TechSpot

Can't Remove Savings Wizard

Solved
By besthijacker
Feb 20, 2014
  1. Hello. I was instructed to post here from a friend of mine so here it goes. I have something installed as Savings Wizard. I don't see it anywhere, I have searched it and searched for it and nothing...
    This also comes with Chrome Extension that cannot be deleted due "Installed by enterprise policy.". Perhaps you can help!

    Malwarebytes Log:
    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.20.13

    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Hubert :: HUBERT [administrator]

    Protection: Disabled

    2014-02-20 22:15:30
    mbam-log-2014-02-20 (22-15-30).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 571783
    Time elapsed: 36 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. besthijacker

    besthijacker TS Rookie Topic Starter

    DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
    Run by Hubert at 22:18:22 on 2014-02-20
    #Option Extended Search is enabled.
    Microsoft Windows 8.1 Pro z programem Media Center 6.3.9600.0.1252.1.1033.18.8078.2205 [GMT -5:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\WINDOWS\system32\taskhostex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\WINDOWS\system32\dashost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    C:\WINDOWS\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\Windows Firewall Control\wfcs.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\SettingSyncHost.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\PROGRA~2\Raptr\raptr.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\PROGRA~2\Raptr\raptr_im.exe
    C:\Program Files\Windows Firewall Control\wfc.exe
    C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
    C:\Program Files (x86)\XFastUSB\XFastUsb.exe
    C:\Program Files (x86)\Deluge\deluge.exe
    C:\Program Files (x86)\Raptr\raptr_ep64.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
    C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    BHO: EpTec: {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} - C:\Users\Hubert\AppData\Roaming\WinRAR\eptec.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SavvyConnect IE Extension: {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll
    uRun: [Google Update] "C:\Users\Hubert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [qBittorrent] "C:\Program Files (x86)\qBittorrent\qbittorrent.exe"
    uRun: [TSMApplication] "C:\Users\Hubert\Desktop\TSM_App_Full\TSMApplication.exe"
    uRun: [f.lux] "C:\Users\Hubert\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [SavvyConnectMenu] "C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" -a
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
    mRun: [ShopAtHomeWatcher] C:\Users\Hubert\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    mRun: [ShopAtHomeUpdater] C:\Users\Hubert\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINDOW~1.LNK - C:\Program Files\Windows Firewall Control\wfc.exe
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: SynchronousMachineGroupPolicy = dword:0
    mPolicies-System: SynchronousUserGroupPolicy = dword:0
    mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{C2A55726-89DA-4E00-8D20-F5D5E80C44D1} : DHCPNameServer = 192.168.1.1
    Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
    Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://www.google.com
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Plus-HD-7.6: {11111111-1111-1111-1111-110511071178} -
    x64-BHO: Savings Wizard BHO: {5682CA62-1A80-40AE-82A0-B67833CE75FF} -
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
    x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-mPolicies-System: SynchronousMachineGroupPolicy = dword:0
    x64-mPolicies-System: SynchronousUserGroupPolicy = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
    x64-Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    Hosts: 54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
    R0 intelpep;Sterownik wtyczki aparatu zasilania firmy Intel(R);C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-10 39768]
    R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
    R1 FNETURPX;FNETURPX;C:\WINDOWS\System32\drivers\FNETURPX.SYS [2013-10-27 16648]
    R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\System32\drivers\vd_filedisk.sys [2011-1-26 30312]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-10-27 131544]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-27 169432]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-10 418376]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1593632]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-28 16939296]
    R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-18 1907896]
    R2 SCService;SavvyConnect Desktop Service;C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe [2013-9-19 1901872]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-22 4915040]
    R2 wfcs;Windows Firewall Control;C:\Program Files\Windows Firewall Control\wfcs.exe [2014-1-11 78336]
    R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 27032]
    R3 k57nd60a;Karta Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2013-8-22 425984]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2009-10-7 327704]
    R3 LVUVC64;@oem6.inf,%PID_09A1_DD%(UVC);Logitech QuickCam S5500(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-1-10 25928]
    R3 NcbService;Broker polaczen sieciowych;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    R3 NdisVirtualBus;Modul wyliczajacy wirtualnej karty sieciowej firmy Microsoft;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
    R3 Neo_VPN;VPN Client Device Driver - VPN;C:\WINDOWS\System32\drivers\Neo_VPN.sys [2013-11-4 28768]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-1-26 39200]
    R3 SaiK0728;SaiK0728;C:\WINDOWS\System32\drivers\SaiK0728.sys [2008-1-21 129024]
    R3 WdNisDrv;Sterownik systemowy uslugi inspekcji sieci Windows Defender;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2013-8-22 124256]
    R3 WdNisSvc;Usluga inspekcji sieci Windows Defender;C:\Program Files\Windows Defender\NisSrv.exe [2013-8-22 346872]
    R3 xusb22;Usluga 22 sterownika odbiornika bezprzewodowego Xbox 360;C:\WINDOWS\System32\drivers\xusb22.sys [2013-8-22 87040]
    S2 BBSvc;BingBar Service;"C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe" --> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe [?]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-10 701512]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
    S3 AppReadiness;Przygotowywanie aplikacji;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
    S3 BBUpdate;BBUpdate;"C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe" --> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe [?]
    S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
    S3 FNETTBOH_305;FNETTBOH_305;C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS [2013-10-27 32320]
    S3 iaLPSSi_GPIO;Sterownik szeregowego kontrolera GPIO we/wy firmy Intel(R);C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
    S3 iaLPSSi_I2C;Sterownik szeregowego kontrolera I2C we/wy firmy Intel(R);C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
    S3 iaStorAV;Kontroler Intel(R) SATA RAID Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
    S3 IDMWFP;IDMWFP;C:\WINDOWS\System32\drivers\idmwfp.sys [2014-2-5 175480]
    S3 IEEtwCollectorService;Usluga kolektora funkcji ETW programu Explorer Internet;C:\WINDOWS\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 kbldfltr;kbldfltr;C:\WINDOWS\System32\drivers\kbldfltr.sys [2013-9-29 22272]
    S3 lfsvc;Usluga struktury polozenia systemu Windows;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
    S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
    S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-11-12 178776]
    S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2013-8-22 924512]
    S3 ScDeviceEnum;Usluga wyliczania urzadzen karty inteligentnej;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    S3 SEE;SoftEther Ethernet Layer Driver;C:\WINDOWS\System32\drivers\see.sys [2013-11-4 38240]
    S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-10 146776]
    S3 smphost;Miejsca do magazynowania firmy Microsoft — SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-11-17 155824]
    S3 stornvme;Standardowy sterownik NVM Express firmy Microsoft;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
    S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\System32\drivers\teamviewervpn.sys [2013-12-22 35112]
    S3 UEFI;Sterownik UEFI firmy Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
    S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\drivers\vmbusr.sys [2013-9-29 129536]
    S3 vmicguestinterface;Interfejs uslugi goscia funkcji Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    S3 WEPHOSTSVC;Usluga hosta dostawcy szyfrowania systemu Windows;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
    S3 workfolderssvc;Foldery robocze;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-8-22 230912]
    S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
    .
    =============== Created Last 60 ================
    .
    2014-02-21 03:02:29 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-02-21 02:49:31 923936 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
    2014-02-21 02:49:31 6712608 ----a-w- C:\WINDOWS\System32\nvcpl.dll
    2014-02-21 02:49:31 63776 ----a-w- C:\WINDOWS\System32\nvshext.dll
    2014-02-21 02:49:31 386336 ----a-w- C:\WINDOWS\System32\nvmctray.dll
    2014-02-21 02:49:31 3573739 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
    2014-02-21 02:49:31 3498272 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
    2014-02-21 02:49:31 2559776 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
    2014-02-21 02:39:35 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8765E9E0-0DF9-4223-80B5-F1DD70FF4135}\mpengine.dll
    2014-02-21 02:39:04 -------- d-----w- C:\AdwCleaner
    2014-02-21 02:37:08 -------- d-----w- C:\Program Files (x86)\Trojan Remover
    2014-02-18 03:51:15 965000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C359C7B3-C474-49DA-95AE-2DAEB2434EE4}\gapaengine.dll
    2014-02-18 02:43:48 -------- d-----w- C:\Users\Hubert\AppData\Roaming\ShopAtHome
    2014-02-17 21:37:38 -------- d-----w- C:\Program Files (x86)\Minion Rush
    2014-02-17 14:42:42 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2014-02-16 21:50:40 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2014-02-15 22:14:43 -------- d-----w- C:\Users\Hubert\AppData\Roaming\IDM
    2014-02-15 22:14:40 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
    2014-02-15 12:16:05 -------- d-----w- C:\Users\Hubert\AppData\Roaming\XBMC
    2014-02-15 12:15:38 -------- d-----w- C:\Program Files (x86)\XBMC
    2014-02-14 22:23:33 -------- d-----w- C:\Users\Hubert\AppData\Roaming\InstallX Search Protect for Yahoo
    2014-02-14 20:56:41 -------- d-----w- C:\Users\Hubert\AppData\Roaming\PC-Gizmos
    2014-02-13 16:06:54 -------- d-----w- C:\WINDOWS\LastGood.Tmp
    2014-02-13 15:15:56 -------- d-----w- C:\Program Files (x86)\NCSOFT
    2014-02-13 14:47:21 -------- d-----w- C:\Users\Hubert\AppData\Local\Deployment
    2014-02-13 14:47:21 -------- d-----w- C:\Users\Hubert\AppData\Local\Apps
    2014-02-13 14:36:56 -------- d-----w- C:\ProgramData\CDB
    2014-02-13 14:34:49 -------- d-----w- C:\Users\Hubert\.android
    2014-02-13 14:34:48 -------- d-----w- C:\Users\Hubert\AppData\Local\cache
    2014-02-13 14:33:17 -------- d-----w- C:\Users\Hubert\AppData\Local\Popajar
    2014-02-13 14:06:37 18944 ----a-r- C:\Users\Hubert\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
    2014-02-05 12:44:15 175480 ----a-w- C:\WINDOWS\System32\drivers\idmwfp.sys
    2014-02-04 01:51:08 -------- d-----w- C:\Program Files\CPUID
    2014-02-02 18:34:03 -------- d-----w- C:\Users\Hubert\AppData\Local\Daedalic Entertainment GmbH
    2014-02-02 13:51:37 -------- d-----w- C:\Users\Hubert\AppData\Local\Playfire_Ltd
    2014-02-02 05:09:52 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Hard Disk Sentinel
    2014-02-02 05:09:12 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel
    2014-02-02 04:22:33 -------- d-----w- C:\Users\Hubert\AppData\Local\Ascaron Entertainment
    2014-02-02 03:43:17 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2014-02-02 03:43:17 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2014-02-02 03:43:17 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2014-02-02 03:43:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2014-02-02 03:43:17 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2014-02-02 03:43:17 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2014-02-02 03:43:17 2080472 ----a-w- C:\WINDOWS\RtlExUpd.dll
    2014-02-02 03:43:17 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2014-02-02 03:43:17 -------- d--h--w- C:\Program Files (x86)\Temp
    2014-02-02 03:43:16 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2014-02-02 03:43:16 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2014-02-02 02:20:07 -------- d-----w- C:\Users\Hubert\AppData\Roaming\WizardWars
    2014-02-01 21:09:14 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Vulcan
    2014-02-01 21:09:13 -------- d-----w- C:\Users\Hubert\AppData\Local\Vulcan
    2014-02-01 21:08:52 -------- d-----w- C:\Program Files (x86)\Playfire
    2014-02-01 18:18:57 -------- d-----w- C:\ProgramData\PMS
    2014-02-01 18:18:45 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
    2014-02-01 17:34:51 419840 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
    2014-02-01 17:34:51 413696 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
    2014-02-01 17:34:51 133632 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
    2014-02-01 17:34:51 110592 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
    2014-02-01 17:34:51 -------- d-----w- C:\Program Files (x86)\OpenAL
    2014-02-01 13:26:57 -------- d-----w- C:\ProgramData\Wowhead
    2014-02-01 13:21:47 -------- d-----w- C:\Program Files (x86)\Master Games International
    2014-02-01 12:51:58 -------- d-----w- C:\Users\Hubert\AppData\Local\InfiniteCrisis
    2014-02-01 01:41:46 -------- d-----w- C:\Users\Hubert\AppData\Local\Turbine
    2014-02-01 01:39:48 -------- d-----w- C:\ProgramData\Turbine
    2014-01-26 22:10:01 39200 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
    2014-01-26 22:10:01 33056 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
    2014-01-25 19:32:50 -------- d-----w- C:\Users\Hubert\AppData\Local\calibre-cache
    2014-01-25 19:32:09 -------- d-----w- C:\Program Files\Calibre2
    2014-01-18 02:24:40 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator
    2014-01-11 12:44:20 -------- d-----w- C:\ProgramData\Battle.net
    2014-01-11 05:22:27 -------- d-----w- C:\Users\Hubert\AppData\Local\Skyrim
    2014-01-11 05:10:18 -------- d-----w- C:\Program Files\Windows Firewall Control
    2014-01-11 02:01:07 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Malwarebytes
    2014-01-11 02:00:56 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
    2014-01-11 02:00:56 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-11 02:00:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-11 01:59:10 -------- d-----w- C:\NVIDIA
    2014-01-11 01:42:30 -------- d-----w- C:\Program Files (x86)\LastPass
    2014-01-04 18:38:59 -------- d-----w- C:\Users\Hubert\AppData\Local\FluxSoftware
    2014-01-02 01:09:40 -------- d-----w- C:\Users\Hubert\AppData\Local\Macromedia
    2014-01-02 01:05:43 -------- d-----w- C:\Users\Hubert\AppData\Local\Mozilla
    2013-12-31 18:29:50 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
    2013-12-31 18:20:00 -------- d-----w- C:\Program Files (x86)\Origin Games
    2013-12-31 18:19:42 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Origin
    2013-12-31 18:19:41 -------- d-----w- C:\Users\Hubert\AppData\Local\Origin
    2013-12-31 18:19:13 -------- d-----w- C:\ProgramData\Origin
    2013-12-31 18:19:12 -------- d-----w- C:\Program Files (x86)\Origin
    2013-12-26 21:04:46 -------- d-----w- C:\Users\Hubert\AppData\Local\VMware
    2013-12-26 21:00:53 -------- d-----w- C:\Program Files (x86)\VMware
    2013-12-26 20:48:29 -------- d-----w- C:\Users\Hubert\AppData\Local\Geckofx
    2013-12-26 20:48:23 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Firefly Studios
    2013-12-26 02:50:24 -------- d-----w- C:\Users\Hubert\AppData\Roaming\GG
    2013-12-26 02:50:21 -------- d-----w- C:\Users\Hubert\AppData\Local\GG
    2013-12-26 02:22:07 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Mobipocket
    2013-12-26 01:51:26 -------- d-----w- C:\Users\Hubert\AppData\Roaming\URSoft
    2013-12-26 01:51:21 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 7
    2013-12-26 01:23:41 -------- d-----w- C:\Users\Hubert\AppData\Local\MediaMonkey
    2013-12-26 01:22:45 -------- d-----w- C:\Users\Hubert\AppData\Roaming\MediaMonkey
    2013-12-26 00:10:24 -------- d-----w- C:\Program Files\Unlocker
    2013-12-24 05:09:25 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Beat Hazard
    2013-12-24 01:27:29 -------- d-----w- C:\Users\Hubert\AppData\Local\SKIDROW
    2013-12-23 19:05:13 -------- d-----w- C:\Users\Hubert\AppData\Roaming\TeamViewer
    2013-12-23 03:59:15 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2013-12-23 03:34:30 35112 ----a-w- C:\WINDOWS\System32\drivers\teamviewervpn.sys
    .
    ==================== Find6M ====================
    .
    2014-02-13 15:37:30 303104 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcGenral.dll
    2014-02-06 11:30:46 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\WINDOWS\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\WINDOWS\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
    2014-02-02 05:30:55 32320 ----a-w- C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS
    2014-01-30 20:47:26 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2014-01-30 20:47:26 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-21 02:53:40 1048152 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
    2014-01-21 02:53:29 1179576 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
    2014-01-19 07:38:24 270496 ------w- C:\WINDOWS\System32\MpSigStub.exe
    2014-01-18 00:37:21 442880 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
    2014-01-09 08:25:10 2804224 ----a-w- C:\WINDOWS\System32\actxprxy.dll
    2014-01-09 07:59:06 115712 ----a-w- C:\WINDOWS\System32\winbici.dll
    2014-01-09 07:59:02 1020928 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
    2014-01-09 07:49:48 919040 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
    2014-01-09 07:44:45 720384 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
    2014-01-09 07:43:12 121344 ----a-w- C:\WINDOWS\System32\SkyDriveShell.dll
    2014-01-09 07:29:28 105984 ----a-w- C:\WINDOWS\SysWow64\SkyDriveShell.dll
    2014-01-09 07:28:45 628736 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
    2014-01-09 07:28:44 4217344 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
    2014-01-09 07:18:50 870912 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
    2014-01-08 01:46:27 325464 -c--a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
    2014-01-08 01:41:24 382808 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
    2014-01-08 01:41:24 1530712 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
    2014-01-07 07:03:30 18944 ----a-w- C:\WINDOWS\System32\pcaui.exe
    2014-01-07 05:59:03 17408 ----a-w- C:\WINDOWS\SysWow64\pcaui.exe
    2014-01-07 05:00:20 2397184 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
    2014-01-07 04:30:31 2071552 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
    2014-01-04 20:50:05 1462216 ----a-w- C:\WINDOWS\System32\propsys.dll
    2014-01-04 19:22:49 1202888 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
    2014-01-04 15:59:06 219648 ----a-w- C:\WINDOWS\System32\drivers\UMDF\LocationProvider.dll
    2014-01-04 15:54:54 138240 ----a-w- C:\WINDOWS\System32\OEMLicense.dll
    2014-01-04 15:08:49 103936 ----a-w- C:\WINDOWS\SysWow64\OEMLicense.dll
    2014-01-04 14:52:01 2414592 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
    2014-01-04 14:30:03 13209088 ----a-w- C:\WINDOWS\System32\twinui.dll
    2014-01-04 14:23:19 11702272 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
    2014-01-04 14:08:33 206336 ----a-w- C:\WINDOWS\System32\WSClient.dll
    2014-01-04 13:53:05 174592 ----a-w- C:\WINDOWS\SysWow64\WSClient.dll
    2014-01-04 13:42:04 1105408 ----a-w- C:\WINDOWS\System32\SearchFolder.dll
    2014-01-04 13:40:27 7416832 ----a-w- C:\WINDOWS\System32\Windows.UI.Search.dll
    2014-01-04 13:36:27 830976 ----a-w- C:\WINDOWS\SysWow64\SearchFolder.dll
    2014-01-04 13:28:24 4961792 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
    2014-01-02 23:54:03 461312 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
    2014-01-02 23:48:13 336896 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
    2014-01-02 23:40:20 5770752 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
    2014-01-02 23:38:30 6640640 ----a-w- C:\WINDOWS\System32\mstscax.dll
    2014-01-01 01:55:10 1720560 ----a-w- C:\WINDOWS\System32\ntdll.dll
    2014-01-01 01:52:37 481944 ----a-w- C:\WINDOWS\System32\mfsvr.dll
    2014-01-01 00:56:41 1472048 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
    2014-01-01 00:55:58 381168 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
    2013-12-31 23:59:29 802816 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
    2013-12-31 23:57:55 1214976 ----a-w- C:\WINDOWS\System32\schedsvc.dll
    2013-12-31 23:56:35 960512 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
    2013-12-30 23:34:06 218112 ----a-w- C:\WINDOWS\SysWow64\sti.dll
    2013-12-30 23:33:43 770560 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
    2013-12-30 23:32:11 303616 ----a-w- C:\WINDOWS\System32\sti.dll
    2013-12-30 23:31:47 914944 ----a-w- C:\WINDOWS\System32\ReAgent.dll
    2013-12-30 23:31:46 947712 ----a-w- C:\WINDOWS\System32\reseteng.dll
    2013-12-27 18:42:16 35104 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
    2013-12-27 10:38:44 1057280 ----a-w- C:\WINDOWS\System32\rdvidcrl.dll
    2013-12-27 08:57:38 842752 ----a-w- C:\WINDOWS\System32\MsSpellCheckingFacility.dll
    2013-12-27 08:57:07 628736 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
    2013-12-27 08:23:50 749056 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
    2013-12-27 08:16:35 855552 ----a-w- C:\WINDOWS\SysWow64\rdvidcrl.dll
    2013-12-27 07:03:50 630272 ----a-w- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
    2013-12-27 07:03:13 478208 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
    2013-12-27 06:37:46 588800 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
    2013-12-21 07:21:45 376320 ----a-w- C:\WINDOWS\System32\pnrpsvc.dll
    2013-12-20 10:10:44 1113040 ----a-w- C:\WINDOWS\System32\KernelBase.dll
    2013-12-20 06:13:46 835584 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
    2013-12-18 04:16:25 108968 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
    2013-12-17 07:21:26 408576 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
    2013-12-14 06:31:39 13949440 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
    2013-12-14 06:19:48 18576384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
    2013-12-13 10:54:20 131160 ----a-w- C:\WINDOWS\System32\easinvoker.exe
    2013-12-13 07:24:20 121088 -c--a-w- C:\WINDOWS\System32\drivers\USBAUDIO.sys
    2013-12-13 06:36:39 178176 ----a-w- C:\WINDOWS\System32\easwrt.dll
    2013-12-13 05:32:24 140800 ----a-w- C:\WINDOWS\SysWow64\easwrt.dll
    2013-12-09 03:25:37 4190720 ----a-w- C:\WINDOWS\System32\win32k.sys
    2013-12-09 02:57:19 548864 ----a-w- C:\WINDOWS\System32\vbscript.dll
    2013-12-09 01:51:12 454656 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
    2013-12-09 00:34:48 1227264 ----a-w- C:\WINDOWS\System32\mispace.dll
    2013-12-09 00:27:24 2152448 ----a-w- C:\WINDOWS\System32\msxml3.dll
    2013-12-09 00:19:46 570880 ----a-w- C:\WINDOWS\System32\msdrm.dll
    2013-12-09 00:15:28 787968 ----a-w- C:\WINDOWS\System32\uDWM.dll
    .
    ============= FINISH: 22:18:34,84 ===============
  3. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] I still need Attach.txt log from DDS.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  4. besthijacker

    besthijacker TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8.1 Pro z programem Media Center
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2013-10-18 22:51:09
    System Uptime: 2014-02-20 21:42:53 (1 hours ago)
    .
    Motherboard: ASRock | | Z77 Extreme4
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 11,244 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 141,864 GiB free.
    E: is FIXED (NTFS) - 279 GiB total, 33,303 GiB free.
    F: is FIXED (NTFS) - 233 GiB total, 53,53 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.32 (x64 edition)
    Adobe AIR
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.06) - Polish
    Adobe Shockwave Player 12.0
    Aktualizacje NVIDIA 11.10.11
    Assassins Creed IV Black Flag Deluxe Edition
    Battle.net
    Bridge Base Online
    calibre 64bit
    Clementine
    CPUID CPU-Z 1.68
    Daum PotPlayer 1.5.40688 x64 Edition
    Deadly Boss Mods Updater
    Defiance
    Deluge 1.3.6
    Diablo III
    f.lux
    FastImageResizer (remove only)
    FMRTE 14.1.3.3
    Football Manager 2014
    GeForce Experience NvStream Client Components
    GG
    Google Chrome
    Hard Disk Sentinel PRO
    Hearthstone
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel® Trusted Connect Service Client
    Internet Download Manager
    Java 7 Update 45
    Java 7 Update 45 (64-bit)
    Java Auto Updater
    Java SE Development Kit 7 Update 45 (64-bit)
    LastPass (uninstall only)
    LinuxLive USB Creator
    Malwarebytes Anti-Malware version 1.75.0.1300
    Marvel Heroes
    Microsoft Access MUI (Polish) 2013
    Microsoft DCF MUI (Polish) 2013
    Microsoft Excel MUI (Polish) 2013
    Microsoft Groove MUI (Polish) 2013
    Microsoft InfoPath MUI (Polish) 2013
    Microsoft Lync MUI (Polish) 2013
    Microsoft Office Home and Student 2013 - en-us
    Microsoft Office Korrekturhilfen 2013 - Deutsch
    Microsoft Office Language Pack 2013 - Polish/Polski
    Microsoft Office O MUI (Polish) 2013
    Microsoft Office OSM MUI (Polish) 2013
    Microsoft Office OSM UX MUI (Polish) 2013
    Microsoft Office Proofing (Polish) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Shared 32-bit MUI (Polish) 2013
    Microsoft Office Shared MUI (Polish) 2013
    Microsoft OneNote MUI (Polish) 2013
    Microsoft Outlook MUI (Polish) 2013
    Microsoft PowerPoint MUI (Polish) 2013
    Microsoft Publisher MUI (Polish) 2013
    Microsoft SharePoint Designer MUI (Polish) 2013
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Word MUI (Polish) 2013
    Microsoft X MUI (Polish) 2013
    Narzedzia sprawdzajace pakietu Microsoft Office 2013 — polski
    Notepad++
    NVIDIA GeForce Experience 1.8.2
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA Oprogramowanie systemu PhysX 9.13.1220
    NVIDIA PhysX
    NVIDIA ShadowPlay 11.10.11
    NVIDIA Sterownik dzwieku HD 1.3.30.1
    NVIDIA Sterownik graficzny 334.89
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.20
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    OpenAL
    Opera Stable 19.0.1326.63
    Origin
    Panel sterowania NVIDIA 334.89
    Playfire
    PS3 Media Server
    PunkBuster Services
    Raptr
    Realtek High Definition Audio Driver
    SavvyConnect
    Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition
    Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition
    Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition
    Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition
    SHIELD Streaming
    SimCity™
    Skype™ 6.11
    Sony PC Companion 2.10.181
    Steam
    swMSM
    TeamSpeak 3 Client
    TeamViewer 9
    Total Commander Ultima Prime 5.8.0.0
    Unlocker 1.9.2
    Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
    Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition
    Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition
    Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition
    Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition
    Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
    Update for Microsoft SharePoint Designer 2013 (KB2760212) 64-Bit Edition
    Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
    Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition
    Uplay
    Ventrilo Client for Windows x64
    WildStar
    Winamp
    Winamp Detector Plug-in
    Windows 8 Manager
    Windows Firewall Control
    XBMC
    XFastUSB
    Your Uninstaller! 7
    .
    ==== End Of File ===========================
  5. besthijacker

    besthijacker TS Rookie Topic Starter

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.02.21.02

    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Hubert :: HUBERT [administrator]

    2014-02-21 00:55:05
    mbar-log-2014-02-21 (00-55-05).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 254902
    Time elapsed: 12 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
  6. besthijacker

    besthijacker TS Rookie Topic Starter

    RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Hubert [Admin rights]
    Mode : Scan -- Date : 02/21/2014 00:54:01
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ADATA SP900 +++++
    --- User ---
    [MBR] b14de4efa57cd5dd6ab1f597b8b3b833
    [BSP] a5310d08bb77d08cad380d1e3030927b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 121752 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3250410AS +++++
    --- User ---
    [MBR] 65d7db5fc1d67066c0863445353395f9
    [BSP] 1cc1bbc8f8f7e9ccd2d08ea0f199db63 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3250823AS +++++
    --- User ---
    [MBR] 33fea6c18b9978a569dab59958a26c57
    [BSP] 5e933fa198b0439f41fc7958ab3a53aa : Empty MBR Code
    Partition table:
    0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 238464 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD3000HLFS-01G6U4 +++++
    --- User ---
    [MBR] 64fca5b58a92479dd399a57af9832ec7
    [BSP] 3a68c082df96f8de9638a3714366e17b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 286166 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_02212014_005401.txt >>
    RKreport[0]_D_02212014_000946.txt;RKreport[0]_D_02212014_001111.txt;RKreport[0]_S_02212014_000758.txt
    RKreport[0]_S_02212014_001049.txt
  7. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  8. besthijacker

    besthijacker TS Rookie Topic Starter

    I cannot get Combofix to work under Windows 8.1 x 64. I have tried changing the name before saving, nothing works.

    Here is my rKill.txt file

    Rkill 2.6.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/21/2014 05:20:10 PM in x64 mode.
    Windows Version: Windows 8.1 Pro with Media Center

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\.exe\shell found and deleted!


    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Centrum zabezpieczeń (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * E1G60 [Missing Service]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam

    Program finished at: 02/21/2014 05:20:20 PM
    Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
  9. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Sorry about it. Combofix doesn't work in Windows 8.1.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  10. besthijacker

    besthijacker TS Rookie Topic Starter

    AdwCleaner[S1].txt

    # AdwCleaner v3.019 - Report created 21/02/2014 at 17:55:53
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows 8.1 Pro with Media Center (64 bits)
    # Username : Hubert - HUBERT
    # Running from : C:\Users\Hubert\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Google Chrome v

    [ File : C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8801 octets] - [20/02/2014 21:39:16]
    AdwCleaner[R1].txt - [866 octets] - [21/02/2014 17:55:08]
    AdwCleaner[S0].txt - [7646 octets] - [20/02/2014 21:42:26]
    AdwCleaner[S1].txt - [788 octets] - [21/02/2014 17:55:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [847 octets] ##########


    JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 8.1 Pro with Media Center x64
    Ran by Hubert on 2014-02-21 at 18:08:45,34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2014-02-21 at 18:10:14,32
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. besthijacker

    besthijacker TS Rookie Topic Starter

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
    Ran by Hubert (administrator) on HUBERT on 21-02-2014 18:11:36
    Running from C:\Users\Hubert\Desktop
    Windows 8.1 Pro with Media Center (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    () C:\WINDOWS\SysWOW64\PnkBstrA.exe
    () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
    (Luth Research LLC) C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
    (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
    HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SavvyConnectMenu] - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe [722736 2013-09-19] (Luth Research LLC)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2013-10-27] (FNet Co., Ltd.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2124072431-2675259793-1593044314-1001\...\Run: [Google Update] - C:\Users\Hubert\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-18] (Google Inc.)
    HKU\S-1-5-21-2124072431-2675259793-1593044314-1001\...\Run: [f.lux] - C:\Users\Hubert\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-2124072431-2675259793-1593044314-1001\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-02-05] (Tonec Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2CCABA0E262CCF01
    SearchScopes: HKCU - {409B5EFB-ECCD-4033-88BD-6CB69025D122} URL = http://us.yhs4.search.yahoo.com/yhs..._DS,221,0_0,Search,20140207,19669,0,GC32,7656
    BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    BHO: No Name - {11111111-1111-1111-1111-110511071178} - No File
    BHO: No Name - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - No File
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: EpTec - {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} - C:\Users\Hubert\AppData\Roaming\WinRAR\eptec.dll (Space International, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SavvyConnect IE Extension - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC)
    Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    Chrome:
    =======
    CHR HomePage:
    CHR Extension: (Magic Actions for YouTube™) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-02-14]
    CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-14]
    CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-14]
    CHR Extension: (Honey) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-02-14]
    CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
    CHR Extension: (Flickr Right Click) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkdecjiajillolhbegcmmbphniicmjl [2014-02-14]
    CHR Extension: (Google Search) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-14]
    CHR Extension: (imgur Extension by Metronomik) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-02-14]
    CHR Extension: (ZenMate for Google Chrome™) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-02-14]
    CHR Extension: (Stylish) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-02-20]
    CHR Extension: (Hacker Vision) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2014-02-14]
    CHR Extension: (Screenwise Trends Panel) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2014-02-14]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-02-14]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-14]
    CHR Extension: (Steamgiftster) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmkjjpmmmccfmlcjnbfdkdjjmhenojfh [2014-02-21]
    CHR Extension: (The Weather Channel for Chrome) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-02-14]
    CHR Extension: (Deathamns) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-02-14]
    CHR Extension: (Diablo 3 (tm) Toolbox) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgfidddcehboihddlggjiiakhbpanpf [2014-02-14]
    CHR Extension: (IDM Integration Module) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-15]
    CHR Extension: (Disconnect) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-02-14]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-14]
    CHR Extension: (InvisibleHand) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-02-14]
    CHR Extension: (Top Eleven) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-02-14]
    CHR Extension: (Google Maps) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-14]
    CHR Extension: (Clickable Links) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-02-14]
    CHR Extension: (Google Mail Checker) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-14]
    CHR Extension: (SteamGifts Plus Alternative) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjlighkgeendkpncecpcidcegejbmedb [2014-02-14]
    CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
    CHR Extension: (Enhanced Steam) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-02-14]
    CHR Extension: (Click&Clean App) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-02-14]
    CHR Extension: (Outlook.com) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-02-14]
    CHR Extension: (Shellfish) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfgfpbcplmockgngcmgnalfnploegfi [2014-02-14]
    CHR Extension: (Gmail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-14]
    CHR Extension: (Abstract-Blue) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-02-14]
    CHR Extension: (Wartune) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pojkgabgkoodmjjdcidakakmjnghfhdn [2014-02-14]
    CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-05]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
    R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
    R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-11-24] ()
    R2 SCService; C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe [1901872 2013-09-19] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    R2 wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [78336 2014-01-11] (BiniSoft.org)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe" [X]
    S3 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-02-02] (FNet Co., Ltd.)
    R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-10-27] (FNet Co., Ltd.)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
    S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2013-11-04] (SoftEther Project at University of Tsukuba, Japan.)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
    R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
    S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2013-11-04] (SoftEther Project at University of Tsukuba, Japan.)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
    S3 cmudaxp; \SystemRoot\system32\drivers\cmudaxp.sys [X]
    U0 msahci;
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-21 18:10 - 2014-02-21 18:10 - 00000637 _____ () C:\Users\Hubert\Desktop\JRT.txt
    2014-02-21 17:59 - 2014-02-21 18:11 - 00021087 _____ () C:\Users\Hubert\Desktop\FRST.txt
    2014-02-21 17:59 - 2014-02-21 18:11 - 00000000 ____D () C:\FRST
    2014-02-21 17:59 - 2014-02-21 17:59 - 00033189 _____ () C:\Users\Hubert\Desktop\Addition.txt
    2014-02-21 17:57 - 2014-02-21 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-02-21 17:54 - 2014-02-21 17:54 - 02153984 _____ (Farbar) C:\Users\Hubert\Desktop\FRST64.exe
    2014-02-21 17:54 - 2014-02-21 17:54 - 01241834 _____ () C:\Users\Hubert\Desktop\adwcleaner.exe
    2014-02-21 17:54 - 2014-02-21 17:54 - 01037734 _____ (Thisisu) C:\Users\Hubert\Desktop\JRT.exe
    2014-02-21 17:18 - 2014-02-21 17:20 - 00002494 _____ () C:\Users\Hubert\Desktop\Rkill.txt
    2014-02-21 17:14 - 2014-02-21 17:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\rkill.exe
    2014-02-21 17:13 - 2014-02-21 17:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\iExplore.exe
    2014-02-21 17:12 - 2014-02-21 17:12 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\huberciak.exe
    2014-02-21 17:11 - 2014-02-21 17:11 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\your_name.exe
    2014-02-21 17:06 - 2014-02-21 17:06 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2014-02-21 17:03 - 2014-02-21 17:06 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-02-21 16:22 - 2014-02-21 16:22 - 10820032 _____ (SurfRight B.V.) C:\Users\Hubert\Desktop\hitmanpro_x64.exe
    2014-02-21 11:56 - 2014-02-21 11:56 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
    2014-02-21 11:38 - 2014-02-21 11:56 - 00000000 ____D () C:\Program Files (x86)\VG-Ripper
    2014-02-21 11:38 - 2014-02-21 11:38 - 00001035 _____ () C:\Users\Public\Desktop\VG-Ripper.lnk
    2014-02-21 11:30 - 2014-02-21 17:25 - 00000000 ___SD () C:\32788R22FWJFW
     
  12. besthijacker

    besthijacker TS Rookie Topic Starter

    2014-02-21 00:12 - 2014-02-21 14:22 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-02-21 00:12 - 2014-02-21 00:12 - 00002450 _____ () C:\Users\Hubert\Desktop\takie tamlol.txt
    2014-02-20 22:34 - 2014-02-20 22:34 - 00062331 _____ () C:\Users\Hubert\Desktop\Rematch_2_2_8.zip
    2014-02-20 22:33 - 2014-02-20 22:36 - 1053931526 _____ () C:\Users\Hubert\Desktop\CSI.S14E15.720p.HDTV.X264-DIMENSION.mkv
    2014-02-20 22:01 - 2014-02-20 22:01 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2014-02-20 21:49 - 2014-02-08 12:42 - 06712608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2014-02-20 21:49 - 2014-02-08 12:42 - 03498272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2014-02-20 21:49 - 2014-02-08 12:42 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2014-02-20 21:49 - 2014-02-08 12:42 - 00923936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2014-02-20 21:49 - 2014-02-08 12:42 - 00386336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2014-02-20 21:49 - 2014-02-08 12:42 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2014-02-20 21:49 - 2014-02-05 12:52 - 03573739 _____ () C:\WINDOWS\system32\nvcoproc.bin
    2014-02-20 21:48 - 2014-02-08 13:34 - 31432480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 23683360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 18257576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 17715784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 15740232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 14669032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 12324640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2014-02-20 21:48 - 2014-02-08 13:34 - 11636176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 11589272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 09728064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 09690424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 03142432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 03090184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 02956576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 02782496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 02713728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 02410784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 01885472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433489.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433489.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00947296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00892192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00875296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00863520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00844576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00832424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00483104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00408352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00378656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00353504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00333600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00174296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00148528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2014-02-20 21:48 - 2014-02-08 13:34 - 00024544 _____ () C:\WINDOWS\system32\nvinfo.pb
    2014-02-20 21:48 - 2013-11-28 08:38 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
    2014-02-20 21:48 - 2013-11-28 08:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
    2014-02-20 21:48 - 2013-11-22 03:36 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
    2014-02-20 21:39 - 2014-02-21 17:55 - 00000000 ____D () C:\AdwCleaner
    2014-02-20 21:37 - 2014-02-20 21:38 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
    2014-02-18 09:16 - 2014-02-18 09:16 - 00000607 _____ () C:\Users\Hubert\Desktop\NetBridgeVu.exe — skrót.lnk
    2014-02-17 22:48 - 2014-02-17 22:48 - 00001516 _____ () C:\Users\Hubert\Desktop\Skype.exe — skrót.lnk
    2014-02-17 22:47 - 2014-02-17 22:47 - 00000000 ____D () C:\Users\Hubert\Desktop\YGOPRO Dawn of a New Era
    2014-02-17 22:46 - 2014-02-17 22:46 - 00000000 ____D () C:\Users\Hubert\Desktop\ygopro-1.032.1-V5-Percy-full
    2014-02-17 21:43 - 2014-02-17 21:43 - 00000116 _____ () C:\Users\Public\Documents\SAH_Install.ini
    2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\ShopAtHome
    2014-02-17 17:33 - 2014-02-17 17:33 - 00000000 ____D () C:\Program Files\7-Zip
    2014-02-17 16:42 - 2014-02-21 18:08 - 00000860 __RSH () C:\ProgramData\ntuser.pol
    2014-02-17 16:37 - 2014-02-17 16:47 - 00000000 ____D () C:\Program Files (x86)\Minion Rush
    2014-02-17 16:34 - 2014-02-17 16:34 - 00000043 _____ () C:\Users\Hubert\AppData\Roaming\WB.CFG
    2014-02-17 11:56 - 2014-02-17 11:56 - 00000000 ____D () C:\Users\Hubert\Desktop\MapSwitcher
    2014-02-17 11:43 - 2014-02-17 12:13 - 00000000 ____D () C:\Users\Hubert\Documents\Heroes of the Storm
    2014-02-17 00:40 - 2014-02-17 00:40 - 00000688 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
    2014-02-16 16:50 - 2014-02-20 20:49 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
    2014-02-15 17:14 - 2014-02-15 23:32 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\IDM
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Video
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Compressed
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
    2014-02-15 07:16 - 2014-02-15 14:40 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\XBMC
    2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
    2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Program Files (x86)\XBMC
    2014-02-15 07:14 - 2014-02-15 07:14 - 59604731 _____ () C:\Users\Hubert\Downloads\xbmc-12.3.exe
    2014-02-15 06:56 - 2014-02-15 06:56 - 00032973 _____ () C:\Users\Hubert\Downloads\Real.Time.with.Bill.Maher.2014.02.14.720p.HDTV.x264-BATV.torrent
    2014-02-14 23:45 - 2014-02-14 23:45 - 00002879 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E03.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
    2014-02-14 23:20 - 2014-02-14 23:20 - 00081211 _____ () C:\Users\Hubert\Downloads\Helix.S01E07.720p.HDTV.x264-REMARKABLE.torrent
    2014-02-14 23:20 - 2014-02-14 23:20 - 00003019 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E02.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
    2014-02-14 21:35 - 2014-02-14 21:35 - 00000222 _____ () C:\Users\Hubert\Desktop\Marvel Heroes.url
    2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install.user.js
    2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install (1).user.js
    2014-02-14 21:12 - 2014-02-14 21:12 - 00000222 _____ () C:\Users\Hubert\Desktop\Defiance.url
    2014-02-14 19:26 - 2014-02-14 19:26 - 01455104 _____ () C:\Users\Hubert\Downloads\7z932-x64.msi
    2014-02-14 19:11 - 2014-02-21 17:54 - 00001080 _____ () C:\Users\Hubert\Desktop\takie tam.txt
    2014-02-14 17:23 - 2014-02-14 17:32 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\InstallX Search Protect for Yahoo
    2014-02-14 17:04 - 2014-02-14 17:04 - 00000000 ____D () C:\Users\Hubert\Documents\Respawn
    2014-02-14 15:56 - 2014-02-14 17:31 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\PC-Gizmos
    2014-02-13 20:45 - 2014-02-13 20:45 - 00000000 ____D () C:\Users\Hubert\Documents\ARC SYSTEM WORKS
    2014-02-13 11:06 - 2014-02-13 11:06 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
    2014-02-13 10:37 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-02-13 10:37 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-02-13 10:37 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-02-13 10:37 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-02-13 10:37 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-02-13 10:37 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-02-13 10:37 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-02-13 10:37 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-02-13 10:37 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-02-13 10:37 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-02-13 10:37 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-02-13 10:37 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-02-13 10:37 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-02-13 10:37 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-02-13 10:37 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-02-13 10:37 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-02-13 10:37 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-02-13 10:37 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-02-13 10:37 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-02-13 10:37 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-02-13 10:37 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-02-13 10:37 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-02-13 10:37 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-02-13 10:37 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-02-13 10:37 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-02-13 10:37 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-02-13 10:37 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-02-13 10:37 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-02-13 10:37 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-02-13 10:37 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-02-13 10:37 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-02-13 10:37 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-02-13 10:37 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-02-13 10:37 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-02-13 10:37 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-02-13 10:37 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-02-13 10:37 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-02-13 10:37 - 2014-01-09 03:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-02-13 10:37 - 2014-01-09 02:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-02-13 10:37 - 2014-01-09 02:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-02-13 10:37 - 2014-01-09 02:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-02-13 10:37 - 2014-01-09 02:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-02-13 10:37 - 2014-01-09 02:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-02-13 10:37 - 2014-01-09 02:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-02-13 10:37 - 2014-01-09 02:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-02-13 10:37 - 2014-01-09 02:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-02-13 10:37 - 2014-01-09 02:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-02-13 10:37 - 2014-01-07 20:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2014-02-13 10:37 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2014-02-13 10:37 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2014-02-13 10:37 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2014-02-13 10:37 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2014-02-13 10:37 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2014-02-13 10:37 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2014-02-13 10:37 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-02-13 10:37 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-02-13 10:37 - 2014-01-04 10:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
    2014-02-13 10:37 - 2014-01-04 10:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
    2014-02-13 10:37 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-02-13 10:37 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-02-13 10:37 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
    2014-02-13 10:37 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
    2014-02-13 10:37 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-02-13 10:37 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-02-13 10:37 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-02-13 10:37 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-02-13 10:37 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2014-02-13 10:37 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
    2014-02-13 10:37 - 2014-01-02 18:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-02-13 10:37 - 2014-01-02 18:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-02-13 10:37 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-02-13 10:37 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2014-02-13 10:37 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-02-13 10:37 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2014-02-13 10:37 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2014-02-13 10:37 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2014-02-13 10:37 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2014-02-13 10:37 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
    2014-02-13 10:37 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2014-02-13 10:37 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
    2014-02-13 10:37 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2014-02-13 10:37 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2014-02-13 10:37 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2014-02-13 10:37 - 2013-12-27 05:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
    2014-02-13 10:37 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2014-02-13 10:37 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2014-02-13 10:37 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2014-02-13 10:37 - 2013-12-27 03:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
    2014-02-13 10:37 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2014-02-13 10:37 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2014-02-13 10:37 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2014-02-13 10:37 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
    2014-02-13 10:37 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
    2014-02-13 10:37 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
    2014-02-13 10:37 - 2013-12-20 05:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-02-13 10:37 - 2013-12-20 01:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-02-13 10:37 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2014-02-13 10:37 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-02-13 10:37 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-02-13 10:37 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2014-02-13 10:37 - 2013-12-13 02:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
    2014-02-13 10:37 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2014-02-13 10:37 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2014-02-13 10:37 - 2013-12-09 03:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-02-13 10:37 - 2013-12-08 23:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-02-13 10:37 - 2013-12-08 22:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-02-13 10:37 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-02-13 10:37 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-02-13 10:37 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-02-13 10:37 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
    2014-02-13 10:37 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
    2014-02-13 10:37 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-02-13 10:37 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2014-02-13 10:37 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2014-02-13 10:15 - 2014-02-13 10:48 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCSOFT
    2014-02-13 10:15 - 2014-02-13 10:15 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
    2014-02-13 10:14 - 2014-02-13 10:14 - 04494696 _____ (NCSOFT) C:\Users\Hubert\Desktop\Wildstar.exe
    2014-02-13 09:47 - 2014-02-14 17:17 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Deployment
    2014-02-13 09:47 - 2014-02-13 09:47 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Apps\2.0
    2014-02-13 09:36 - 2014-02-13 09:36 - 00000000 ____D () C:\ProgramData\CDB
    2014-02-13 09:35 - 2014-02-13 09:36 - 00000119 _____ () C:\WINDOWS\efix.ini
    2014-02-13 09:34 - 2014-02-13 09:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\cache
    2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 ____D () C:\Users\Hubert\.android
    2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 _____ () C:\Users\Hubert\daemonprocess.txt
    2014-02-13 09:33 - 2014-02-13 10:40 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Popajar
    2014-02-13 09:06 - 2014-02-20 21:43 - 00001488 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2014-02-05 07:44 - 2013-11-27 19:24 - 00175480 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
    2014-02-03 20:51 - 2014-02-03 20:51 - 00000000 ____D () C:\Program Files\CPUID
    2014-02-02 18:19 - 2014-02-02 18:19 - 00000808 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackguards.lnk
    2014-02-02 13:34 - 2014-02-02 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Daedalic Entertainment GmbH
    2014-02-02 12:59 - 2014-02-02 12:59 - 00228695 _____ () C:\Users\Hubert\Desktop\Wszystko.m3u
    2014-02-02 08:51 - 2014-02-02 08:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Playfire_Ltd
    2014-02-02 00:38 - 2014-02-02 00:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\HardDiskSentinel
    2014-02-02 00:09 - 2014-02-02 00:31 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
    2014-02-02 00:09 - 2014-02-02 00:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Hard Disk Sentinel
    2014-02-01 23:22 - 2014-02-01 23:22 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Ascaron Entertainment
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files\Realtek
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2014-02-01 22:49 - 2013-07-30 20:16 - 03564376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2014-02-01 22:49 - 2013-07-30 17:14 - 02585304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
    2014-02-01 22:49 - 2013-07-30 13:47 - 00620273 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2014-02-01 22:49 - 2013-07-29 18:41 - 00147672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2014-02-01 22:49 - 2013-07-29 13:48 - 30311936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2014-02-01 22:49 - 2013-07-27 03:56 - 06219096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
    2014-02-01 22:49 - 2013-07-27 03:55 - 01908568 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
    2014-02-01 22:49 - 2013-07-27 03:55 - 00312152 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
    2014-02-01 22:49 - 2013-07-27 03:55 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
    2014-02-01 22:49 - 2013-07-26 14:26 - 05694504 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat
    2014-02-01 22:49 - 2013-07-26 14:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 27519232 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 14042880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 03604224 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnN64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 01904384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 01044736 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 00933120 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 00920832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 00660224 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
    2014-02-01 22:49 - 2013-07-24 10:07 - 00650496 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
    2014-02-01 22:49 - 2013-07-24 01:45 - 00875776 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2014-02-01 22:49 - 2013-07-24 01:45 - 00845568 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2014-02-01 22:49 - 2013-07-24 01:45 - 00720128 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2014-02-01 22:49 - 2013-07-24 01:45 - 00244480 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2014-02-01 22:49 - 2013-07-22 15:37 - 01004248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2014-02-01 22:49 - 2013-07-18 14:48 - 02795224 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2014-02-01 22:49 - 2013-07-17 16:17 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
    2014-02-01 22:49 - 2013-07-08 18:32 - 04810008 _____ (ASUSTeKcomputer.Inc) C:\WINDOWS\system32\RTKSMlfx.dll
    2014-02-01 22:49 - 2013-07-08 18:31 - 00758104 _____ (A-Volute) C:\WINDOWS\system32\RTKSMSettingsIPC.dll
    2014-02-01 22:49 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
    2014-02-01 22:49 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
    2014-02-01 22:49 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
    2014-02-01 22:49 - 2013-06-21 11:01 - 00109848 _____ () C:\WINDOWS\system32\AcpiServiceVnA64.dll
    2014-02-01 22:49 - 2013-06-18 17:00 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
    2014-02-01 22:49 - 2013-06-05 21:42 - 00208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
    2014-02-01 22:49 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2014-02-01 22:49 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
    2014-02-01 22:49 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2014-02-01 22:49 - 2012-10-02 14:41 - 00501192 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
    2014-02-01 22:49 - 2012-10-02 14:41 - 00487368 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
    2014-02-01 22:49 - 2012-10-02 14:41 - 00415688 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
    2014-02-01 22:49 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
    2014-02-01 22:49 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
    2014-02-01 22:49 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
    2014-02-01 22:49 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
    2014-02-01 22:49 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
    2014-02-01 22:49 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
    2014-02-01 22:49 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2014-02-01 22:49 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
    2014-02-01 22:49 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
    2014-02-01 22:49 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
    2014-02-01 22:49 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2014-02-01 22:49 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2014-02-01 22:49 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
    2014-02-01 22:49 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
    2014-02-01 22:49 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
    2014-02-01 22:49 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
    2014-02-01 22:49 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
    2014-02-01 22:49 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
    2014-02-01 22:49 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
    2014-02-01 22:49 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2014-02-01 22:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2014-02-01 22:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2014-02-01 22:49 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2014-02-01 22:49 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2014-02-01 22:49 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2014-02-01 22:49 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2014-02-01 22:49 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
    2014-02-01 22:49 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
    2014-02-01 22:49 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2014-02-01 22:49 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
    2014-02-01 22:49 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
    2014-02-01 22:49 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2014-02-01 22:43 - 2013-07-19 15:55 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
    2014-02-01 21:20 - 2014-02-01 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WizardWars
    2014-02-01 16:09 - 2014-02-03 08:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Vulcan
    2014-02-01 16:09 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Vulcan
    2014-02-01 16:08 - 2014-02-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Playfire
    2014-02-01 13:18 - 2014-02-08 12:42 - 00000000 ____D () C:\ProgramData\PMS
    2014-02-01 13:18 - 2014-02-01 13:18 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
    2014-02-01 12:34 - 2014-02-01 12:34 - 00419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00413696 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00000000 ____D () C:\Program Files (x86)\OpenAL
    2014-02-01 08:26 - 2014-02-01 08:26 - 00000000 ____D () C:\ProgramData\Wowhead
    2014-02-01 08:21 - 2014-02-01 08:21 - 00000000 ____D () C:\Program Files (x86)\Master Games International
    2014-02-01 07:51 - 2014-02-01 08:17 - 00000000 ____D () C:\Users\Hubert\Documents\InfiniteCrisis
    2014-02-01 07:51 - 2014-02-01 07:52 - 00000000 ____D () C:\Users\Hubert\AppData\Local\InfiniteCrisis
    2014-01-31 22:16 - 2014-01-31 22:16 - 00000000 ____D () C:\Users\Hubert\Documents\Paradox Interactive
    2014-01-31 20:41 - 2014-02-01 07:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Turbine
    2014-01-31 20:39 - 2014-01-31 20:39 - 00000000 ____D () C:\ProgramData\Turbine
    2014-01-26 17:10 - 2013-12-27 13:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2014-01-26 17:10 - 2013-12-27 13:42 - 00033056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2014-01-25 14:33 - 2014-01-25 14:33 - 00000000 ____D () C:\Users\Hubert\Desktop\Books
    2014-01-25 14:32 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Hubert\Documents\Biblioteka calibre
    2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Users\Hubert\AppData\Local\calibre-cache
    2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Program Files\Calibre2
    2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 ____D () C:\Users\Hubert\Documents\Larian Studios
    2014-01-25 11:23 - 2014-01-25 11:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
    2014-01-24 23:10 - 2014-01-24 23:10 - 00000000 ____D () C:\Users\Hubert\Documents\Assassin's Creed Liberation HD

    ==================== One Month Modified Files and Folders =======

    2014-02-21 18:11 - 2014-02-21 17:59 - 00021087 _____ () C:\Users\Hubert\Desktop\FRST.txt
    2014-02-21 18:11 - 2014-02-21 17:59 - 00000000 ____D () C:\FRST
    2014-02-21 18:10 - 2014-02-21 18:10 - 00000637 _____ () C:\Users\Hubert\Desktop\JRT.txt
    2014-02-21 18:08 - 2014-02-17 16:42 - 00000860 __RSH () C:\ProgramData\ntuser.pol
    2014-02-21 18:08 - 2013-10-18 21:47 - 01561725 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-02-21 18:08 - 2013-10-18 21:47 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs
    2014-02-21 18:08 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-02-21 18:04 - 2013-11-08 12:12 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-02-21 18:01 - 2013-10-26 11:01 - 00806930 _____ () C:\WINDOWS\system32\perfh015.dat
    2014-02-21 18:01 - 2013-10-26 11:01 - 00163808 _____ () C:\WINDOWS\system32\perfc015.dat
    2014-02-21 18:01 - 2013-09-29 23:15 - 01828496 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-02-21 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-02-21 17:59 - 2014-02-21 17:59 - 00033189 _____ () C:\Users\Hubert\Desktop\Addition.txt
    2014-02-21 17:57 - 2014-02-21 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-02-21 17:55 - 2014-02-20 21:39 - 00000000 ____D () C:\AdwCleaner
    2014-02-21 17:54 - 2014-02-21 17:54 - 02153984 _____ (Farbar) C:\Users\Hubert\Desktop\FRST64.exe
    2014-02-21 17:54 - 2014-02-21 17:54 - 01241834 _____ () C:\Users\Hubert\Desktop\adwcleaner.exe
    2014-02-21 17:54 - 2014-02-21 17:54 - 01037734 _____ (Thisisu) C:\Users\Hubert\Desktop\JRT.exe
    2014-02-21 17:54 - 2014-02-14 19:11 - 00001080 _____ () C:\Users\Hubert\Desktop\takie tam.txt
    2014-02-21 17:48 - 2013-10-18 21:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2124072431-2675259793-1593044314-1001
    2014-02-21 17:43 - 2013-10-18 21:48 - 00000000 ____D () C:\Users\Hubert
    2014-02-21 17:42 - 2013-08-22 08:25 - 71827456 _____ () C:\WINDOWS\system32\config\software.rcbak
    2014-02-21 17:42 - 2013-08-22 08:25 - 12582912 _____ () C:\WINDOWS\system32\config\system.rcbak
    2014-02-21 17:42 - 2013-08-22 08:25 - 00524288 _____ () C:\WINDOWS\system32\config\default.rcbak
    2014-02-21 17:42 - 2013-08-22 08:25 - 00262144 _____ () C:\WINDOWS\system32\config\security.rcbak
    2014-02-21 17:42 - 2013-08-22 08:25 - 00262144 _____ () C:\WINDOWS\system32\config\sam.rcbak
    2014-02-21 17:41 - 2013-10-24 23:29 - 00000000 ____D () C:\Program Files (x86)\Raptr
    2014-02-21 17:25 - 2014-02-21 11:30 - 00000000 ___SD () C:\32788R22FWJFW
    2014-02-21 17:20 - 2014-02-21 17:18 - 00002494 _____ () C:\Users\Hubert\Desktop\Rkill.txt
    2014-02-21 17:15 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-02-21 17:14 - 2014-02-21 17:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\rkill.exe
    2014-02-21 17:14 - 2013-11-29 15:12 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\DMCache
    2014-02-21 17:13 - 2014-02-21 17:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\iExplore.exe
    2014-02-21 17:12 - 2014-02-21 17:12 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\huberciak.exe
    2014-02-21 17:11 - 2014-02-21 17:11 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\your_name.exe
    2014-02-21 17:06 - 2014-02-21 17:06 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2014-02-21 17:06 - 2014-02-21 17:03 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-02-21 16:22 - 2014-02-21 16:22 - 10820032 _____ (SurfRight B.V.) C:\Users\Hubert\Desktop\hitmanpro_x64.exe
    2014-02-21 14:25 - 2013-10-18 21:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{50612425-6FF1-4E51-B419-5D1EC9984006}
    2014-02-21 14:22 - 2014-02-21 00:12 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-02-21 14:22 - 2013-12-25 20:51 - 00010851 _____ () C:\missing.ini
    2014-02-21 11:56 - 2014-02-21 11:56 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
    2014-02-21 11:56 - 2014-02-21 11:38 - 00000000 ____D () C:\Program Files (x86)\VG-Ripper
    2014-02-21 11:38 - 2014-02-21 11:38 - 00001035 _____ () C:\Users\Public\Desktop\VG-Ripper.lnk
    2014-02-21 09:54 - 2013-11-30 10:43 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-02-21 09:50 - 2013-10-18 21:51 - 00000000 __RDO () C:\Users\Hubert\SkyDrive
    2014-02-21 09:35 - 2013-10-24 23:29 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Raptr
    2014-02-21 09:35 - 2013-10-18 22:26 - 01790976 ___SH () C:\Users\Hubert\Desktop\Thumbs.db
    2014-02-21 03:06 - 2013-10-19 11:24 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Skype
    2014-02-21 03:05 - 2013-10-18 22:06 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Battle.net
    2014-02-21 00:12 - 2014-02-21 00:12 - 00002450 _____ () C:\Users\Hubert\Desktop\takie tamlol.txt
    2014-02-20 22:36 - 2014-02-20 22:33 - 1053931526 _____ () C:\Users\Hubert\Desktop\CSI.S14E15.720p.HDTV.X264-DIMENSION.mkv
    2014-02-20 22:34 - 2014-02-20 22:34 - 00062331 _____ () C:\Users\Hubert\Desktop\Rematch_2_2_8.zip
    2014-02-20 22:01 - 2014-02-20 22:01 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2014-02-20 21:49 - 2013-10-18 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-02-20 21:49 - 2013-10-18 21:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-02-20 21:49 - 2013-10-18 21:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-02-20 21:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Help
    2014-02-20 21:49 - 2013-08-22 09:46 - 00338121 _____ () C:\WINDOWS\setupact.log
    2014-02-20 21:43 - 2014-02-13 09:06 - 00001488 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2014-02-20 21:38 - 2014-02-20 21:37 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
    2014-02-20 20:49 - 2014-02-16 16:50 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
    2014-02-20 20:28 - 2013-10-18 22:29 - 00000000 ____D () C:\Program Files (x86)\Clementine
    2014-02-20 15:04 - 2013-11-08 12:12 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-02-20 14:39 - 2013-12-14 13:04 - 00000000 ____D () C:\Bridge Base Online
    2014-02-18 09:16 - 2014-02-18 09:16 - 00000607 _____ () C:\Users\Hubert\Desktop\NetBridgeVu.exe — skrót.lnk
    2014-02-18 08:06 - 2013-09-29 23:03 - 00492230 _____ () C:\WINDOWS\PFRO.log
    2014-02-17 22:48 - 2014-02-17 22:48 - 00001516 _____ () C:\Users\Hubert\Desktop\Skype.exe — skrót.lnk
    2014-02-17 22:47 - 2014-02-17 22:47 - 00000000 ____D () C:\Users\Hubert\Desktop\YGOPRO Dawn of a New Era
    2014-02-17 22:46 - 2014-02-17 22:46 - 00000000 ____D () C:\Users\Hubert\Desktop\ygopro-1.032.1-V5-Percy-full
    2014-02-17 21:43 - 2014-02-17 21:43 - 00000116 _____ () C:\Users\Public\Documents\SAH_Install.ini
    2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\ShopAtHome
    2014-02-17 17:33 - 2014-02-17 17:33 - 00000000 ____D () C:\Program Files\7-Zip
    2014-02-17 16:47 - 2014-02-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Minion Rush
    2014-02-17 16:42 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
    2014-02-17 16:42 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
    2014-02-17 16:34 - 2014-02-17 16:34 - 00000043 _____ () C:\Users\Hubert\AppData\Roaming\WB.CFG
    2014-02-17 12:13 - 2014-02-17 11:43 - 00000000 ____D () C:\Users\Hubert\Documents\Heroes of the Storm
    2014-02-17 11:56 - 2014-02-17 11:56 - 00000000 ____D () C:\Users\Hubert\Desktop\MapSwitcher
    2014-02-17 11:49 - 2013-10-18 22:06 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
    2014-02-17 00:40 - 2014-02-17 00:40 - 00000688 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
    2014-02-16 16:50 - 2013-10-19 10:34 - 00000000 ____D () C:\Program Files (x86)\Deluge
    2014-02-16 16:49 - 2013-11-30 10:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2014-02-16 16:49 - 2013-10-18 22:26 - 00000000 ____D () C:\Users\Hubert\Desktop\TreeSizeFree
    2014-02-16 15:37 - 2013-12-31 13:19 - 00000000 ____D () C:\ProgramData\Origin
    2014-02-16 10:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-02-16 09:39 - 2013-12-31 13:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2014-02-16 09:38 - 2013-12-31 13:19 - 00000000 ____D () C:\Program Files (x86)\Origin
    2014-02-15 23:32 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\IDM
    2014-02-15 21:50 - 2013-10-18 21:08 - 00000000 ___RD () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-15 19:11 - 2014-01-01 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Video
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Compressed
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
    2014-02-15 14:40 - 2014-02-15 07:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\XBMC
    2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
    2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Program Files (x86)\XBMC
    2014-02-15 07:14 - 2014-02-15 07:14 - 59604731 _____ () C:\Users\Hubert\Downloads\xbmc-12.3.exe
    2014-02-15 06:56 - 2014-02-15 06:56 - 00032973 _____ () C:\Users\Hubert\Downloads\Real.Time.with.Bill.Maher.2014.02.14.720p.HDTV.x264-BATV.torrent
    2014-02-14 23:45 - 2014-02-14 23:45 - 00002879 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E03.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
    2014-02-14 23:45 - 2013-10-19 10:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\deluge
    2014-02-14 23:20 - 2014-02-14 23:20 - 00081211 _____ () C:\Users\Hubert\Downloads\Helix.S01E07.720p.HDTV.x264-REMARKABLE.torrent
    2014-02-14 23:20 - 2014-02-14 23:20 - 00003019 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E02.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
    2014-02-14 21:35 - 2014-02-14 21:35 - 00000222 _____ () C:\Users\Hubert\Desktop\Marvel Heroes.url
    2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install.user.js
    2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install (1).user.js
  13. besthijacker

    besthijacker TS Rookie Topic Starter

    2014-02-14 21:12 - 2014-02-14 21:12 - 00000222 _____ () C:\Users\Hubert\Desktop\Defiance.url
    2014-02-14 19:26 - 2014-02-14 19:26 - 01455104 _____ () C:\Users\Hubert\Downloads\7z932-x64.msi
    2014-02-14 17:44 - 2013-10-18 22:26 - 00000000 ____D () C:\Users\Hubert\Desktop\jobs
    2014-02-14 17:32 - 2014-02-14 17:23 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\InstallX Search Protect for Yahoo
    2014-02-14 17:31 - 2014-02-14 15:56 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\PC-Gizmos
    2014-02-14 17:17 - 2014-02-13 09:47 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Deployment
    2014-02-14 17:12 - 2013-11-29 14:51 - 00001250 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
    2014-02-14 17:04 - 2014-02-14 17:04 - 00000000 ____D () C:\Users\Hubert\Documents\Respawn
    2014-02-14 17:04 - 2013-12-31 13:19 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Origin
    2014-02-14 14:21 - 2013-10-18 22:44 - 00849875 _____ () C:\WINDOWS\DirectX.log
    2014-02-13 20:45 - 2014-02-13 20:45 - 00000000 ____D () C:\Users\Hubert\Documents\ARC SYSTEM WORKS
    2014-02-13 11:08 - 2013-10-18 21:07 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Packages
    2014-02-13 11:06 - 2014-02-13 11:06 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
    2014-02-13 10:48 - 2014-02-13 10:15 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCSOFT
    2014-02-13 10:40 - 2014-02-13 09:33 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Popajar
    2014-02-13 10:40 - 2013-10-18 21:08 - 00000000 ___RD () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-02-13 10:40 - 2013-08-22 09:44 - 00376824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-02-13 10:38 - 2013-11-14 11:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-02-13 10:37 - 2013-11-14 11:18 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-02-13 10:15 - 2014-02-13 10:15 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
    2014-02-13 10:14 - 2014-02-13 10:14 - 04494696 _____ (NCSOFT) C:\Users\Hubert\Desktop\Wildstar.exe
    2014-02-13 09:47 - 2014-02-13 09:47 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Apps\2.0
    2014-02-13 09:37 - 2014-02-13 09:34 - 00000000 ____D () C:\Users\Hubert\AppData\Local\cache
    2014-02-13 09:36 - 2014-02-13 09:36 - 00000000 ____D () C:\ProgramData\CDB
    2014-02-13 09:36 - 2014-02-13 09:35 - 00000119 _____ () C:\WINDOWS\efix.ini
    2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 ____D () C:\Users\Hubert\.android
    2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 _____ () C:\Users\Hubert\daemonprocess.txt
    2014-02-13 08:00 - 2013-10-19 14:17 - 00000000 ____D () C:\Program Files (x86)\Opera
    2014-02-12 20:51 - 2013-10-18 22:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-02-08 13:34 - 2014-02-20 21:48 - 31432480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 23683360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 18257576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 17715784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 15740232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 14669032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 12324640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2014-02-08 13:34 - 2014-02-20 21:48 - 11636176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 11589272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 09728064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 09690424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 03142432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 03090184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 02956576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 02782496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 02713728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 02410784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 01885472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433489.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433489.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00947296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00892192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00875296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00863520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00844576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00832424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00483104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00408352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00378656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00353504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00333600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00174296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00148528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2014-02-08 13:34 - 2014-02-20 21:48 - 00024544 _____ () C:\WINDOWS\system32\nvinfo.pb
    2014-02-08 12:42 - 2014-02-20 21:49 - 06712608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2014-02-08 12:42 - 2014-02-20 21:49 - 03498272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2014-02-08 12:42 - 2014-02-20 21:49 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2014-02-08 12:42 - 2014-02-20 21:49 - 00923936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2014-02-08 12:42 - 2014-02-20 21:49 - 00386336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2014-02-08 12:42 - 2014-02-20 21:49 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2014-02-08 12:42 - 2014-02-01 13:18 - 00000000 ____D () C:\ProgramData\PMS
    2014-02-06 07:16 - 2014-02-13 10:37 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-02-06 06:30 - 2014-02-13 10:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-02-06 06:30 - 2014-02-13 10:37 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-02-06 06:12 - 2014-02-13 10:37 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-02-06 06:07 - 2014-02-13 10:37 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-02-06 06:06 - 2014-02-13 10:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-02-06 05:57 - 2014-02-13 10:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-02-06 05:56 - 2014-02-13 10:37 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-02-06 05:49 - 2014-02-13 10:37 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-02-06 05:48 - 2014-02-13 10:37 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-02-06 05:48 - 2014-02-13 10:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-02-06 05:38 - 2014-02-13 10:37 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-02-06 05:32 - 2014-02-13 10:37 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-02-06 05:20 - 2014-02-13 10:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-02-06 05:17 - 2014-02-13 10:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-02-06 05:11 - 2014-02-13 10:37 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-02-06 05:01 - 2014-02-13 10:37 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-02-06 05:00 - 2014-02-13 10:37 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-02-06 04:57 - 2014-02-13 10:37 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-02-06 04:57 - 2014-02-13 10:37 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-02-06 04:52 - 2014-02-13 10:37 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-02-06 04:52 - 2014-02-13 10:37 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-02-06 04:50 - 2014-02-13 10:37 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-02-06 04:47 - 2014-02-13 10:37 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-02-06 04:46 - 2014-02-13 10:37 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-02-06 04:25 - 2014-02-13 10:37 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-02-06 04:25 - 2014-02-13 10:37 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-02-06 04:24 - 2014-02-13 10:37 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-02-06 04:22 - 2014-02-13 10:37 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-02-06 04:13 - 2014-02-13 10:37 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-02-06 04:09 - 2014-02-13 10:37 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-02-06 04:03 - 2014-02-13 10:37 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-02-06 03:55 - 2014-02-13 10:37 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-02-06 03:41 - 2014-02-13 10:37 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-02-06 03:40 - 2014-02-13 10:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-02-06 03:36 - 2014-02-13 10:37 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-02-06 03:34 - 2014-02-13 10:37 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-02-05 12:52 - 2014-02-20 21:49 - 03573739 _____ () C:\WINDOWS\system32\nvcoproc.bin
    2014-02-03 20:51 - 2014-02-03 20:51 - 00000000 ____D () C:\Program Files\CPUID
    2014-02-03 08:37 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Vulcan
    2014-02-03 07:33 - 2013-10-18 22:52 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Adobe
    2014-02-02 18:19 - 2014-02-02 18:19 - 00000808 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackguards.lnk
    2014-02-02 13:34 - 2014-02-02 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Daedalic Entertainment GmbH
    2014-02-02 12:59 - 2014-02-02 12:59 - 00228695 _____ () C:\Users\Hubert\Desktop\Wszystko.m3u
    2014-02-02 08:51 - 2014-02-02 08:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Playfire_Ltd
    2014-02-02 00:38 - 2014-02-02 00:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\HardDiskSentinel
    2014-02-02 00:31 - 2014-02-02 00:09 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
    2014-02-02 00:30 - 2013-10-27 21:49 - 00032320 _____ (FNet Co., Ltd.) C:\WINDOWS\system32\Drivers\FNETTBOH_305.SYS
    2014-02-02 00:09 - 2014-02-02 00:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Hard Disk Sentinel
    2014-02-01 23:22 - 2014-02-01 23:22 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Ascaron Entertainment
    2014-02-01 22:54 - 2013-10-18 21:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files\Realtek
    2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2014-02-01 22:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
    2014-02-01 21:20 - 2014-02-01 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WizardWars
    2014-02-01 16:09 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Vulcan
    2014-02-01 16:08 - 2014-02-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Playfire
    2014-02-01 16:08 - 2013-11-02 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-02-01 13:18 - 2014-02-01 13:18 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
    2014-02-01 12:34 - 2014-02-01 12:34 - 00419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00413696 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
    2014-02-01 12:34 - 2014-02-01 12:34 - 00000000 ____D () C:\Program Files (x86)\OpenAL
    2014-02-01 12:34 - 2013-10-18 22:53 - 00000000 ____D () C:\Users\Hubert\Documents\my games
    2014-02-01 08:26 - 2014-02-01 08:26 - 00000000 ____D () C:\ProgramData\Wowhead
    2014-02-01 08:21 - 2014-02-01 08:21 - 00000000 ____D () C:\Program Files (x86)\Master Games International
    2014-02-01 08:17 - 2014-02-01 07:51 - 00000000 ____D () C:\Users\Hubert\Documents\InfiniteCrisis
    2014-02-01 07:52 - 2014-02-01 07:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\InfiniteCrisis
    2014-02-01 07:51 - 2014-01-31 20:41 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Turbine
    2014-01-31 22:16 - 2014-01-31 22:16 - 00000000 ____D () C:\Users\Hubert\Documents\Paradox Interactive
    2014-01-31 20:39 - 2014-01-31 20:39 - 00000000 ____D () C:\ProgramData\Turbine
    2014-01-30 15:47 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-01-30 15:47 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-01-25 21:17 - 2013-11-11 18:14 - 00000000 ____D () C:\Program Files\WinRAR
    2014-01-25 17:49 - 2013-10-18 22:26 - 00000703 _____ () C:\Users\Hubert\Desktop\hasła.txt
    2014-01-25 17:23 - 2013-11-10 10:31 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\FMRTE14
    2014-01-25 14:46 - 2014-01-25 14:32 - 00000000 ____D () C:\Users\Hubert\Documents\Biblioteka calibre
    2014-01-25 14:42 - 2013-12-18 01:01 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\calibre
    2014-01-25 14:33 - 2014-01-25 14:33 - 00000000 ____D () C:\Users\Hubert\Desktop\Books
    2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Users\Hubert\AppData\Local\calibre-cache
    2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Program Files\Calibre2
    2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 ____D () C:\Users\Hubert\Documents\Larian Studios
    2014-01-25 11:23 - 2014-01-25 11:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
    2014-01-24 23:10 - 2014-01-24 23:10 - 00000000 ____D () C:\Users\Hubert\Documents\Assassin's Creed Liberation HD

    Some content of TEMP:
    ====================
    C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-21 12:01
    ==================== End Of Log ============================
  14. besthijacker

    besthijacker TS Rookie Topic Starter

    Additions.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
    Ran by Hubert at 2014-02-21 18:11:59
    Running from C:\Users\Hubert\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    7-Zip 9.32 (x64 edition) (Version: 9.32.00.0 - Igor Pavlov)
    Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) - Polish (x32 Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146 - Adobe Systems, Inc.)
    Aktualizacje NVIDIA 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
    Assassins Creed IV Black Flag Deluxe Edition (x32 Version: - Ubisoft)
    Battle.net (x32 Version: - Blizzard Entertainment)
    Bridge Base Online (x32 Version: Version 5.2.21 - Bridge Base Online, Ltd.)
    calibre 64bit (Version: 1.21.0 - Kovid Goyal)
    Clementine (x32 Version: 1.2.2 - Clementine)
    CPUID CPU-Z 1.68 (Version: - )
    Daum PotPlayer 1.5.40688 x64 Edition (Version: - )
    Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc)
    Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc) Hidden
    Defiance (x32 Version: - Trion Worlds)
    Deluge 1.3.6 (x32 Version: - )
    Diablo III (x32 Version: - Blizzard Entertainment)
    f.lux (HKCU Version: - )
    FastImageResizer (remove only) (x32 Version: - )
    FMRTE 14.1.3.3 (Version: 14.1.3.3 - Raul Bravo)
    Football Manager 2014 (x32 Version: - Sports Interactive)
    GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
    GG (HKCU Version: 12 - GG Network S.A.)
    Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)
    Hard Disk Sentinel PRO (x32 Version: - HDS)
    Hearthstone (x32 Version: - Blizzard Entertainment)
    Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.1.0.36960 - Intel Corporation)
    Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
    Internet Download Manager (x32 Version: - Tonec Inc.)
    Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
    Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450 - Oracle)
    LastPass (uninstall only) (x32 Version: - LastPass)
    LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    Marvel Heroes (x32 Version: - Gazillion Entertainment)
    Microsoft Access MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
    Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Language Pack 2013 - Polish/Polski (Version: 15.0.4433.1507 - Microsoft Corporation)
    Microsoft Office O MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft SharePoint Designer MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Word MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Microsoft X MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
    Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
    NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
    NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
    NVIDIA Sterownik dźwięku HD 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Sterownik graficzny 334.89 (Version: 334.89 - NVIDIA Corporation)
    NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
    OpenAL (x32 Version: - )
    Opera Stable 19.0.1326.63 (x32 Version: 19.0.1326.63 - Opera Software ASA)
    Origin (x32 Version: 9.3.11.2762 - Electronic Arts, Inc.)
    Panel sterowania NVIDIA 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
    Playfire (x32 Version: 0.0.53.0 - Playfire) Hidden
    PS3 Media Server (x32 Version: 1.90.1 - PS3 Media Server)
    PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
    Raptr (x32 Version: - )
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    SavvyConnect (x32 Version: 3.9.0002 - Luth Research)
    SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
    SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
    Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
    Sony PC Companion 2.10.181 (x32 Version: 2.10.181 - Sony)
    Steam (x32 Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamSpeak 3 Client (x32 Version: 3.0.13 - TeamSpeak Systems GmbH)
    TeamViewer 9 (x32 Version: 9.0.26297 - TeamViewer)
    Total Commander Ultima Prime 5.8.0.0 (x32 Version: 5.8.0.0 - Robert Łajka & Paweł Porwisz)
    Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
    Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft SharePoint Designer 2013 (KB2760212) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version: - Microsoft)
    Uplay (x32 Version: 4.0 - Ubisoft)
    Ventrilo Client for Windows x64 (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VG-Ripper version 2.9.5.6 (x32 Version: 2.9.5.6 - The Watcher)
    WildStar (x32 Version: 1.0.0.6512 - NCSOFT)
    Winamp (x32 Version: 5.65 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
    Windows 8 Manager (Version: 1.1.8 - Yamicsoft)
    Windows Firewall Control (Version: 4.0.6.0 - BiniSoft.org)
    XBMC (HKCU Version: - Team XBMC)
    XFastUSB (x32 Version: 3.02.31 - ASRock Inc.)
    Your Uninstaller! 7 (x32 Version: 7.5.2013.2 - URSoft, Inc.)

    ==================== Restore Points =========================

    21-02-2014 05:47:53 Malwarebytes Anti-Rootkit Restore Point

    ==================== Hosts content: ==========================

    2013-08-22 08:25 - 2014-02-21 17:24 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {0E1F36CA-C503-4A1D-A482-BCD04DCF1EB3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2124072431-2675259793-1593044314-1001
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B82596C-F55A-4247-96F4-AF5A6C350755} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
    Task: {49004DE5-5F4F-4BC3-8FE0-37A87AB521E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-13] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6C11DC01-ED14-4B05-9C6C-6ED6F699BC62} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {91735981-AE0D-4205-9454-435C9C14C4BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {B27E41A7-163E-4026-A97E-1158E138B262} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2124072431-2675259793-1593044314-1001Core1cf13e64fcf6056.job => C:\Users\Hubert\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-20 21:49 - 2014-02-08 12:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-10-18 22:49 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
    2013-10-18 22:49 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
    2013-10-18 22:49 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2013-11-19 15:03 - 2013-11-24 13:06 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
    2013-09-19 13:22 - 2013-09-19 13:22 - 01901872 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
    2014-01-17 13:53 - 2014-01-17 13:53 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-06-10 17:20 - 2013-06-10 17:20 - 00612152 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\sqlite3.dll
    2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
    2011-09-21 15:46 - 2011-09-21 15:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
    2014-01-17 19:46 - 2014-01-11 05:28 - 00715544 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
    2014-01-17 19:46 - 2014-01-11 05:28 - 00100120 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
    2014-01-17 19:46 - 2014-01-11 05:29 - 04055320 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
    2014-01-17 19:46 - 2014-01-11 05:29 - 00399640 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
    2014-01-17 19:46 - 2014-01-11 05:28 - 01634584 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
    2013-10-27 21:48 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-02-21 14:26 - 2014-02-21 14:26 - 13632904 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
    AlternateDataStreams: C:\ProgramData\TEMP:76650B61
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
    AlternateDataStreams: C:\Users\Hubert\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/21/2014 05:12:11 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
    Faulting module name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
    Exception code: 0x40000015
    Fault offset: 0x0008d1c0
    Faulting process id: 0x1358
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (02/21/2014 05:10:16 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (02/21/2014 11:56:58 AM) (Source: Application Error) (User: )
    Description: Faulting application name: VG-Ripper.exe, version: 2.9.5.6, time stamp: 0x53003eda
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.16496, time stamp: 0x52b3e015
    Exception code: 0xe0434352
    Fault offset: 0x00012eec
    Faulting process id: 0x598
    Faulting application start time: 0xVG-Ripper.exe0
    Faulting application path: VG-Ripper.exe1
    Faulting module path: VG-Ripper.exe2
    Report Id: VG-Ripper.exe3
    Faulting package full name: VG-Ripper.exe4
    Faulting package-relative application ID: VG-Ripper.exe5

    Error: (02/21/2014 11:56:58 AM) (Source: .NET Runtime) (User: )
    Description: Aplikacja: VG-Ripper.exe
    Wersja architektury: v4.0.30319
    Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
    Informacje o wyjątku: System.ArgumentOutOfRangeException
    Stos:
    w System.String.Substring(Int32, Int32)
    w Ripper.Core.Components.ServiceTemplate.GetImageName(System.String, System.String, Int32)
    w Ripper.Services.ImageHosts.ImgWoot.DoDownload()
    w Ripper.Core.Components.ServiceTemplate.StartDownloadAsync()
    w Ripper.Services.ImageDownloader.GetImgWoot()
    w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
    w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    w System.Threading.ThreadHelper.ThreadStart()

    Error: (02/21/2014 09:35:20 AM) (Source: Steam Client Service) (User: )
    Description: Error: Failed to poke open firewall

    Error: (02/21/2014 02:54:44 AM) (Source: Steam Client Service) (User: )
    Description: Error: Failed to poke open firewall

    Error: (02/21/2014 01:04:02 AM) (Source: Steam Client Service) (User: )
    Description: Error: Failed to poke open firewall

    Error: (02/21/2014 00:47:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.

    System Error:
    Odmowa dostępu.
    .

    Error: (02/20/2014 11:35:26 PM) (Source: Application Hang) (User: )
    Description: The program Wow-64.exe version 5.4.7.17930 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 23e8

    Start Time: 01cf2eb5d9b986b4

    Termination Time: 244

    Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe

    Report Id: 935dc824-9ab1-11e3-befd-bc5ff455a450

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/20/2014 10:21:04 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database


    System errors:
    =============
    Error: (02/21/2014 06:10:30 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
    %%1058

    Error: (02/21/2014 06:08:27 PM) (Source: Service Control Manager) (User: )
    Description: The BingBar Service service failed to start due to the following error:
    %%2

    Error: (02/21/2014 05:58:22 PM) (Source: Service Control Manager) (User: )
    Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
    %%1058

    Error: (02/21/2014 05:56:19 PM) (Source: Service Control Manager) (User: )
    Description: The BingBar Service service failed to start due to the following error:
    %%2

    Error: (02/21/2014 05:45:17 PM) (Source: Service Control Manager) (User: )
    Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
    %%1058

    Error: (02/21/2014 05:43:13 PM) (Source: Service Control Manager) (User: )
    Description: The BingBar Service service failed to start due to the following error:
    %%2

    Error: (02/21/2014 05:38:06 PM) (Source: Service Control Manager) (User: )
    Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
    %%1058

    Error: (02/21/2014 05:35:58 PM) (Source: Service Control Manager) (User: )
    Description: The BingBar Service service failed to start due to the following error:
    %%2

    Error: (02/21/2014 05:35:25 PM) (Source: Service Control Manager) (User: )
    Description: The TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Uruchom usługę ponownie.

    Error: (02/21/2014 05:21:37 PM) (Source: Service Control Manager) (User: )
    Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
    %%1058


    Microsoft Office Sessions:
    =========================
    Error: (02/21/2014 05:12:11 PM) (Source: Application Error)(User: )
    Description: iexplore.exe0.0.0.04e06cfe8iexplore.exe0.0.0.04e06cfe8400000150008d1c0135801cf2f51f8044d83C:\32788R22FWJFW\License\iexplore.exeC:\32788R22FWJFW\License\iexplore.exe35cc668d-9b45-11e3-beff-bc5ff455a450

    Error: (02/21/2014 05:10:16 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
    Description: -2147024883

    Error: (02/21/2014 11:56:58 AM) (Source: Application Error)(User: )
    Description: VG-Ripper.exe2.9.5.653003edaKERNELBASE.dll6.3.9600.1649652b3e015e043435200012eec59801cf2f236d89e4bbC:\Program Files (x86)\VG-Ripper\VG-Ripper.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll2c891176-9b19-11e3-beff-bc5ff455a450

    Error: (02/21/2014 11:56:58 AM) (Source: .NET Runtime)(User: )
    Description: Aplikacja: VG-Ripper.exe
    Wersja architektury: v4.0.30319
    Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
    Informacje o wyjątku: System.ArgumentOutOfRangeException
    Stos:
    w System.String.Substring(Int32, Int32)
    w Ripper.Core.Components.ServiceTemplate.GetImageName(System.String, System.String, Int32)
    w Ripper.Services.ImageHosts.ImgWoot.DoDownload()
    w Ripper.Core.Components.ServiceTemplate.StartDownloadAsync()
    w Ripper.Services.ImageDownloader.GetImgWoot()
    w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
    w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    w System.Threading.ThreadHelper.ThreadStart()

    Error: (02/21/2014 09:35:20 AM) (Source: Steam Client Service)(User: )
    Description: Failed to poke open firewall

    Error: (02/21/2014 02:54:44 AM) (Source: Steam Client Service)(User: )
    Description: Failed to poke open firewall

    Error: (02/21/2014 01:04:02 AM) (Source: Steam Client Service)(User: )
    Description: Failed to poke open firewall

    Error: (02/21/2014 00:47:54 AM) (Source: Microsoft-Windows-CAPI2)(User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.

    System Error:
    Odmowa dostępu.

    Error: (02/20/2014 11:35:26 PM) (Source: Application Hang)(User: )
    Description: Wow-64.exe5.4.7.1793023e801cf2eb5d9b986b4244C:\Program Files (x86)\World of Warcraft\Wow-64.exe935dc824-9ab1-11e3-befd-bc5ff455a450

    Error: (02/20/2014 10:21:04 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
    Description: -2147024883


    CodeIntegrity Errors:
    ===================================
    Date: 2014-02-20 21:46:10.760
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:43:32.353
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:43:07.724
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:43:07.583
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:36:31.600
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:35:55.668
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:35:55.294
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:35:55.270
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:35:54.520
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-02-20 21:35:54.494
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Percentage of memory in use: 28%
    Total physical RAM: 8077.64 MB
    Available physical RAM: 5778.36 MB
    Total Pagefile: 9357.64 MB
    Available Pagefile: 6483.92 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:118.9 GB) (Free:12.24 GB) NTFS
    Drive d: (Takie Tam) (Fixed) (Total:232.88 GB) (Free:139.46 GB) NTFS
    Drive e: (Moje) (Fixed) (Total:279.46 GB) (Free:26.61 GB) NTFS
    Drive f: (Rozne) (Fixed) (Total:232.88 GB) (Free:53.53 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 60CA1AAD)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C7BB37BC)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 2 (Size: 233 GB) (Disk ID: 06C9BD92)
    Partition 1: (Not Active) - (Size=233 GB) - (Type=OF Extended)

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: 9F3AEC7E)
    Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
  15. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Attached Files:

  16. besthijacker

    besthijacker TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014
    Ran by Hubert at 2014-02-21 18:46:34 Run:1
    Running from C:\Users\Hubert\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    BHO: No Name - {11111111-1111-1111-1111-110511071178} - No File
    BHO: No Name - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - No File
    BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe

    *****************

    C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178} => Key deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110511071178} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5682CA62-1A80-40AE-82A0-B67833CE75FF} => Key deleted successfully.
    HKCR\CLSID\{5682CA62-1A80-40AE-82A0-B67833CE75FF} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
    HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
    HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
    HKCR\PROTOCOLS\Handler\cup => Key deleted successfully.
    HKCR\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
    HKCR\PROTOCOLS\Handler\dup => Key deleted successfully.
    HKCR\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\cup => Key not found.
    HKCR\Wow6432Node\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\dup => Key not found.
    HKCR\Wow6432Node\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    "C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.


    The system needs a manual reboot.

    ==== End of Fixlog ====
  17. besthijacker

    besthijacker TS Rookie Topic Starter

    It's gone from extensions!!!!!!!!

    THANK YOU!
  18. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Excellent!

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  19. besthijacker

    besthijacker TS Rookie Topic Starter

    There were no logs for Eset Online Scanner.

    checkup.txt
    Results of screen317's Security Check version 0.99.79
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Java version out of Date!
    Adobe Flash Player 12.0.0.70
    Adobe Reader XI
    Google Chrome 30.0.1599.101
    Google Chrome 32.0.1700.76
    Google Chrome Plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Windows Firewall Control wfcs.exe
    Windows Firewall Control wfc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    FSS.txt
    Farbar Service Scanner Version: 16-02-2014
    Ran by Hubert (administrator) on 21-02-2014 at 23:33:10
    Running from "C:\Users\Hubert\Desktop"
    Microsoft Windows 8.1 Pro with Media Center (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll
    [2013-08-22 08:25] - [2013-08-22 08:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2014-01-17 19:37] - [2013-11-05 15:12] - 2551128 ____A (Microsoft Corporation) 3D9A5AC880D7AA2305812D665D24ED23

    C:\Windows\System32\dnsrslvr.dll
    [2013-11-14 11:17] - [2013-10-08 00:48] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll
    [2013-11-14 11:17] - [2013-10-12 16:48] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2013-11-14 11:17] - [2013-10-06 21:13] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
    C:\Windows\System32\ipnathlp.dll
    [2013-11-14 11:17] - [2013-09-14 04:11] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50

    C:\Windows\System32\iphlpsvc.dll
    [2013-11-14 11:17] - [2013-10-07 23:50] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  20. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    1. Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    13. Please, let me know, how your computer is doing.
  21. besthijacker

    besthijacker TS Rookie Topic Starter

    I updated java.

    Everything is working very good. Thank you again!
  22. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.