Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01 Ran by Czarek (administrator) on CZAREK-KOMPUTER on 17-07-2014 04:47:56 Running from C:\Users\Czarek\Downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe () C:\Windows\System32\PnkBstrA.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe (Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (Flux Software LLC) C:\Users\Czarek\AppData\Local\FluxSoftware\Flux\flux.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (Spotify Ltd) C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Macrovision Europe Ltd.) C:\Users\Czarek\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [XFastUsb] => C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2012-05-22] (FNet Co., Ltd.) HKLM\...\Run: [CTSyncService] => C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd) HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\AmbRunE.dll [14848 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [f.lux] => C:\Users\Czarek\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-18] (IObit) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [Google Update] => C:\Users\Czarek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-03] (Google Inc.) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [Spotify] => C:\Users\Czarek\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-16] (Spotify Ltd) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Run: [Spotify Web Helper] => C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-16] (Spotify Ltd) HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\MountPoints2: {491e98fa-1908-11e1-984d-002522cc5546} - H:\autorun.exe HKU\S-1-5-21-938636079-2743700497-1177568648-1000\...\MountPoints2: {50899814-adac-11e1-bfeb-002522cc5546} - G:\setup.exe ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {39AAB8FE-CD26-4925-A003-E3207D5E940E} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {5D1B80C7-4EE2-4fad-AC00-87D50438DACC} URL = https://www.google.com/search?q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Czarek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Czarek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Czarek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= CHR StartupUrls: "google.pl" CHR Extension: (Dokumenty Google) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08] CHR Extension: (Dysk Google) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-07-08] CHR Extension: (YouTube) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08] CHR Extension: (Szukaj w Google) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08] CHR Extension: (AdBlock Premium) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-07-08] CHR Extension: (Google Wallet) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03] CHR Extension: (Gmail) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-25] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-25] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2011-11-03] () R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.) R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-25] (Creative Labs) [File not signed] R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-06-27] (Enigma Software Group USA, LLC.) ==================== Drivers (Whitelisted) ==================== R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2011-10-26] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-06-03] (DT Soft Ltd) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] () R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-11-14] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-25] (FNet Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-26] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-05-02] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [137760 2014-05-05] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103456 2014-05-05] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [166432 2014-05-05] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [112160 2014-05-05] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [122912 2014-05-06] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-11-27] () [File not signed] U3 a81zfufe; C:\Windows\system32\Drivers\a81zfufe.sys [0 ] (Advanced Micro Devices) S0 qibokemq; System32\drivers\ghnloyb.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 kwrdapog; \??\C:\Users\Czarek\AppData\Local\Temp\kwrdapog.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-17 04:47 - 2014-07-17 04:48 - 00020285 _____ () C:\Users\Czarek\Downloads\FRST.txt 2014-07-17 04:47 - 2014-07-17 04:47 - 01077248 _____ (Farbar) C:\Users\Czarek\Downloads\FRST.exe 2014-07-17 04:39 - 2014-07-17 04:39 - 00071003 _____ () C:\Users\Czarek\Desktop\GMER.txt 2014-07-17 03:57 - 2014-07-17 03:57 - 00370943 _____ () C:\Users\Czarek\Downloads\gmer.zip 2014-07-17 03:57 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Czarek\Downloads\gmer.exe 2014-07-17 02:41 - 2014-07-17 02:41 - 00000831 _____ () C:\Users\Public\Desktop\Wolfenstein The New Order.lnk 2014-07-16 21:43 - 2014-07-16 21:43 - 00001228 _____ () C:\Windows\PFRO.log 2014-07-16 21:43 - 2014-07-16 21:43 - 00000056 _____ () C:\Windows\setupact.log 2014-07-16 21:43 - 2014-07-16 21:43 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-16 12:44 - 2014-07-16 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-16 12:44 - 2014-07-16 12:44 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-16 12:44 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-16 12:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-16 12:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-16 12:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-16 03:45 - 2014-07-16 03:45 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 02:18 - 2014-07-17 04:38 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Spotify 2014-07-16 02:18 - 2014-07-16 02:36 - 00000000 ____D () C:\Users\Czarek\AppData\Local\Spotify 2014-07-16 02:18 - 2014-07-16 02:18 - 00001817 _____ () C:\Users\Czarek\Desktop\Spotify.lnk 2014-07-16 02:18 - 2014-07-16 02:18 - 00001803 _____ () C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-07-09 16:52 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 16:52 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 16:52 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 16:52 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 16:52 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 16:52 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 16:52 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 16:52 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 16:52 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 16:52 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 16:52 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 16:52 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 16:52 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 16:52 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 16:52 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 16:52 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 16:52 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 16:52 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 16:52 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 16:52 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 16:52 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 16:52 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 16:52 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 16:52 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 16:52 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 16:52 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 16:52 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 16:52 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 16:52 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 16:52 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 16:52 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 16:52 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 16:51 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 16:51 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 16:51 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 16:51 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 16:51 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 16:51 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 12:43 - 2014-03-25 15:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-07-08 05:02 - 2014-07-08 05:06 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-07-08 05:02 - 2014-07-08 05:02 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\ParetoLogic 2014-07-08 05:02 - 2014-07-08 05:02 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\DriverCure 2014-07-08 03:00 - 2014-07-08 03:00 - 00002204 _____ () C:\Users\Czarek\Desktop\SpyHunter.lnk 2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ____D () C:\sh4ldr 2014-07-08 02:59 - 2014-07-08 03:00 - 00000000 ____D () C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP 2014-07-08 02:59 - 2014-07-08 02:59 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-08 02:21 - 2014-07-08 02:54 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-07-07 01:26 - 2014-07-08 01:31 - 00003584 _____ () C:\Users\Czarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-07 00:15 - 2014-07-07 00:15 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-07 00:15 - 2014-07-07 00:15 - 00000000 ____D () C:\Program Files\IrfanView 2014-06-19 09:24 - 2014-06-19 09:24 - 00000024 _____ () C:\Users\Czarek\AppData\Roaming\temp.ini 2014-06-18 13:13 - 2014-06-24 22:40 - 00000733 _____ () C:\Users\Czarek\Desktop\Nowy dokument tekstowy (2).txt 2014-06-17 09:07 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-17 09:07 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-17 09:07 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-17 09:07 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-17 09:07 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-17 09:07 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-17 09:04 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll ==================== One Month Modified Files and Folders ======= 2014-07-17 04:48 - 2014-07-17 04:47 - 00020285 _____ () C:\Users\Czarek\Downloads\FRST.txt 2014-07-17 04:48 - 2013-12-27 17:13 - 00000000 ____D () C:\FRST 2014-07-17 04:47 - 2014-07-17 04:47 - 01077248 _____ (Farbar) C:\Users\Czarek\Downloads\FRST.exe 2014-07-17 04:47 - 2011-10-25 17:51 - 01769986 _____ () C:\Windows\WindowsUpdate.log 2014-07-17 04:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-17 04:39 - 2014-07-17 04:39 - 00071003 _____ () C:\Users\Czarek\Desktop\GMER.txt 2014-07-17 04:38 - 2014-07-16 02:18 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Spotify 2014-07-17 04:27 - 2012-04-27 18:50 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-17 04:17 - 2014-06-03 09:02 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938636079-2743700497-1177568648-1000UA.job 2014-07-17 03:57 - 2014-07-17 03:57 - 00370943 _____ () C:\Users\Czarek\Downloads\gmer.zip 2014-07-17 03:26 - 2009-07-14 06:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-17 03:26 - 2009-07-14 06:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-17 02:41 - 2014-07-17 02:41 - 00000831 _____ () C:\Users\Public\Desktop\Wolfenstein The New Order.lnk 2014-07-17 02:12 - 2011-10-26 17:25 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\DAEMON Tools Lite 2014-07-17 00:48 - 2014-01-21 22:13 - 00000000 ____D () C:\Program Files\JDownloader 2014-07-16 21:43 - 2014-07-16 21:43 - 00001228 _____ () C:\Windows\PFRO.log 2014-07-16 21:43 - 2014-07-16 21:43 - 00000056 _____ () C:\Windows\setupact.log 2014-07-16 21:43 - 2014-07-16 21:43 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-16 21:43 - 2012-07-13 13:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-16 21:43 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-16 21:26 - 2011-10-25 18:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-07-16 21:25 - 2012-06-03 13:21 - 00000000 ____D () C:\Users\Public\Documents\The Witcher 2014-07-16 21:15 - 2011-11-01 15:05 - 00000000 ____D () C:\ProgramData\Codemasters 2014-07-16 21:08 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-16 19:37 - 2011-10-26 22:26 - 00000000 ____D () C:\Users\Czarek\AppData\Local\CrashDumps 2014-07-16 12:44 - 2014-07-16 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-16 12:44 - 2014-07-16 12:44 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-16 12:44 - 2013-11-11 11:20 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-16 12:44 - 2012-03-10 11:06 - 00000000 ____D () C:\Program Files\Java 2014-07-16 03:45 - 2014-07-16 03:45 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 02:36 - 2014-07-16 02:18 - 00000000 ____D () C:\Users\Czarek\AppData\Local\Spotify 2014-07-16 02:18 - 2014-07-16 02:18 - 00001817 _____ () C:\Users\Czarek\Desktop\Spotify.lnk 2014-07-16 02:18 - 2014-07-16 02:18 - 00001803 _____ () C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-07-14 22:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-07-14 19:58 - 2013-07-08 10:37 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\GG 2014-07-14 13:04 - 2013-07-17 00:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-14 13:02 - 2011-10-25 19:14 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-14 01:12 - 2013-12-22 21:00 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\TS3Client 2014-07-12 14:03 - 2011-10-25 20:06 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Media Player Classic 2014-07-11 18:33 - 2014-03-09 20:03 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-11 03:02 - 2014-07-16 12:44 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-11 02:56 - 2014-07-16 12:44 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-11 02:56 - 2014-07-16 12:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-11 02:55 - 2014-07-16 12:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-09 23:09 - 2009-07-14 06:33 - 00348864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 23:08 - 2014-05-06 23:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 23:08 - 2009-07-14 10:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 23:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-07-09 13:27 - 2012-04-27 18:50 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-09 13:27 - 2011-10-25 18:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-08 22:53 - 2011-10-25 17:55 - 01670590 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-08 22:53 - 2009-07-14 10:07 - 00740438 _____ () C:\Windows\system32\perfh015.dat 2014-07-08 22:53 - 2009-07-14 10:07 - 00156012 _____ () C:\Windows\system32\perfc015.dat 2014-07-08 12:04 - 2014-06-03 09:02 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938636079-2743700497-1177568648-1000Core.job 2014-07-08 05:06 - 2014-07-08 05:02 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-07-08 05:02 - 2014-07-08 05:02 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\ParetoLogic 2014-07-08 05:02 - 2014-07-08 05:02 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\DriverCure 2014-07-08 04:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing 2014-07-08 03:00 - 2014-07-08 03:00 - 00002204 _____ () C:\Users\Czarek\Desktop\SpyHunter.lnk 2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ____D () C:\sh4ldr 2014-07-08 03:00 - 2014-07-08 02:59 - 00000000 ____D () C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP 2014-07-08 02:59 - 2014-07-08 02:59 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-07-08 02:54 - 2014-07-08 02:21 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-07-08 02:21 - 2011-11-15 23:09 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-07-08 01:31 - 2014-07-07 01:26 - 00003584 _____ () C:\Users\Czarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-07 00:15 - 2014-07-07 00:15 - 00000000 ____D () C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-07 00:15 - 2014-07-07 00:15 - 00000000 ____D () C:\Program Files\IrfanView 2014-07-06 23:06 - 2013-07-08 10:37 - 00000000 ____D () C:\Users\Czarek\AppData\Local\GG 2014-06-30 03:40 - 2014-07-09 16:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 03:36 - 2014-07-09 16:51 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-24 22:40 - 2014-06-18 13:13 - 00000733 _____ () C:\Users\Czarek\Desktop\Nowy dokument tekstowy (2).txt 2014-06-20 21:39 - 2014-07-09 16:52 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-19 09:24 - 2014-06-19 09:24 - 00000024 _____ () C:\Users\Czarek\AppData\Roaming\temp.ini 2014-06-19 02:16 - 2014-07-09 16:52 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 01:56 - 2014-07-09 16:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 01:56 - 2014-07-09 16:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 01:38 - 2014-07-09 16:52 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 01:37 - 2014-07-09 16:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 01:36 - 2014-07-09 16:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-09 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 01:32 - 2014-07-09 16:52 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 01:28 - 2014-07-09 16:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 01:28 - 2014-07-09 16:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 01:25 - 2014-07-09 16:52 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 01:23 - 2014-07-09 16:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 01:23 - 2014-07-09 16:52 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 01:22 - 2014-07-09 16:52 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 01:16 - 2014-07-09 16:52 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 01:12 - 2014-07-09 16:52 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:06 - 2014-07-09 16:52 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-09 16:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 00:59 - 2014-07-09 16:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 16:52 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 00:52 - 2014-07-09 16:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 00:52 - 2014-07-09 16:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 00:49 - 2014-07-09 16:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 00:46 - 2014-07-09 16:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-09 16:52 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 16:52 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:13 - 2014-07-09 16:52 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:09 - 2014-07-09 16:52 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:07 - 2014-07-09 16:52 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-18 03:51 - 2014-07-09 16:52 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 02:52 - 2014-07-09 16:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Files to move or delete: ==================== C:\Users\Czarek\TWEE_Upgrade.exe Some content of TEMP: ==================== C:\Users\Czarek\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 16:38 ==================== End Of Log ============================