Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Artur (administrator) on KOMPIK on 15-09-2014 17:37:40 Running from C:\Users\Artur\Desktop Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ITSamples.com) C:\Program Files\NetworkIndicator\NetworkIndicator.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [NSU_agent] => C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] () HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKU\S-1-5-21-3698236117-931745765-820054799-1001\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com) Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetworkIndicator.exe.lnk ShortcutTarget: NetworkIndicator.exe.lnk -> C:\Program Files\NetworkIndicator\NetworkIndicator.exe (ITSamples.com) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ SearchScopes: HKCU - DefaultScope {27D0ECC0-F7FD-4571-B441-FD6563B83891} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {27D0ECC0-F7FD-4571-B441-FD6563B83891} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45056 2013-11-14] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-11-14] (Hewlett-Packard) [File not signed] R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1794328 2013-12-05] (UltraVNC) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12472 2013-10-13] (Windows (R) Win 7 DDK provider) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation ) R0 SI3114; C:\Windows\System32\DRIVERS\SI3114.sys [73768 2008-04-14] (Silicon Image, Inc) R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2008-04-14] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-04-29] (Silicon Image, Inc.) S3 tap0801co; C:\Windows\System32\DRIVERS\tap0801co.sys [25856 2006-08-31] (The OpenVPN Project) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 17:37 - 2014-09-15 17:37 - 00010688 _____ () C:\Users\Artur\Desktop\FRST.txt 2014-09-15 17:37 - 2014-09-15 17:37 - 00000000 ____D () C:\FRST 2014-09-15 17:35 - 2014-09-15 17:35 - 00380416 _____ () C:\Users\Artur\Desktop\9lcp2pcr.exe 2014-09-15 17:34 - 2014-09-15 17:34 - 00602112 _____ (OldTimer Tools) C:\Users\Artur\Desktop\OTL.exe 2014-09-15 17:33 - 2014-09-15 17:33 - 01097728 _____ (Farbar) C:\Users\Artur\Desktop\FRST.exe 2014-09-15 17:31 - 2014-09-15 17:32 - 00018432 _____ () C:\Users\Artur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-15 17:24 - 2014-09-15 17:24 - 00959032 _____ (Foolish IT LLC ) C:\Users\Artur\Desktop\CryptoPreventSetup.exe 2014-09-14 22:48 - 2014-09-14 22:48 - 00171344 _____ (Kaspersky Lab ZAO) C:\Users\Artur\Desktop\salitykiller.exe 2014-09-14 21:33 - 2014-09-14 21:33 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\Artur\Desktop\virutkiller_1.0.11.0.exe 2014-09-14 18:54 - 2014-09-14 18:54 - 00974336 _____ (BHH) C:\Users\Artur\Desktop\HDConvertToX.exe 2014-09-14 18:44 - 2014-09-14 18:44 - 07549704 _____ () C:\Users\Artur\Desktop\InternationalPrimoPDF.exe 2014-09-14 16:44 - 2014-09-14 16:44 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-09-14 16:43 - 2014-09-14 16:44 - 00000000 ____D () C:\Program Files\Windows Live 2014-09-14 00:51 - 2014-09-14 00:51 - 00000000 ____D () C:\Users\Artur\Desktop\JBinUp 0.90 - Beta 10 - Windows 2014-09-13 23:51 - 2014-09-13 23:56 - 00000000 ____D () C:\Users\Artur\Downloads\M.ast3rs.0f.S3x.S01E03.PL.720p 2014-09-13 13:43 - 2014-09-13 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf 2014-09-13 13:26 - 2014-09-13 13:29 - 16788838 ____R () C:\Users\Artur\Documents\2014-09-13 Nokia 302.nbu 2014-09-10 09:31 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 09:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 09:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 09:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 09:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 09:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 09:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 09:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 09:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 09:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 09:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 09:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 09:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 09:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 09:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 09:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 09:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 09:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 09:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 09:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 09:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 09:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 09:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 09:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 09:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 09:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 09:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 09:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 09:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 09:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 09:30 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 07:56 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 07:56 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 07:56 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 07:56 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 07:56 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 07:56 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 10:33 - 2014-09-09 10:33 - 00000000 ____D () C:\Users\Artur\Documents\MultiPar1264 2014-09-09 10:31 - 2014-09-09 10:31 - 00591939 _____ () C:\Users\Artur\Documents\MultiPar1264.zip 2014-09-09 09:49 - 2014-09-09 09:49 - 00000000 ____D () C:\Users\Artur\Documents\XNResourceEditorPortable 2014-09-09 09:48 - 2014-09-09 09:48 - 01128824 _____ (PortableApps.com) C:\Users\Artur\Desktop\XNResourceEditorPortable_3.0.0.1_English.paf.exe 2014-09-06 12:44 - 2014-09-06 12:44 - 00000000 ____D () C:\Users\Artur\Downloads\Kombi - Nasze Randez Vous HQ Audio 2014-09-05 23:16 - 2014-09-07 11:11 - 00000000 ____D () C:\Users\Artur\Downloads\M.ast3rs.0f.S3x.S01E01.PL.720p 2014-09-05 19:01 - 2014-09-13 23:46 - 00000000 ____D () C:\Users\Artur\Downloads\M.ast3rs.0f.S3x.S01E02.PL.720p 2014-08-31 01:04 - 2014-08-31 18:38 - 00000000 ____D () C:\Users\Artur\AppData\Local\Microsoft Games 2014-08-30 13:05 - 2014-09-15 16:13 - 00011215 _____ () C:\Windows\setupact.log 2014-08-30 13:05 - 2014-08-30 13:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-30 00:31 - 2014-08-30 00:31 - 00000000 ____D () C:\Program Files\Microsoft Games 2014-08-29 23:18 - 2014-08-30 19:55 - 00000000 ____D () C:\Users\Artur\AppData\Roaming\Windows Live Writer 2014-08-29 23:18 - 2014-08-30 01:15 - 00000000 ____D () C:\Users\Artur\AppData\Local\Windows Live Writer 2014-08-29 23:17 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Artur\AppData\Local\Windows Live 2014-08-29 22:53 - 2014-08-29 22:53 - 00000000 __RSD () C:\Users\Artur\Documents\My Stationery 2014-08-29 22:49 - 2014-08-29 22:49 - 00000000 ____D () C:\Program Files\Common Files\Windows Live 2014-08-29 16:42 - 2014-08-29 16:42 - 00000000 ____D () C:\ProgramData\Avg_Update_0814avt 2014-08-28 07:46 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 07:46 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-26 12:01 - 2014-08-26 12:02 - 00000000 ____D () C:\Users\Artur\Downloads\Me An 2014-08-23 23:24 - 2014-08-23 23:24 - 00000000 ____D () C:\ProgramData\Bluray Decrypter 2014-08-23 19:42 - 2014-08-23 19:42 - 00000936 _____ () C:\Users\Artur\Downloads\nikita.chapters.txt 2014-08-22 15:29 - 2014-08-22 15:29 - 04631040 _____ () C:\Users\Artur\Documents\spectaculator80.msi 2014-08-22 13:18 - 2014-08-22 13:18 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-21 06:49 - 2014-08-21 06:49 - 00000000 ____D () C:\Users\Artur\AppData\Local\DOSBox 2014-08-21 06:49 - 2014-08-21 06:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2014-08-21 06:49 - 2014-08-21 06:49 - 00000000 ____D () C:\Program Files\DOSBox-0.74 2014-08-18 12:22 - 2014-08-18 12:22 - 02424832 _____ () C:\Users\Artur\Documents\AdbeRdrSecUpd11008.msp 2014-08-18 10:43 - 2014-09-13 15:13 - 00001082 _____ () C:\Users\Artur\Desktop\gaz.txt 2014-08-16 13:38 - 2014-08-16 13:39 - 00000000 ____D () C:\Users\Artur\Documents\NESTOPIA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 17:37 - 2014-09-15 17:37 - 00010688 _____ () C:\Users\Artur\Desktop\FRST.txt 2014-09-15 17:37 - 2014-09-15 17:37 - 00000000 ____D () C:\FRST 2014-09-15 17:35 - 2014-09-15 17:35 - 00380416 _____ () C:\Users\Artur\Desktop\9lcp2pcr.exe 2014-09-15 17:34 - 2014-09-15 17:34 - 00602112 _____ (OldTimer Tools) C:\Users\Artur\Desktop\OTL.exe 2014-09-15 17:34 - 2014-04-12 18:08 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-15 17:33 - 2014-09-15 17:33 - 01097728 _____ (Farbar) C:\Users\Artur\Desktop\FRST.exe 2014-09-15 17:32 - 2014-09-15 17:31 - 00018432 _____ () C:\Users\Artur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-15 17:31 - 2014-04-12 17:43 - 01453019 _____ () C:\Windows\WindowsUpdate.log 2014-09-15 17:24 - 2014-09-15 17:24 - 00959032 _____ (Foolish IT LLC ) C:\Users\Artur\Desktop\CryptoPreventSetup.exe 2014-09-15 16:39 - 2014-04-12 17:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-15 16:18 - 2014-04-13 15:17 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-09-15 16:18 - 2014-04-13 15:17 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-09-15 16:18 - 2010-11-20 23:01 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-15 16:13 - 2014-08-30 13:05 - 00011215 _____ () C:\Windows\setupact.log 2014-09-15 16:12 - 2014-04-12 19:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-15 16:12 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-14 23:47 - 2009-07-14 06:34 - 00032224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-14 23:47 - 2009-07-14 06:34 - 00032224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-14 22:48 - 2014-09-14 22:48 - 00171344 _____ (Kaspersky Lab ZAO) C:\Users\Artur\Desktop\salitykiller.exe 2014-09-14 22:48 - 2009-07-14 04:04 - 00000219 _____ () C:\Windows\system.ini 2014-09-14 21:33 - 2014-09-14 21:33 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\Artur\Desktop\virutkiller_1.0.11.0.exe 2014-09-14 20:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-14 18:54 - 2014-09-14 18:54 - 00974336 _____ (BHH) C:\Users\Artur\Desktop\HDConvertToX.exe 2014-09-14 18:44 - 2014-09-14 18:44 - 07549704 _____ () C:\Users\Artur\Desktop\InternationalPrimoPDF.exe 2014-09-14 17:56 - 2014-05-24 13:47 - 00000000 ____D () C:\Program Files\JDownloader 2014-09-14 16:44 - 2014-09-14 16:44 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-09-14 16:44 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files\Windows Live 2014-09-14 16:43 - 2014-08-29 23:17 - 00000000 ____D () C:\Users\Artur\AppData\Local\Windows Live 2014-09-14 16:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-09-14 16:03 - 2014-04-15 12:34 - 00000000 ____D () C:\Users\Artur\AppData\Roaming\uTorrent 2014-09-14 00:52 - 2014-04-21 20:26 - 00000000 ____D () C:\Users\Artur\.JBinUp 2014-09-14 00:51 - 2014-09-14 00:51 - 00000000 ____D () C:\Users\Artur\Desktop\JBinUp 0.90 - Beta 10 - Windows 2014-09-13 23:56 - 2014-09-13 23:51 - 00000000 ____D () C:\Users\Artur\Downloads\M.ast3rs.0f.S3x.S01E03.PL.720p 2014-09-13 23:46 - 2014-09-05 19:01 - 00000000 ____D () C:\Users\Artur\Downloads\M.ast3rs.0f.S3x.S01E02.PL.720p 2014-09-13 15:13 - 2014-08-18 10:43 - 00001082 _____ () C:\Users\Artur\Desktop\gaz.txt 2014-09-13 13:43 - 2014-09-13 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf 2014-09-13 13:43 - 2014-04-17 14:15 - 00000000 ____D () C:\ProgramData\PC Suite 2014-09-13 13:29 - 2014-09-13 13:26 - 16788838 ____R () C:\Users\Artur\Documents\2014-09-13 Nokia 302.nbu 2014-09-10 10:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 09:39 - 2014-04-12 17:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-10 09:39 - 2014-04-12 17:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-10 09:30 - 2014-04-12 22:00 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-10 09:30 - 2014-04-12 18:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 09:26 - 2014-04-23 13:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 09:26 - 2014-04-12 18:30 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 10:33 - 2014-09-09 10:33 - 00000000 ____D () C:\Users\Artur\Documents\MultiPar1264 2014-09-09 10:31 - 2014-09-09 10:31 - 00591939 _____ () C:\Users\Artur\Documents\MultiPar1264.zip 2014-09-09 09:49 - 2014-09-09 09:49 - 00000000 ____D () C:\Users\Artur\Documents\XNResourceEditorPortable 2014-09-09 09:48 - 2014-09-09 09:48 - 01128824 _____ (PortableApps.com) C:\Users\Artur\Desktop\XNResourceEditorPortable_3.0.0.1_English.paf.exe 2014-09-07 19:41 - 2014-04-21 20:27 - 00000000 ____D () C:\Users\Artur\Documents\aplikacje 2014-09-07 11:11 - 2014-09-05 23:16 - 00000000 ____D () C:\Users\Artur\Downloads\M.ast3rs.0f.S3x.S01E01.PL.720p 2014-09-06 12:44 - 2014-09-06 12:44 - 00000000 ____D () C:\Users\Artur\Downloads\Kombi - Nasze Randez Vous HQ Audio 2014-09-05 03:52 - 2014-09-10 07:56 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-10 07:56 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-02 19:47 - 2014-04-12 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-08-31 18:38 - 2014-08-31 01:04 - 00000000 ____D () C:\Users\Artur\AppData\Local\Microsoft Games 2014-08-31 13:04 - 2014-04-14 16:07 - 00001244 _____ () C:\Users\Public\Desktop\Intel SSD Toolbox.lnk 2014-08-30 19:55 - 2014-08-29 23:18 - 00000000 ____D () C:\Users\Artur\AppData\Roaming\Windows Live Writer 2014-08-30 18:28 - 2014-06-12 09:58 - 00000000 ____D () C:\Users\Artur\Desktop\wsusoffline 2014-08-30 13:05 - 2014-08-30 13:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-30 01:15 - 2014-08-29 23:18 - 00000000 ____D () C:\Users\Artur\AppData\Local\Windows Live Writer 2014-08-30 00:34 - 2014-04-15 15:30 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-30 00:31 - 2014-08-30 00:31 - 00000000 ____D () C:\Program Files\Microsoft Games 2014-08-30 00:31 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-08-30 00:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-08-29 22:53 - 2014-08-29 22:53 - 00000000 __RSD () C:\Users\Artur\Documents\My Stationery 2014-08-29 22:49 - 2014-08-29 22:49 - 00000000 ____D () C:\Program Files\Common Files\Windows Live 2014-08-29 16:42 - 2014-08-29 16:42 - 00000000 ____D () C:\ProgramData\Avg_Update_0814avt 2014-08-29 09:14 - 2014-04-21 19:57 - 00000000 ____D () C:\Program Files\The KMPlayer 2014-08-29 08:18 - 2014-07-13 17:09 - 00000000 ____D () C:\Users\Artur\Documents\ATARI 2014-08-28 11:10 - 2009-07-14 06:33 - 00350384 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-26 12:02 - 2014-08-26 12:01 - 00000000 ____D () C:\Users\Artur\Downloads\Me An 2014-08-23 23:24 - 2014-08-23 23:24 - 00000000 ____D () C:\ProgramData\Bluray Decrypter 2014-08-23 19:42 - 2014-08-23 19:42 - 00000936 _____ () C:\Users\Artur\Downloads\nikita.chapters.txt 2014-08-23 03:46 - 2014-08-28 07:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 07:46 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 15:29 - 2014-08-22 15:29 - 04631040 _____ () C:\Users\Artur\Documents\spectaculator80.msi 2014-08-22 13:18 - 2014-08-22 13:18 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-22 13:18 - 2014-08-02 11:05 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-22 13:18 - 2014-08-02 11:04 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-22 13:18 - 2014-08-02 11:04 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-22 13:18 - 2014-08-02 11:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-22 13:18 - 2014-04-12 18:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-22 13:17 - 2014-05-29 17:38 - 00000000 ____D () C:\Program Files\Java 2014-08-21 06:49 - 2014-08-21 06:49 - 00000000 ____D () C:\Users\Artur\AppData\Local\DOSBox 2014-08-21 06:49 - 2014-08-21 06:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2014-08-21 06:49 - 2014-08-21 06:49 - 00000000 ____D () C:\Program Files\DOSBox-0.74 2014-08-19 19:39 - 2014-09-10 09:30 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-10 09:30 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-10 09:30 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-10 09:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-10 09:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-10 09:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-10 09:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-10 09:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-10 09:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-10 09:30 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-10 09:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-10 09:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-10 09:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-10 09:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-10 09:30 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-10 09:30 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-10 09:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-10 09:30 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-10 09:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-10 09:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-10 09:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-10 09:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-10 09:30 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-10 09:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-10 09:30 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-10 09:30 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-10 09:30 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-10 09:30 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-10 09:30 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-10 09:30 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 12:22 - 2014-08-18 12:22 - 02424832 _____ () C:\Users\Artur\Documents\AdbeRdrSecUpd11008.msp 2014-08-18 11:44 - 2014-04-21 19:46 - 00000000 ____D () C:\Users\Artur\Documents\pedeefy 2014-08-18 10:06 - 2014-04-21 22:51 - 00000000 ____D () C:\Users\Artur\AppData\Roaming\Media Player Classic 2014-08-18 10:06 - 2014-04-13 03:36 - 00000000 ____D () C:\Windows\Panther 2014-08-17 23:29 - 2014-04-15 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-08-16 13:39 - 2014-08-16 13:38 - 00000000 ____D () C:\Users\Artur\Documents\NESTOPIA Some content of TEMP: ==================== C:\Users\Artur\AppData\Local\Temp\wtw-update.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 16:48 ==================== End Of Log ============================