Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by 33 (administrator) on AUTO on 21-11-2014 23:28:42
Running from C:\Users\33\Downloads\Nowy folder
Loaded Profile: 33 (Available profiles: 19 & ww1 & wyp 3 tyg & 28 & 29 & 33 & 36 & 37)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Polski (Polska)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(SkypEmoticons) C:\Users\33\AppData\Roaming\SkypEmoticons\SE.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(asus) C:\Program Files\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [Wireless Console 3] => C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\...\Run: [se] => C:\Users\33\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-11-18] (SkypEmoticons)
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\...\MountPoints2: {f31eaffb-6f0c-11e3-90f5-20cf3059b800} - F:\setup.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.search-plaza.info/?pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB649DC1BFBF9CF01
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl
HKU\S-1-5-21-2688399222-3990677332-1833978256-1042\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.search-plaza.info/?pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066&q={searchTerms}
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.search-plaza.info/?l=1&q={searchTerms}&pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
SearchScopes: HKLM -> Google URL = http://www.google.ru/search?hl=ru&q={searchTerms}\
SearchScopes: HKLM -> Wikipedia URL = http://ru.wikipedia.org/wiki/{searchTerms}\
SearchScopes: HKLM -> Yahoo URL = http://ru.search.yahoo.com/search?p={searchTerms}\
SearchScopes: HKLM -> Yandex URL = http://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}\
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.search-plaza.info/?l=1&q={searchTerms}&pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
SearchScopes: HKU\S-1-5-21-2688399222-3990677332-1833978256-1042 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.search-plaza.info/?l=1&q={searchTerms}&pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
SearchScopes: HKU\S-1-5-21-2688399222-3990677332-1833978256-1042 -> Google URL = 
SearchScopes: HKU\S-1-5-21-2688399222-3990677332-1833978256-1042 -> Wikipedia URL = 
SearchScopes: HKU\S-1-5-21-2688399222-3990677332-1833978256-1042 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2688399222-3990677332-1833978256-1042 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.search-plaza.info/?l=1&q={searchTerms}&pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
BHO: websave -> {1fcb8c05-0464-4397-a841-f8cb872f3f9a} -> C:\Program Files\websave\dcgOp3j2p93B9j.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} ->  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.2

FireFox:
========
FF ProfilePath: C:\Users\33\AppData\Roaming\Mozilla\Firefox\Profiles\4r1sw51j.default
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.search-plaza.info/?pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.search-plaza.info/?pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69
FF Keyword.URL: hxxp://websearch.search-plaza.info/?pid=3540&r=2014/11/20&hid=12411846271718644983&lg=EN&cc=PL&unqvl=69&l=1&q=
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "188.190.100.208"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "188.190.100.208"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.190.100.208"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "188.190.100.208"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\33\AppData\Roaming\Mozilla\Firefox\Profiles\4r1sw51j.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml
FF Extension: YoutubeAdBlocke - C:\Users\33\AppData\Roaming\Mozilla\Firefox\Profiles\4r1sw51j.default\Extensions\3P8i@g.edu [2014-11-18]
FF Extension: websave - C:\Users\33\AppData\Roaming\Mozilla\Firefox\Profiles\4r1sw51j.default\Extensions\aJr65uO@e.edu [2014-11-20]
FF Extension: GoSave - C:\Users\33\AppData\Roaming\Mozilla\Firefox\Profiles\4r1sw51j.default\Extensions\QBP3@2.net [2014-11-18]
FF Extension: WinToFlash Suggestor - C:\Users\33\AppData\Roaming\Mozilla\Firefox\Profiles\4r1sw51j.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-04-09]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-22]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 21F4378C921E8019EE410EC12D1F6CE0B620086B2756AA91C43E6F04A3736AF8
CHR DefaultSearchURL: Default -> 7B8F343069D75BC606556CBBA2199504093DB1D85B8FCE3207F3AD2528C99576
CHR Profile: C:\Users\33\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dysk Google) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-21]
CHR Extension: (websave) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjmoceknlneoigfojlddaedjpakoebdj [2014-11-20]
CHR Extension: (YouTube) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-21]
CHR Extension: (Szukaj w Google) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-21]
CHR Extension: (Saving Smart) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad [2014-11-20]
CHR Extension: (Google Wallet) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR Extension: (Gmail) - C:\Users\33\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-21]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1416273565&from=wpc&uid=WDCXWD3200BEVT-80A0RT0_WD-WXN1A503406634066

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [4173312 2014-11-20] () [File not signed]
S4 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
S4 AFBAgent; C:\Windows\system32\FBAgent.exe [303744 2010-06-22] (ASUSTeK Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2010-06-04] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-06-04] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [494080 2010-06-04] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [584704 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 Browser; C:\Windows\System32\browser.dll [102400 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2010-06-04] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-06-04] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [143872 2010-06-04] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-06-04] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-06-04] (Microsoft Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-07] (Macrovision Europe Ltd.) [File not signed]
R3 FontCache; C:\Windows\system32\FntCache.dll [804864 2010-06-04] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [592384 2010-06-04] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-06-04] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-06-04] (Microsoft Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [673280 2010-06-04] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499200 2010-06-04] (Microsoft Corporation) [File not signed]
S4 LanmanServer; C:\Windows\system32\srvsvc.dll [168448 2010-06-04] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-06-04] (Microsoft Corporation) [File not signed]
S4 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2010-06-04] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-06-04] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-06-04] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [163840 2010-06-04] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [285184 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [744448 2010-06-04] (Microsoft Corporation) [File not signed]
S4 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-06-04] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [114176 2010-06-04] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [316416 2010-06-04] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-06-04] (Microsoft Corporation) [File not signed]
S4 SysMain; C:\Windows\system32\sysmain.dll [1160192 2010-06-04] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [516608 2010-06-04] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-12-07] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171520 2010-06-04] (Microsoft Corporation) [File not signed]
S2 UNS; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [453120 2010-06-04] (Microsoft Corporation) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [86096 2013-08-27] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [358480 2013-08-27] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719416 2013-08-26] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437328 2013-08-27] (VMware, Inc.)
R3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-06-04] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [202240 2010-06-04] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [350208 2010-06-04] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2010-06-04] (Microsoft Corporation) [File not signed]
R3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-06-04] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-06-04] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [67584 2010-06-04] (Microsoft Corporation) [File not signed]
S2 ioloSystemService; "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5191680 2010-01-22] (ATI Technologies Inc.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [30264 2013-07-12] (ASUSTek Computer Inc)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39632 2009-06-02] (www.winchiphead.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-12-27] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2014-04-07] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43192 2013-08-26] (VMware, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2009-06-18] (Windows (R) Win 7 DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2014-04-07] (Raxco Software, Inc.)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1760384 2009-08-20] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25808 2013-08-27] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2013-08-27] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2013-08-27] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-08-27] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\DRIVERS\vmusb.sys [31928 2013-08-26] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [65488 2013-08-27] (VMware, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-08-15] (VMware, Inc.)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 23:28 - 2014-11-21 23:28 - 00000000 ____D () C:\FRST
2014-11-21 23:25 - 2014-11-21 23:28 - 00000000 ____D () C:\Users\33\Downloads\Nowy folder
2014-11-21 23:23 - 2014-11-21 23:23 - 00003182 _____ () C:\Users\33\Downloads\FSS.txt
2014-11-21 12:49 - 2014-11-21 12:49 - 08976258 _____ () C:\Users\33\Desktop\Abstrakt_Part_1.zip
2014-11-21 12:49 - 2014-11-21 12:49 - 00000000 ____D () C:\Users\33\Desktop\Abstrakt_Part_1
2014-11-20 11:40 - 2014-11-21 23:14 - 00000470 ____H () C:\Windows\Tasks\SW-Booster-S-792098896.job
2014-11-20 11:40 - 2014-11-20 11:40 - 00000000 ____D () C:\Program Files\DeltaFix
2014-11-20 11:39 - 2014-11-20 11:40 - 00000000 ____D () C:\ProgramData\782ccbc22351b486
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\wyp 3 tyg\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\wyp 3 tyg\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\wyp 3 tyg\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\ww1\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\ww1\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\ww1\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Gość\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Gość\AppData\Local\Google
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Gość\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Gość
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\Administrator
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\39\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\39\AppData\Local\Google
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\39\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\39\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\39
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\37\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\37\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\37\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\36\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\36\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\36\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\33\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\33\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\33\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\29\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\29\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\29\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\28\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\28\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\28\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\19\AppData\Local\Torch
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\19\AppData\Local\Comodo
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\19\AppData\Local\Chromatic Browser
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\ProgramData\websave
2014-11-20 11:39 - 2014-11-20 11:39 - 00000000 ____D () C:\Program Files\websave
2014-11-20 11:38 - 2014-11-20 11:38 - 00001908 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2014-11-20 11:38 - 2014-11-20 11:38 - 00000000 ____D () C:\Windows\system32\X86
2014-11-20 11:38 - 2014-11-20 11:38 - 00000000 ____D () C:\Windows\system32\AMD64
2014-11-20 11:38 - 2014-11-20 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2014-11-20 11:38 - 2014-11-20 11:38 - 00000000 ____D () C:\Program Files\EZDownloader
2014-11-20 11:37 - 2014-11-20 11:38 - 00933376 _____ () C:\Users\33\Downloads\N8FanClub.com_CuteRadio_0.2.1_anna_belle_unsigned.sis.exe
2014-11-20 11:37 - 2014-11-20 11:37 - 00933376 _____ () C:\Users\33\Downloads\N8FanClub.com_Radio_100_v1.1.0_signed_offline.zip.exe
2014-11-20 10:22 - 2014-11-20 10:22 - 16210021 _____ () C:\Users\33\Downloads\Ogólna prezentacja Ikea Industry Lubawa.pptx
2014-11-20 01:30 - 2014-11-20 01:30 - 04535624 _____ () C:\Users\37\Downloads\jb-hybrid-by-blade.sis
2014-11-20 00:49 - 2014-11-20 00:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-11-20 00:45 - 2014-11-20 00:45 - 00000256 _____ () C:\dk2.mem
2014-11-20 00:43 - 2014-11-20 00:52 - 00000000 ____D () C:\ProgramData\Nokia
2014-11-20 00:43 - 2014-11-20 00:43 - 00001938 _____ () C:\Users\Public\Desktop\Phoenix.lnk
2014-11-20 00:43 - 2014-11-20 00:43 - 00000000 ____D () C:\Users\37\Downloads\SOFCIK NOKIA 500
2014-11-20 00:41 - 2014-11-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix
2014-11-20 00:41 - 2014-11-20 00:43 - 00000000 ____D () C:\Program Files\Nokia
2014-11-20 00:41 - 2014-11-20 00:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-11-20 00:39 - 2014-11-20 00:39 - 00000000 ____D () C:\Users\37\AppData\Local\Symbian-Toys.com
2014-11-20 00:38 - 2014-11-20 00:39 - 00000000 ____D () C:\Users\37\AppData\Roaming\NaviFirmPlus
2014-11-20 00:38 - 2014-11-20 00:38 - 00274596 _____ () C:\Users\37\Downloads\navifirmplus_3.2.zip
2014-11-20 00:38 - 2014-11-20 00:38 - 00000000 ____D () C:\Users\37\AppData\Roaming\WinRAR
2014-11-20 00:34 - 2014-11-20 00:34 - 00777088 _____ ( ) C:\Users\37\Downloads\NaviFirm(28646)-dp.exe
2014-11-20 00:24 - 2014-11-20 00:26 - 109803718 _____ () C:\Users\37\Downloads\phoenix_service_software_2012.50.001.49220 By nokiafirmware24.rar
2014-11-19 23:32 - 2014-11-20 00:03 - 148599183 _____ () C:\Users\37\Downloads\SOFCIK NOKIA 500.rar
2014-11-19 12:04 - 2014-11-19 12:04 - 03163794 _____ () C:\Users\33\Desktop\Proces przyjmowania mebli IKEA na Magazyn Wyrobów Gotowych bez fiml.pptx
2014-11-19 11:52 - 2014-11-19 12:05 - 00059392 _____ () C:\Users\33\Downloads\CH02_20141118_182330 (1).xls
2014-11-19 11:10 - 2014-11-20 10:14 - 00000000 ____D () C:\Users\33\Desktop\ikea
2014-11-18 23:06 - 2014-11-18 23:06 - 00059392 _____ () C:\Users\33\Downloads\CH02_20141118_182330.xls
2014-11-18 12:16 - 2014-11-20 11:40 - 00000000 ____D () C:\ProgramData\23405448
2014-11-18 12:04 - 2014-11-18 12:04 - 00002645 _____ () C:\Users\33\Downloads\list.ics
2014-11-18 02:19 - 2014-11-20 11:40 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-11-18 02:19 - 2014-11-18 02:20 - 00000000 ____D () C:\Users\33\AppData\Roaming\SkypEmoticons
2014-11-18 02:19 - 2014-11-18 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
2014-11-18 02:17 - 2014-11-18 12:17 - 00000000 ____D () C:\Program Files\YoutubeAdBlocke
2014-11-18 02:17 - 2014-11-18 12:15 - 00000000 ____D () C:\Program Files\GoSave
2014-11-18 02:17 - 2014-11-18 02:17 - 00000000 ____D () C:\ProgramData\8659520218203272326
2014-11-18 02:16 - 2014-11-18 02:16 - 00000000 ____D () C:\ProgramData\ognfgikghbchhcgbjemenmfodehlahme
2014-11-18 02:15 - 2014-11-18 02:15 - 08822610 _____ ( ) C:\Users\33\Downloads\UploadingDesktop.exe
2014-11-18 02:15 - 2014-11-18 02:15 - 00943616 _____ () C:\Users\33\Downloads\Samsung N130 Wireless LAN,ATHEROS Win XP 7.7.0.329.zip.exe
2014-11-18 02:10 - 2014-11-18 02:10 - 00943616 _____ () C:\Users\33\Downloads\Samsung N130 Chipset Win XP 9.1.1.1014.zip.exe
2014-11-18 00:52 - 2014-11-18 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-18 00:51 - 2014-11-18 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-18 00:51 - 2014-11-18 00:51 - 00115928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 00:50 - 2014-11-18 00:50 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-18 00:49 - 2014-11-18 00:50 - 14439696 _____ (Malwarebytes Corp.) C:\Users\33\Downloads\mbar-1.08.1.1001.exe
2014-11-18 00:26 - 2014-11-18 00:26 - 02140160 _____ () C:\Users\33\Downloads\AdwCleaner_4.exe
2014-11-18 00:15 - 2014-11-18 00:15 - 09674156 _____ () C:\Users\33\Downloads\Novicorp WinToFlash 0.7.0048 beta.zip
2014-11-18 00:12 - 2014-11-18 00:12 - 00001209 _____ () C:\Users\33\Downloads\usb_prep.log
2014-11-18 00:11 - 2014-11-18 00:11 - 00470727 _____ () C:\Users\33\Downloads\win2flash.rar
2014-11-18 00:11 - 2014-11-18 00:11 - 00000000 ____D () C:\Users\33\AppData\Roaming\WinRAR
2014-11-18 00:08 - 2014-11-18 00:08 - 34113827 _____ () C:\Users\33\Downloads\Novicorp WinToFlash 0.8.0000 Beta.zip
2014-11-18 00:07 - 2014-11-18 00:07 - 00732168 _____ ( ) C:\Users\33\Downloads\Novicorp WinToFlash 0.8.0000 Beta.exe
2014-11-17 23:59 - 2014-11-17 23:59 - 00000000 ____D () C:\Users\33\AppData\Roaming\DAEMON Tools Lite
2014-11-17 23:55 - 2014-11-18 00:03 - 00000000 ____D () C:\Users\33\Downloads\WinSetupFromUSB-1-4
2014-11-17 23:54 - 2014-11-17 23:55 - 23462809 _____ (Igor Pavlov) C:\Users\33\Downloads\WinSetupFromUSB-1-4.exe
2014-11-17 23:37 - 2014-11-17 23:52 - 00000000 ____D () C:\Users\33\AppData\Roaming\BITS
2014-11-17 23:37 - 2014-11-17 23:37 - 00017794 _____ () C:\Users\33\Downloads\[www.tnt24.info] Windows XP Home Edition SP3 OEM PL [IE8.WMP11.DX.NET.FINAL.FULL.Kwiecien.2014-NiKKA].torrent
2014-11-17 23:37 - 2014-11-17 23:37 - 00001388 _____ () C:\Users\33\Desktop\FlashGet downloads.lnk
2014-11-17 23:37 - 2014-11-17 23:37 - 00000000 ____D () C:\Users\33\AppData\Roaming\FlashGet
2014-11-16 12:27 - 2014-11-16 12:28 - 00000000 ____D () C:\Users\33\AppData\Roaming\Winamp
2014-11-16 12:26 - 2014-11-16 12:27 - 56502292 _____ () C:\Users\33\Downloads\videoplayback.mp4
2014-11-15 14:41 - 2014-11-15 14:41 - 00001149 _____ () C:\Users\33\Downloads\GamesAccs_2013-01_2014-04_sold (1).csv
2014-11-15 14:29 - 2014-11-15 14:29 - 00001149 _____ () C:\Users\33\Downloads\GamesAccs_2013-01_2014-04_sold.csv
2014-11-13 17:02 - 2014-11-19 12:11 - 203782139 _____ () C:\Users\33\Desktop\Proces przyjmowania mebli IKEA na Magazyn Wyrobów Gotowych.pptx
2014-11-13 16:20 - 2014-11-13 16:20 - 00003688 _____ () C:\Users\33\Desktop\Tablet.txt
2014-11-12 19:31 - 2014-11-12 19:37 - 00000000 ____D () C:\Users\36\Downloads\Nowy folder
2014-11-11 21:05 - 2014-11-11 21:05 - 00011553 _____ () C:\Users\33\Desktop\gps.txt
2014-11-11 20:51 - 2014-11-11 20:51 - 00002702 _____ () C:\Users\33\Desktop\fifa 15.txt
2014-11-10 19:12 - 2014-11-10 19:12 - 00000000 ____D () C:\Users\19\AppData\Roaming\Winamp
2014-11-02 22:23 - 2014-11-02 22:23 - 00003421 _____ () C:\Users\36\Downloads\vpnme_us2_tcp443.zip
2014-11-02 22:23 - 2014-11-02 22:23 - 00000000 ____D () C:\Users\36\AppData\Roaming\WinRAR
2014-11-01 16:00 - 2014-11-01 16:10 - 00000000 ____D () C:\Users\ww1\AppData\Roaming\Skype
2014-11-01 16:00 - 2014-11-01 16:00 - 00000000 ____D () C:\Users\ww1\AppData\Local\Skype
2014-11-01 14:53 - 2014-11-07 21:43 - 00000000 ____D () C:\Users\38
2014-10-31 13:02 - 2014-11-07 20:43 - 00000131 _____ () C:\Users\37\Desktop\Nowy dokument tekstowy.txt
2014-10-31 13:02 - 2014-10-31 13:02 - 00000000 ____D () C:\Users\37\AppData\Roaming\Macromedia
2014-10-31 13:02 - 2014-10-31 13:02 - 00000000 ____D () C:\Users\37\AppData\Roaming\Adobe
2014-10-31 13:02 - 2014-10-31 13:02 - 00000000 ____D () C:\Users\37\AppData\Local\Macromedia
2014-10-31 13:00 - 2014-10-31 13:00 - 00000000 ____D () C:\Users\37\AppData\Roaming\Mozilla
2014-10-31 13:00 - 2014-10-31 13:00 - 00000000 ____D () C:\Users\37\AppData\Local\Mozilla
2014-10-31 12:59 - 2014-10-31 12:59 - 00074424 _____ () C:\Users\37\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-31 12:59 - 2014-10-31 12:59 - 00001434 _____ () C:\Users\37\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-31 12:59 - 2014-10-31 12:59 - 00000000 ____D () C:\Users\37\AppData\Roaming\ATI
2014-10-31 12:59 - 2014-10-31 12:59 - 00000000 ____D () C:\Users\37\AppData\Local\SRS Labs
2014-10-31 12:59 - 2014-10-31 12:59 - 00000000 ____D () C:\Users\37\AppData\Local\ATI
2014-10-31 12:58 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\37\AppData\Local\Google
2014-10-31 12:58 - 2014-10-31 12:58 - 00000640 __RSH () C:\Users\37\ntuser.pol
2014-10-31 12:58 - 2014-10-31 12:58 - 00000020 ___SH () C:\Users\37\ntuser.ini
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Ustawienia lokalne
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Szablony
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Moje dokumenty
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Menu Start
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Documents\Moje wideo
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Documents\Moje obrazy
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Documents\Moja muzyka
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\Dane aplikacji
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\AppData\Local\Historia
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 _SHDL () C:\Users\37\AppData\Local\Dane aplikacji
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 ___RD () C:\Users\37\Virtual Machines
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 ____D () C:\Users\37\AppData\Roaming\ioloGovernor
2014-10-31 12:58 - 2014-10-31 12:58 - 00000000 ____D () C:\Users\37
2014-10-31 12:58 - 2013-09-13 14:09 - 00000000 ____D () C:\Users\37\AppData\Local\Microsoft Help
2014-10-31 12:58 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\37\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 12:58 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\37\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 00:27 - 2014-10-31 00:50 - 01201742 _____ () C:\Users\29\Desktop\IKEA Industry Lubawa.pptx
2014-10-30 23:27 - 2014-11-01 16:27 - 00000000 ____D () C:\Users\29\AppData\Roaming\Skype
2014-10-30 23:27 - 2014-10-30 23:27 - 00000000 ____D () C:\Users\29\AppData\Local\Skype
2014-10-30 23:26 - 2014-10-30 23:26 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-30 23:26 - 2014-10-30 23:26 - 00000000 ___RD () C:\Program Files\Skype
2014-10-30 23:26 - 2014-10-30 23:26 - 00000000 ____D () C:\ProgramData\Skype
2014-10-30 23:26 - 2014-10-30 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-30 23:26 - 2014-10-30 23:26 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-30 23:25 - 2014-10-30 23:25 - 01546848 _____ (Skype Technologies S.A.) C:\Users\29\Downloads\SkypeSetup.exe
2014-10-29 23:42 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\36\AppData\Roaming\Macromedia
2014-10-29 23:42 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\36\AppData\Roaming\Adobe
2014-10-29 23:42 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\36\AppData\Local\Macromedia
2014-10-29 23:40 - 2014-11-11 20:09 - 00000314 _____ () C:\Users\36\Desktop\Nowy dokument tekstowy.txt
2014-10-29 23:40 - 2014-10-29 23:40 - 00000000 ____D () C:\Users\36\AppData\Roaming\Mozilla
2014-10-29 23:40 - 2014-10-29 23:40 - 00000000 ____D () C:\Users\36\AppData\Local\Mozilla
2014-10-29 23:39 - 2014-10-29 23:39 - 00074424 _____ () C:\Users\36\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-29 23:39 - 2014-10-29 23:39 - 00000000 ____D () C:\Users\36\AppData\Roaming\ATI
2014-10-29 23:39 - 2014-10-29 23:39 - 00000000 ____D () C:\Users\36\AppData\Local\SRS Labs
2014-10-29 23:39 - 2014-10-29 23:39 - 00000000 ____D () C:\Users\36\AppData\Local\ATI
2014-10-29 23:38 - 2014-11-20 11:39 - 00000000 ____D () C:\Users\36\AppData\Local\Google
2014-10-29 23:38 - 2014-10-29 23:38 - 00001434 _____ () C:\Users\36\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-29 23:38 - 2014-10-29 23:38 - 00000000 ___RD () C:\Users\36\Virtual Machines
2014-10-29 23:37 - 2014-10-29 23:38 - 00000000 ____D () C:\Users\36
2014-10-29 23:37 - 2014-10-29 23:37 - 00000640 __RSH () C:\Users\36\ntuser.pol
2014-10-29 23:37 - 2014-10-29 23:37 - 00000020 ___SH () C:\Users\36\ntuser.ini
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Ustawienia lokalne
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Szablony
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Moje dokumenty
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Menu Start
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Documents\Moje wideo
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Documents\Moje obrazy
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Documents\Moja muzyka
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\Dane aplikacji
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\AppData\Local\Historia
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 _SHDL () C:\Users\36\AppData\Local\Dane aplikacji
2014-10-29 23:37 - 2014-10-29 23:37 - 00000000 ____D () C:\Users\36\AppData\Roaming\ioloGovernor
2014-10-29 23:37 - 2013-09-13 14:09 - 00000000 ____D () C:\Users\36\AppData\Local\Microsoft Help
2014-10-29 23:37 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\36\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 23:37 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\36\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-28 23:31 - 2014-10-28 23:31 - 00203422 _____ () C:\Users\29\Desktop\10.1  Android 4.4 Quad Core tablet pc Allwinner A31s Quad Core tablets with Bluetooth Capacitive Touch 8GB 16GB 32GB Optional-in Tablet PCs from Electronics on Aliexpress.com   Alibaba Group.html
2014-10-28 23:31 - 2014-10-28 23:31 - 00000000 ____D () C:\Users\29\Desktop\10.1  Android 4.4 Quad Core tablet pc Allwinner A31s Quad Core tablets with Bluetooth Capacitive Touch 8GB 16GB 32GB Optional-in Tablet PCs from Electronics on Aliexpress.com   Alibaba Group_files
2014-10-25 14:39 - 2014-10-25 14:39 - 01141408 _____ ( ) C:\Users\33\Downloads\hwmonitor_1.25-setup.exe
2014-10-25 14:39 - 2014-10-25 14:39 - 00001096 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-10-25 14:39 - 2014-10-25 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-10-25 14:39 - 2014-10-25 14:39 - 00000000 ____D () C:\Program Files\CPUID

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 23:22 - 2009-07-14 05:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 23:22 - 2009-07-14 05:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 23:18 - 2013-07-12 17:27 - 01414337 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 23:14 - 2014-01-08 22:34 - 00000000 ____D () C:\ProgramData\VMware
2014-11-21 23:14 - 2013-07-13 11:06 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 23:13 - 2014-09-12 16:46 - 00014878 _____ () C:\Windows\setupact.log
2014-11-21 23:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 12:52 - 2010-08-02 23:05 - 00746284 _____ () C:\Windows\system32\perfh015.dat
2014-11-21 12:52 - 2010-08-02 23:05 - 00157866 _____ () C:\Windows\system32\perfc015.dat
2014-11-21 12:52 - 2010-06-21 12:39 - 02553620 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 12:52 - 2009-07-14 09:41 - 00721032 _____ () C:\Windows\system32\perfh019.dat
2014-11-21 12:52 - 2009-07-14 09:41 - 00152172 _____ () C:\Windows\system32\perfc019.dat
2014-11-21 12:47 - 2013-12-20 19:17 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 12:32 - 2014-05-20 18:51 - 00000000 ____D () C:\Program Files\Opera
2014-11-21 00:00 - 2013-07-13 11:06 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 11:39 - 2014-10-20 18:27 - 00000000 ____D () C:\Users\33\AppData\Local\Google
2014-11-20 11:39 - 2014-10-05 15:38 - 00000000 ____D () C:\Users\29\AppData\Local\Google
2014-11-20 11:39 - 2014-10-04 19:00 - 00000000 ____D () C:\Users\28\AppData\Local\Google
2014-11-20 11:39 - 2014-09-17 23:39 - 00000000 ____D () C:\Users\wyp 3 tyg\AppData\Local\Google
2014-11-20 11:39 - 2014-08-24 23:38 - 00000000 ____D () C:\Users\ww1\AppData\Local\Google
2014-11-20 11:39 - 2014-08-15 13:37 - 00000000 ____D () C:\Users\19\AppData\Local\Google
2014-11-20 10:12 - 2014-10-20 18:28 - 00074944 _____ () C:\Users\33\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-20 10:11 - 2013-07-12 17:24 - 01642432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-18 12:00 - 2014-09-12 16:46 - 00003550 _____ () C:\Windows\PFRO.log
2014-11-18 02:19 - 2014-10-20 18:27 - 00001652 _____ () C:\Users\33\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-18 02:19 - 2014-02-02 16:41 - 00001348 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-18 02:19 - 2014-02-02 16:41 - 00001336 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-18 02:19 - 2013-07-13 11:07 - 00002362 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 02:03 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\Performance
2014-11-18 00:41 - 2014-04-08 14:54 - 00000000 ____D () C:\AdwCleaner
2014-11-17 23:54 - 2013-08-01 21:23 - 00004700 _____ () C:\Windows\system32\secushr.dat
2014-11-17 23:11 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-16 12:29 - 2014-10-20 18:31 - 00000273 _____ () C:\Users\33\Desktop\Nowy dokument tekstowy.txt
2014-11-16 11:43 - 2014-09-07 11:47 - 00001318 _____ () C:\Users\ww1\Desktop\Kontynuuj instalację Origin.lnk
2014-11-16 11:43 - 2014-08-24 23:37 - 00000000 ____D () C:\Users\ww1
2014-11-12 19:31 - 2013-09-11 14:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 13:47 - 2013-12-20 19:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 13:47 - 2013-12-20 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-07 21:40 - 2014-09-12 14:52 - 00000718 _____ () C:\Users\ww1\proxy.txt
2014-11-04 21:15 - 2014-08-24 23:41 - 00000604 _____ () C:\Users\ww1\Desktop\Nowy dokument tekstowy.txt
2014-11-02 22:49 - 2014-10-05 15:25 - 00000092 _____ () C:\Users\ww1\whistle.txt
2014-11-01 16:43 - 2014-10-04 15:19 - 00000410 _____ () C:\Users\ww1\pelne karty.txt
2014-10-31 12:46 - 2014-10-05 15:40 - 00000917 _____ () C:\Users\29\Desktop\Nowy dokument tekstowy.txt
2014-10-31 12:05 - 2014-08-15 13:41 - 00000425 _____ () C:\Users\19\Desktop\Nowy dokument tekstowy.txt
2014-10-28 06:35 - 2010-06-21 12:42 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 00:13 - 2014-09-17 23:45 - 00000282 _____ () C:\Users\wyp 3 tyg\Desktop\Nowy dokument tekstowy.txt

Some content of TEMP:
====================
C:\Users\33\AppData\Local\Temp\ICReinstall_Novicorp WinToFlash 0.8.0000 Beta.exe
C:\Users\33\AppData\Local\Temp\Quarantine.exe
C:\Users\33\AppData\Local\Temp\sqlite3.dll
C:\Users\33\AppData\Local\Temp\sSetup-se.exe
C:\Users\ww1\AppData\Local\Temp\hp_A0A3.tmp.exe
C:\Users\ww1\AppData\Local\Temp\ICReinstall_Origin_9.4.22.2815 (43453).exe
C:\Users\ww1\AppData\Local\Temp\optprosetup.exe
C:\Users\ww1\AppData\Local\Temp\Quarantine.exe
C:\Users\ww1\AppData\Local\Temp\silent-1-.exe
C:\Users\ww1\AppData\Local\Temp\SRLDetectionLibrary7572652069377484650.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2009-07-14 00:41] - [2010-08-03 14:39] - 3144704 ____A (Microsoft Corporation) 08029ADC4B734BF36B7C17A1C2DBC54E

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 00:24] - [2010-06-04 08:53] - 0808448 ____A (Microsoft Corporation) 3D7778DA786063D589EA56D928A39FB1

C:\Windows\system32\userinit.exe
[2009-07-14 00:34] - [2010-06-04 08:51] - 0026624 ____A (Microsoft Corporation) A1C9C01C02AF6A2C81CAC34CD5E65F9B

C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-12 13:47

==================== End Of Log ============================