras.Txt
2014-03-08 02:24 - 2014-03-08 02:24 - 00000000 _____ () C:\Users\marlena\Desktop\Nowy dokument tekstowy.txt
2014-03-08 02:17 - 2012-09-02 18:58 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 02:13 - 2012-12-09 21:18 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\TS3Client
2014-03-08 02:12 - 2012-12-09 21:16 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-08 02:10 - 2012-12-09 21:16 - 00001128 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-08 01:49 - 2012-06-13 15:39 - 00001064 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3771276668-3479054325-1734754795-1000Core.job
2014-03-08 01:25 - 2013-10-18 00:13 - 00000924 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-03-08 00:02 - 2013-10-18 02:14 - 00000062 _____ () C:\Users\marlena\AppData\Roaming\WB.CFG
2014-03-07 19:45 - 2014-03-07 19:45 - 00001303 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk
2014-03-07 19:45 - 2014-03-07 19:45 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-03-07 19:44 - 2014-03-07 19:44 - 18607760 _____ (EaseUS ) C:\Users\marlena\Downloads\EASEUS Partition Master Professional Edition 9.3.0.exe
2014-03-07 19:44 - 2014-03-07 19:44 - 00003930 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-03-07 19:44 - 2014-03-07 19:44 - 00003678 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2014-03-07 19:44 - 2014-03-07 19:44 - 00003252 _____ () C:\Windows\System32\Tasks\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Local\SaveSenseLive
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Users\marlena\AppData\Local\SaveSense
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-03-07 19:44 - 2014-03-07 19:44 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-03-07 19:43 - 2014-03-07 19:43 - 00597632 _____ ( ) C:\Users\marlena\Desktop\EASEUS Partition Master Professional Edition 9.3.0_isdmgr.exe
2014-03-07 19:26 - 2014-03-07 19:26 - 00000648 _____ () C:\Users\marlena\Desktop\Total Commander 64 bit.lnk
2014-03-07 19:26 - 2014-03-07 19:26 - 00000634 _____ () C:\Users\marlena\Desktop\Total Commander.lnk
2014-03-07 19:26 - 2014-03-07 19:26 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\GHISLER
2014-03-07 19:26 - 2014-03-07 19:26 - 00000000 ____D () C:\totalcmd
2014-03-07 19:25 - 2014-03-07 19:25 - 06344480 _____ (Ghisler Software GmbH) C:\Users\marlena\Desktop\tcm850x32_64.exe
2014-03-07 10:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 10:48 - 2011-04-01 09:03 - 00324504 _____ () C:\Windows\PFRO.log
2014-03-06 20:25 - 2012-06-11 16:25 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 20:22 - 2014-03-04 19:50 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\Opera Software
2014-03-06 20:22 - 2014-03-04 19:50 - 00000000 ____D () C:\Users\marlena\AppData\Local\Opera Software
2014-03-06 20:22 - 2014-03-04 19:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-06 20:22 - 2012-11-10 14:47 - 00001709 _____ () C:\Users\marlena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-06 20:21 - 2011-11-30 10:43 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-06 20:21 - 2011-11-30 10:43 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-06 20:21 - 2011-11-30 10:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-06 20:17 - 2014-03-04 19:57 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-06 16:01 - 2011-11-30 10:41 - 00002792 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-03-05 11:56 - 2014-03-05 11:55 - 00482440 _____ () C:\Windows\Minidump\030514-54631-01.dmp
2014-03-05 11:56 - 2011-11-30 10:41 - 00001746 _____ () C:\Windows\system32\ServiceFilter.ini
2014-03-05 11:55 - 2012-09-20 18:22 - 416270178 _____ () C:\Windows\MEMORY.DMP
2014-03-05 11:55 - 2012-09-20 18:22 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 11:03 - 2014-03-05 11:03 - 00000000 ____D () C:\Windows\pss
2014-03-04 20:32 - 2014-03-04 20:32 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\LavasoftStatistics
2014-03-04 20:24 - 2012-07-05 18:58 - 00000000 ____D () C:\Program Files (x86)\Giant Savings
2014-03-04 19:57 - 2014-03-04 19:57 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\SecureSearch
2014-03-04 19:54 - 2014-03-04 19:54 - 01727624 _____ () C:\Users\marlena\Downloads\Adaware_Installer.exe
2014-03-04 19:54 - 2014-03-04 19:54 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-04 19:53 - 2014-03-04 19:53 - 00673248 _____ ( ) C:\Users\marlena\AdAware-Free-Antivirus(12969).exe
2014-03-04 19:53 - 2012-06-11 20:35 - 00000000 ____D () C:\Users\marlena
2014-03-04 19:49 - 2014-03-04 19:49 - 00003266 _____ () C:\Windows\System32\Tasks\Opera D7
2014-03-04 19:49 - 2014-03-04 19:49 - 00003266 _____ () C:\Windows\System32\Tasks\Opera D6
2014-03-04 19:48 - 2014-03-04 19:48 - 08951984 _____ () C:\Users\marlena\Downloads\rmtool-setup-x86.exe
2014-03-04 19:47 - 2014-03-04 19:47 - 00673248 _____ ( ) C:\Users\marlena\9lab-Removal-Tool(42788).exe
2014-03-03 19:05 - 2012-06-11 20:38 - 00000000 ____D () C:\Users\marlena\Documents\Bluetooth Folder
2014-03-03 19:04 - 2012-06-11 20:37 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\Atheros
2014-03-03 19:00 - 2012-06-11 16:25 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\Skype
2014-03-03 18:57 - 2012-06-11 20:36 - 00000000 ___HD () C:\ASUS.DAT
2014-03-02 12:50 - 2014-03-02 12:32 - 00000000 ____D () C:\Users\marlena\Desktop\aaaaaa
2014-03-02 12:37 - 2014-02-18 19:44 - 00000000 ____D () C:\Users\marlena\Desktop\reszel
2014-02-28 11:08 - 2011-02-19 06:31 - 00752552 _____ () C:\Windows\system32\perfh015.dat
2014-02-28 11:08 - 2011-02-19 06:31 - 00160176 _____ () C:\Windows\system32\perfc015.dat
2014-02-28 11:08 - 2009-07-14 06:13 - 01703170 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-27 11:33 - 2012-06-13 22:27 - 01675776 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\WinZipper
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\SupTab
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-26 20:38 - 2014-02-26 20:38 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-26 20:38 - 2011-02-20 08:03 - 00421008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-02-26 20:37 - 2014-01-08 21:14 - 00000000 ____D () C:\ProgramData\WPM
2014-02-21 18:41 - 2014-02-21 18:41 - 00000000 ____D () C:\Program Files (x86)\Dealio Toolbar
2014-02-21 18:41 - 2014-02-21 18:41 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-02-21 11:45 - 2014-02-20 18:09 - 00000000 ____D () C:\Users\marlena\Desktop\Nowy folder
2014-02-21 09:49 - 2014-01-19 22:46 - 00000000 ____D () C:\Users\marlena\Desktop\105___12
2014-02-20 21:50 - 2014-02-20 21:49 - 00769408 _____ () C:\Windows\Minidump\022014-54007-01.dmp
2014-02-20 21:49 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-20 21:09 - 2014-01-19 22:46 - 00000000 ____D () C:\Users\marlena\Desktop\106___01
2014-02-20 21:05 - 2014-01-19 22:47 - 00000000 ____D () C:\Users\marlena\Desktop\104___11
2014-02-20 18:11 - 2012-06-19 00:33 - 00000000 ____D () C:\Users\marlena\AppData\Local\CrashDumps
2014-02-19 11:39 - 2014-02-16 19:06 - 00000000 ____D () C:\Users\marlena\Desktop\peugeot
2014-02-18 14:47 - 2013-08-02 20:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 14:41 - 2012-12-20 00:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 16:37 - 2012-09-04 16:45 - 00079872 ____H () C:\Users\marlena\Desktop\photothumb.db
2014-02-16 22:33 - 2012-09-02 19:07 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\PhotoScape
2014-02-15 22:48 - 2012-06-11 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 10:32 - 2014-02-15 10:32 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\UpdateBonanza
2014-02-15 10:19 - 2014-02-15 10:13 - 00000000 ____D () C:\Users\marlena\Desktop\wywołać
2014-02-15 10:14 - 2014-02-15 10:14 - 00003252 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-15 10:14 - 2014-02-15 10:14 - 00000000 ____D () C:\Users\marlena\AppData\Roaming\DigitalSites
2014-02-14 13:54 - 2014-02-14 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 11:09 - 2012-09-27 05:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 11:09 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 16:13 - 2013-02-01 11:56 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-12 16:12 - 2014-02-12 16:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan

Files to move or delete:
====================
C:\Users\marlena\9lab-Removal-Tool(42788).exe
C:\Users\marlena\AdAware-Free-Antivirus(12969).exe
C:\Users\Public\OriginThinSetup.exe


Some content of TEMP:
====================
C:\Users\marlena\AppData\Local\Temp\0a1ec78b-8a11-4697-96e7-c88077576be1.exe
C:\Users\marlena\AppData\Local\Temp\gg10.upgr.exe
C:\Users\marlena\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\marlena\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-09 13:00

==================== End Of Log ============================