Solved Can't Remove Savings Wizard

B

besthijacker

Posts: 15   +0
Hello. I was instructed to post here from a friend of mine so here it goes. I have something installed as Savings Wizard. I don't see it anywhere, I have searched it and searched for it and nothing...
This also comes with Chrome Extension that cannot be deleted due "Installed by enterprise policy.". Perhaps you can help!

Malwarebytes Log:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.20.13

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Hubert :: HUBERT [administrator]

Protection: Disabled

2014-02-20 22:15:30
mbam-log-2014-02-20 (22-15-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 571783
Time elapsed: 36 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
Run by Hubert at 22:18:22 on 2014-02-20
#Option Extended Search is enabled.
Microsoft Windows 8.1 Pro z programem Media Center 6.3.9600.0.1252.1.1033.18.8078.2205 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Windows Firewall Control\wfcs.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files\Windows Firewall Control\wfc.exe
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Deluge\deluge.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: EpTec: {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} - C:\Users\Hubert\AppData\Roaming\WinRAR\eptec.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SavvyConnect IE Extension: {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll
uRun: [Google Update] "C:\Users\Hubert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [qBittorrent] "C:\Program Files (x86)\qBittorrent\qbittorrent.exe"
uRun: [TSMApplication] "C:\Users\Hubert\Desktop\TSM_App_Full\TSMApplication.exe"
uRun: [f.lux] "C:\Users\Hubert\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [SavvyConnectMenu] "C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" -a
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [ShopAtHomeWatcher] C:\Users\Hubert\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [ShopAtHomeUpdater] C:\Users\Hubert\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINDOW~1.LNK - C:\Program Files\Windows Firewall Control\wfc.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C2A55726-89DA-4E00-8D20-F5D5E80C44D1} : DHCPNameServer = 192.168.1.1
Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Plus-HD-7.6: {11111111-1111-1111-1111-110511071178} -
x64-BHO: Savings Wizard BHO: {5682CA62-1A80-40AE-82A0-B67833CE75FF} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: SynchronousMachineGroupPolicy = dword:0
x64-mPolicies-System: SynchronousUserGroupPolicy = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
x64-Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
Hosts: 54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Sterownik wtyczki aparatu zasilania firmy Intel(R);C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-10 39768]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 FNETURPX;FNETURPX;C:\WINDOWS\System32\drivers\FNETURPX.SYS [2013-10-27 16648]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\System32\drivers\vd_filedisk.sys [2011-1-26 30312]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-10-27 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-27 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-10 418376]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-28 16939296]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-18 1907896]
R2 SCService;SavvyConnect Desktop Service;C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe [2013-9-19 1901872]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-22 4915040]
R2 wfcs;Windows Firewall Control;C:\Program Files\Windows Firewall Control\wfcs.exe [2014-1-11 78336]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 27032]
R3 k57nd60a;Karta Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2013-8-22 425984]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;@oem6.inf,%PID_09A1_DD%(UVC);Logitech QuickCam S5500(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-1-10 25928]
R3 NcbService;Broker polaczen sieciowych;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Modul wyliczajacy wirtualnej karty sieciowej firmy Microsoft;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\WINDOWS\System32\drivers\Neo_VPN.sys [2013-11-4 28768]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-1-26 39200]
R3 SaiK0728;SaiK0728;C:\WINDOWS\System32\drivers\SaiK0728.sys [2008-1-21 129024]
R3 WdNisDrv;Sterownik systemowy uslugi inspekcji sieci Windows Defender;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2013-8-22 124256]
R3 WdNisSvc;Usluga inspekcji sieci Windows Defender;C:\Program Files\Windows Defender\NisSrv.exe [2013-8-22 346872]
R3 xusb22;Usluga 22 sterownika odbiornika bezprzewodowego Xbox 360;C:\WINDOWS\System32\drivers\xusb22.sys [2013-8-22 87040]
S2 BBSvc;BingBar Service;"C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe" --> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-10 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;Przygotowywanie aplikacji;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 BBUpdate;BBUpdate;"C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe" --> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe [?]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 FNETTBOH_305;FNETTBOH_305;C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS [2013-10-27 32320]
S3 iaLPSSi_GPIO;Sterownik szeregowego kontrolera GPIO we/wy firmy Intel(R);C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Sterownik szeregowego kontrolera I2C we/wy firmy Intel(R);C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Kontroler Intel(R) SATA RAID Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IDMWFP;IDMWFP;C:\WINDOWS\System32\drivers\idmwfp.sys [2014-2-5 175480]
S3 IEEtwCollectorService;Usluga kolektora funkcji ETW programu Explorer Internet;C:\WINDOWS\System32\ieetwcollector.exe [2014-2-13 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 kbldfltr;kbldfltr;C:\WINDOWS\System32\drivers\kbldfltr.sys [2013-9-29 22272]
S3 lfsvc;Usluga struktury polozenia systemu Windows;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-11-12 178776]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2013-8-22 924512]
S3 ScDeviceEnum;Usluga wyliczania urzadzen karty inteligentnej;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SEE;SoftEther Ethernet Layer Driver;C:\WINDOWS\System32\drivers\see.sys [2013-11-4 38240]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-10 146776]
S3 smphost;Miejsca do magazynowania firmy Microsoft — SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-11-17 155824]
S3 stornvme;Standardowy sterownik NVM Express firmy Microsoft;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\System32\drivers\teamviewervpn.sys [2013-12-22 35112]
S3 UEFI;Sterownik UEFI firmy Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\drivers\vmbusr.sys [2013-9-29 129536]
S3 vmicguestinterface;Interfejs uslugi goscia funkcji Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WEPHOSTSVC;Usluga hosta dostawcy szyfrowania systemu Windows;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Foldery robocze;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-8-22 230912]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-02-21 03:02:29 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-21 02:49:31 923936 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2014-02-21 02:49:31 6712608 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2014-02-21 02:49:31 63776 ----a-w- C:\WINDOWS\System32\nvshext.dll
2014-02-21 02:49:31 386336 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2014-02-21 02:49:31 3573739 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2014-02-21 02:49:31 3498272 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2014-02-21 02:49:31 2559776 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2014-02-21 02:39:35 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8765E9E0-0DF9-4223-80B5-F1DD70FF4135}\mpengine.dll
2014-02-21 02:39:04 -------- d-----w- C:\AdwCleaner
2014-02-21 02:37:08 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2014-02-18 03:51:15 965000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C359C7B3-C474-49DA-95AE-2DAEB2434EE4}\gapaengine.dll
2014-02-18 02:43:48 -------- d-----w- C:\Users\Hubert\AppData\Roaming\ShopAtHome
2014-02-17 21:37:38 -------- d-----w- C:\Program Files (x86)\Minion Rush
2014-02-17 14:42:42 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-16 21:50:40 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2014-02-15 22:14:43 -------- d-----w- C:\Users\Hubert\AppData\Roaming\IDM
2014-02-15 22:14:40 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2014-02-15 12:16:05 -------- d-----w- C:\Users\Hubert\AppData\Roaming\XBMC
2014-02-15 12:15:38 -------- d-----w- C:\Program Files (x86)\XBMC
2014-02-14 22:23:33 -------- d-----w- C:\Users\Hubert\AppData\Roaming\InstallX Search Protect for Yahoo
2014-02-14 20:56:41 -------- d-----w- C:\Users\Hubert\AppData\Roaming\PC-Gizmos
2014-02-13 16:06:54 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2014-02-13 15:15:56 -------- d-----w- C:\Program Files (x86)\NCSOFT
2014-02-13 14:47:21 -------- d-----w- C:\Users\Hubert\AppData\Local\Deployment
2014-02-13 14:47:21 -------- d-----w- C:\Users\Hubert\AppData\Local\Apps
2014-02-13 14:36:56 -------- d-----w- C:\ProgramData\CDB
2014-02-13 14:34:49 -------- d-----w- C:\Users\Hubert\.android
2014-02-13 14:34:48 -------- d-----w- C:\Users\Hubert\AppData\Local\cache
2014-02-13 14:33:17 -------- d-----w- C:\Users\Hubert\AppData\Local\Popajar
2014-02-13 14:06:37 18944 ----a-r- C:\Users\Hubert\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2014-02-05 12:44:15 175480 ----a-w- C:\WINDOWS\System32\drivers\idmwfp.sys
2014-02-04 01:51:08 -------- d-----w- C:\Program Files\CPUID
2014-02-02 18:34:03 -------- d-----w- C:\Users\Hubert\AppData\Local\Daedalic Entertainment GmbH
2014-02-02 13:51:37 -------- d-----w- C:\Users\Hubert\AppData\Local\Playfire_Ltd
2014-02-02 05:09:52 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Hard Disk Sentinel
2014-02-02 05:09:12 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel
2014-02-02 04:22:33 -------- d-----w- C:\Users\Hubert\AppData\Local\Ascaron Entertainment
2014-02-02 03:43:17 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2014-02-02 03:43:17 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2014-02-02 03:43:17 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2014-02-02 03:43:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-02-02 03:43:17 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-02-02 03:43:17 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2014-02-02 03:43:17 2080472 ----a-w- C:\WINDOWS\RtlExUpd.dll
2014-02-02 03:43:17 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2014-02-02 03:43:17 -------- d--h--w- C:\Program Files (x86)\Temp
2014-02-02 03:43:16 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2014-02-02 03:43:16 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2014-02-02 02:20:07 -------- d-----w- C:\Users\Hubert\AppData\Roaming\WizardWars
2014-02-01 21:09:14 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Vulcan
2014-02-01 21:09:13 -------- d-----w- C:\Users\Hubert\AppData\Local\Vulcan
2014-02-01 21:08:52 -------- d-----w- C:\Program Files (x86)\Playfire
2014-02-01 18:18:57 -------- d-----w- C:\ProgramData\PMS
2014-02-01 18:18:45 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2014-02-01 17:34:51 419840 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
2014-02-01 17:34:51 413696 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
2014-02-01 17:34:51 133632 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
2014-02-01 17:34:51 110592 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
2014-02-01 17:34:51 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-02-01 13:26:57 -------- d-----w- C:\ProgramData\Wowhead
2014-02-01 13:21:47 -------- d-----w- C:\Program Files (x86)\Master Games International
2014-02-01 12:51:58 -------- d-----w- C:\Users\Hubert\AppData\Local\InfiniteCrisis
2014-02-01 01:41:46 -------- d-----w- C:\Users\Hubert\AppData\Local\Turbine
2014-02-01 01:39:48 -------- d-----w- C:\ProgramData\Turbine
2014-01-26 22:10:01 39200 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2014-01-26 22:10:01 33056 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2014-01-25 19:32:50 -------- d-----w- C:\Users\Hubert\AppData\Local\calibre-cache
2014-01-25 19:32:09 -------- d-----w- C:\Program Files\Calibre2
2014-01-18 02:24:40 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator
2014-01-11 12:44:20 -------- d-----w- C:\ProgramData\Battle.net
2014-01-11 05:22:27 -------- d-----w- C:\Users\Hubert\AppData\Local\Skyrim
2014-01-11 05:10:18 -------- d-----w- C:\Program Files\Windows Firewall Control
2014-01-11 02:01:07 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Malwarebytes
2014-01-11 02:00:56 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-01-11 02:00:56 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-11 02:00:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-11 01:59:10 -------- d-----w- C:\NVIDIA
2014-01-11 01:42:30 -------- d-----w- C:\Program Files (x86)\LastPass
2014-01-04 18:38:59 -------- d-----w- C:\Users\Hubert\AppData\Local\FluxSoftware
2014-01-02 01:09:40 -------- d-----w- C:\Users\Hubert\AppData\Local\Macromedia
2014-01-02 01:05:43 -------- d-----w- C:\Users\Hubert\AppData\Local\Mozilla
2013-12-31 18:29:50 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2013-12-31 18:20:00 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-12-31 18:19:42 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Origin
2013-12-31 18:19:41 -------- d-----w- C:\Users\Hubert\AppData\Local\Origin
2013-12-31 18:19:13 -------- d-----w- C:\ProgramData\Origin
2013-12-31 18:19:12 -------- d-----w- C:\Program Files (x86)\Origin
2013-12-26 21:04:46 -------- d-----w- C:\Users\Hubert\AppData\Local\VMware
2013-12-26 21:00:53 -------- d-----w- C:\Program Files (x86)\VMware
2013-12-26 20:48:29 -------- d-----w- C:\Users\Hubert\AppData\Local\Geckofx
2013-12-26 20:48:23 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Firefly Studios
2013-12-26 02:50:24 -------- d-----w- C:\Users\Hubert\AppData\Roaming\GG
2013-12-26 02:50:21 -------- d-----w- C:\Users\Hubert\AppData\Local\GG
2013-12-26 02:22:07 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Mobipocket
2013-12-26 01:51:26 -------- d-----w- C:\Users\Hubert\AppData\Roaming\URSoft
2013-12-26 01:51:21 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 7
2013-12-26 01:23:41 -------- d-----w- C:\Users\Hubert\AppData\Local\MediaMonkey
2013-12-26 01:22:45 -------- d-----w- C:\Users\Hubert\AppData\Roaming\MediaMonkey
2013-12-26 00:10:24 -------- d-----w- C:\Program Files\Unlocker
2013-12-24 05:09:25 -------- d-----w- C:\Users\Hubert\AppData\Roaming\Beat Hazard
2013-12-24 01:27:29 -------- d-----w- C:\Users\Hubert\AppData\Local\SKIDROW
2013-12-23 19:05:13 -------- d-----w- C:\Users\Hubert\AppData\Roaming\TeamViewer
2013-12-23 03:59:15 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-12-23 03:34:30 35112 ----a-w- C:\WINDOWS\System32\drivers\teamviewervpn.sys
.
==================== Find6M ====================
.
2014-02-13 15:37:30 303104 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcGenral.dll
2014-02-06 11:30:46 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-02-02 05:30:55 32320 ----a-w- C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS
2014-01-30 20:47:26 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-01-30 20:47:26 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-01-21 02:53:40 1048152 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2014-01-21 02:53:29 1179576 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2014-01-19 07:38:24 270496 ------w- C:\WINDOWS\System32\MpSigStub.exe
2014-01-18 00:37:21 442880 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2014-01-09 08:25:10 2804224 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2014-01-09 07:59:06 115712 ----a-w- C:\WINDOWS\System32\winbici.dll
2014-01-09 07:59:02 1020928 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2014-01-09 07:49:48 919040 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-01-09 07:44:45 720384 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2014-01-09 07:43:12 121344 ----a-w- C:\WINDOWS\System32\SkyDriveShell.dll
2014-01-09 07:29:28 105984 ----a-w- C:\WINDOWS\SysWow64\SkyDriveShell.dll
2014-01-09 07:28:45 628736 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
2014-01-09 07:28:44 4217344 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
2014-01-09 07:18:50 870912 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
2014-01-08 01:46:27 325464 -c--a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2014-01-08 01:41:24 382808 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2014-01-08 01:41:24 1530712 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2014-01-07 07:03:30 18944 ----a-w- C:\WINDOWS\System32\pcaui.exe
2014-01-07 05:59:03 17408 ----a-w- C:\WINDOWS\SysWow64\pcaui.exe
2014-01-07 05:00:20 2397184 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2014-01-07 04:30:31 2071552 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2014-01-04 20:50:05 1462216 ----a-w- C:\WINDOWS\System32\propsys.dll
2014-01-04 19:22:49 1202888 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
2014-01-04 15:59:06 219648 ----a-w- C:\WINDOWS\System32\drivers\UMDF\LocationProvider.dll
2014-01-04 15:54:54 138240 ----a-w- C:\WINDOWS\System32\OEMLicense.dll
2014-01-04 15:08:49 103936 ----a-w- C:\WINDOWS\SysWow64\OEMLicense.dll
2014-01-04 14:52:01 2414592 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
2014-01-04 14:30:03 13209088 ----a-w- C:\WINDOWS\System32\twinui.dll
2014-01-04 14:23:19 11702272 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2014-01-04 14:08:33 206336 ----a-w- C:\WINDOWS\System32\WSClient.dll
2014-01-04 13:53:05 174592 ----a-w- C:\WINDOWS\SysWow64\WSClient.dll
2014-01-04 13:42:04 1105408 ----a-w- C:\WINDOWS\System32\SearchFolder.dll
2014-01-04 13:40:27 7416832 ----a-w- C:\WINDOWS\System32\Windows.UI.Search.dll
2014-01-04 13:36:27 830976 ----a-w- C:\WINDOWS\SysWow64\SearchFolder.dll
2014-01-04 13:28:24 4961792 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
2014-01-02 23:54:03 461312 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2014-01-02 23:48:13 336896 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
2014-01-02 23:40:20 5770752 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2014-01-02 23:38:30 6640640 ----a-w- C:\WINDOWS\System32\mstscax.dll
2014-01-01 01:55:10 1720560 ----a-w- C:\WINDOWS\System32\ntdll.dll
2014-01-01 01:52:37 481944 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2014-01-01 00:56:41 1472048 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2014-01-01 00:55:58 381168 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2013-12-31 23:59:29 802816 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2013-12-31 23:57:55 1214976 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2013-12-31 23:56:35 960512 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-12-30 23:34:06 218112 ----a-w- C:\WINDOWS\SysWow64\sti.dll
2013-12-30 23:33:43 770560 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-12-30 23:32:11 303616 ----a-w- C:\WINDOWS\System32\sti.dll
2013-12-30 23:31:47 914944 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-12-30 23:31:46 947712 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-12-27 18:42:16 35104 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2013-12-27 10:38:44 1057280 ----a-w- C:\WINDOWS\System32\rdvidcrl.dll
2013-12-27 08:57:38 842752 ----a-w- C:\WINDOWS\System32\MsSpellCheckingFacility.dll
2013-12-27 08:57:07 628736 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2013-12-27 08:23:50 749056 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2013-12-27 08:16:35 855552 ----a-w- C:\WINDOWS\SysWow64\rdvidcrl.dll
2013-12-27 07:03:50 630272 ----a-w- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
2013-12-27 07:03:13 478208 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2013-12-27 06:37:46 588800 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
2013-12-21 07:21:45 376320 ----a-w- C:\WINDOWS\System32\pnrpsvc.dll
2013-12-20 10:10:44 1113040 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2013-12-20 06:13:46 835584 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2013-12-18 04:16:25 108968 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2013-12-17 07:21:26 408576 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2013-12-14 06:31:39 13949440 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-12-14 06:19:48 18576384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-12-13 10:54:20 131160 ----a-w- C:\WINDOWS\System32\easinvoker.exe
2013-12-13 07:24:20 121088 -c--a-w- C:\WINDOWS\System32\drivers\USBAUDIO.sys
2013-12-13 06:36:39 178176 ----a-w- C:\WINDOWS\System32\easwrt.dll
2013-12-13 05:32:24 140800 ----a-w- C:\WINDOWS\SysWow64\easwrt.dll
2013-12-09 03:25:37 4190720 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-12-09 02:57:19 548864 ----a-w- C:\WINDOWS\System32\vbscript.dll
2013-12-09 01:51:12 454656 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2013-12-09 00:34:48 1227264 ----a-w- C:\WINDOWS\System32\mispace.dll
2013-12-09 00:27:24 2152448 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-12-09 00:19:46 570880 ----a-w- C:\WINDOWS\System32\msdrm.dll
2013-12-09 00:15:28 787968 ----a-w- C:\WINDOWS\System32\uDWM.dll
.
============= FINISH: 22:18:34,84 ===============
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
I still need Attach.txt log from DDS.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1 Pro z programem Media Center
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-10-18 22:51:09
System Uptime: 2014-02-20 21:42:53 (1 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 11,244 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 141,864 GiB free.
E: is FIXED (NTFS) - 279 GiB total, 33,303 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 53,53 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.32 (x64 edition)
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06) - Polish
Adobe Shockwave Player 12.0
Aktualizacje NVIDIA 11.10.11
Assassins Creed IV Black Flag Deluxe Edition
Battle.net
Bridge Base Online
calibre 64bit
Clementine
CPUID CPU-Z 1.68
Daum PotPlayer 1.5.40688 x64 Edition
Deadly Boss Mods Updater
Defiance
Deluge 1.3.6
Diablo III
f.lux
FastImageResizer (remove only)
FMRTE 14.1.3.3
Football Manager 2014
GeForce Experience NvStream Client Components
GG
Google Chrome
Hard Disk Sentinel PRO
Hearthstone
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
Internet Download Manager
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)
LastPass (uninstall only)
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
Microsoft Access MUI (Polish) 2013
Microsoft DCF MUI (Polish) 2013
Microsoft Excel MUI (Polish) 2013
Microsoft Groove MUI (Polish) 2013
Microsoft InfoPath MUI (Polish) 2013
Microsoft Lync MUI (Polish) 2013
Microsoft Office Home and Student 2013 - en-us
Microsoft Office Korrekturhilfen 2013 - Deutsch
Microsoft Office Language Pack 2013 - Polish/Polski
Microsoft Office O MUI (Polish) 2013
Microsoft Office OSM MUI (Polish) 2013
Microsoft Office OSM UX MUI (Polish) 2013
Microsoft Office Proofing (Polish) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Shared 32-bit MUI (Polish) 2013
Microsoft Office Shared MUI (Polish) 2013
Microsoft OneNote MUI (Polish) 2013
Microsoft Outlook MUI (Polish) 2013
Microsoft PowerPoint MUI (Polish) 2013
Microsoft Publisher MUI (Polish) 2013
Microsoft SharePoint Designer MUI (Polish) 2013
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word MUI (Polish) 2013
Microsoft X MUI (Polish) 2013
Narzedzia sprawdzajace pakietu Microsoft Office 2013 — polski
Notepad++
NVIDIA GeForce Experience 1.8.2
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Oprogramowanie systemu PhysX 9.13.1220
NVIDIA PhysX
NVIDIA ShadowPlay 11.10.11
NVIDIA Sterownik dzwieku HD 1.3.30.1
NVIDIA Sterownik graficzny 334.89
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenAL
Opera Stable 19.0.1326.63
Origin
Panel sterowania NVIDIA 334.89
Playfire
PS3 Media Server
PunkBuster Services
Raptr
Realtek High Definition Audio Driver
SavvyConnect
Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition
Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition
SHIELD Streaming
SimCity™
Skype™ 6.11
Sony PC Companion 2.10.181
Steam
swMSM
TeamSpeak 3 Client
TeamViewer 9
Total Commander Ultima Prime 5.8.0.0
Unlocker 1.9.2
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
Update for Microsoft SharePoint Designer 2013 (KB2760212) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition
Uplay
Ventrilo Client for Windows x64
WildStar
Winamp
Winamp Detector Plug-in
Windows 8 Manager
Windows Firewall Control
XBMC
XFastUSB
Your Uninstaller! 7
.
==== End Of File ===========================
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.21.02

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Hubert :: HUBERT [administrator]

2014-02-21 00:55:05
mbar-log-2014-02-21 (00-55-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 254902
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Hubert [Admin rights]
Mode : Scan -- Date : 02/21/2014 00:54:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ADATA SP900 +++++
--- User ---
[MBR] b14de4efa57cd5dd6ab1f597b8b3b833
[BSP] a5310d08bb77d08cad380d1e3030927b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 121752 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3250410AS +++++
--- User ---
[MBR] 65d7db5fc1d67066c0863445353395f9
[BSP] 1cc1bbc8f8f7e9ccd2d08ea0f199db63 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3250823AS +++++
--- User ---
[MBR] 33fea6c18b9978a569dab59958a26c57
[BSP] 5e933fa198b0439f41fc7958ab3a53aa : Empty MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD3000HLFS-01G6U4 +++++
--- User ---
[MBR] 64fca5b58a92479dd399a57af9832ec7
[BSP] 3a68c082df96f8de9638a3714366e17b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 286166 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02212014_005401.txt >>
RKreport[0]_D_02212014_000946.txt;RKreport[0]_D_02212014_001111.txt;RKreport[0]_S_02212014_000758.txt
RKreport[0]_S_02212014_001049.txt
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I cannot get Combofix to work under Windows 8.1 x 64. I have tried changing the name before saving, nothing works.

Here is my rKill.txt file

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/21/2014 05:20:10 PM in x64 mode.
Windows Version: Windows 8.1 Pro with Media Center

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Centrum zabezpieczeń (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* E1G60 [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam

Program finished at: 02/21/2014 05:20:20 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 
Sorry about it. Combofix doesn't work in Windows 8.1.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
AdwCleaner[S1].txt

# AdwCleaner v3.019 - Report created 21/02/2014 at 17:55:53
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center (64 bits)
# Username : Hubert - HUBERT
# Running from : C:\Users\Hubert\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v

[ File : C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8801 octets] - [20/02/2014 21:39:16]
AdwCleaner[R1].txt - [866 octets] - [21/02/2014 17:55:08]
AdwCleaner[S0].txt - [7646 octets] - [20/02/2014 21:42:26]
AdwCleaner[S1].txt - [788 octets] - [21/02/2014 17:55:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [847 octets] ##########


JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Hubert on 2014-02-21 at 18:08:45,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-02-21 at 18:10:14,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Hubert (administrator) on HUBERT on 21-02-2014 18:11:36
Running from C:\Users\Hubert\Desktop
Windows 8.1 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(Luth Research LLC) C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Hubert\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [SavvyConnectMenu] - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe [722736 2013-09-19] (Luth Research LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2013-10-27] (FNet Co., Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2124072431-2675259793-1593044314-1001\...\Run: [Google Update] - C:\Users\Hubert\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-18] (Google Inc.)
HKU\S-1-5-21-2124072431-2675259793-1593044314-1001\...\Run: [f.lux] - C:\Users\Hubert\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2124072431-2675259793-1593044314-1001\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-02-05] (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2CCABA0E262CCF01
SearchScopes: HKCU - {409B5EFB-ECCD-4033-88BD-6CB69025D122} URL = http://us.yhs4.search.yahoo.com/yhs..._DS,221,0_0,Search,20140207,19669,0,GC32,7656
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name - {11111111-1111-1111-1111-110511071178} - No File
BHO: No Name - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: EpTec - {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} - C:\Users\Hubert\AppData\Roaming\WinRAR\eptec.dll (Space International, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SavvyConnect IE Extension - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC)
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage:
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-02-14]
CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-14]
CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-14]
CHR Extension: (Honey) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-02-14]
CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
CHR Extension: (Flickr Right Click) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkdecjiajillolhbegcmmbphniicmjl [2014-02-14]
CHR Extension: (Google Search) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-14]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-02-14]
CHR Extension: (ZenMate for Google Chrome™) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-02-14]
CHR Extension: (Stylish) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-02-20]
CHR Extension: (Hacker Vision) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2014-02-14]
CHR Extension: (Screenwise Trends Panel) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2014-02-14]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-02-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-14]
CHR Extension: (Steamgiftster) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmkjjpmmmccfmlcjnbfdkdjjmhenojfh [2014-02-21]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-02-14]
CHR Extension: (Deathamns) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-02-14]
CHR Extension: (Diablo 3 (tm) Toolbox) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgfidddcehboihddlggjiiakhbpanpf [2014-02-14]
CHR Extension: (IDM Integration Module) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-15]
CHR Extension: (Disconnect) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-02-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-14]
CHR Extension: (InvisibleHand) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-02-14]
CHR Extension: (Top Eleven) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-02-14]
CHR Extension: (Google Maps) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-14]
CHR Extension: (Clickable Links) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-02-14]
CHR Extension: (Google Mail Checker) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-14]
CHR Extension: (SteamGifts Plus Alternative) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjlighkgeendkpncecpcidcegejbmedb [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
CHR Extension: (Enhanced Steam) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-02-14]
CHR Extension: (Click&Clean App) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-02-14]
CHR Extension: (Outlook.com) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-02-14]
CHR Extension: (Shellfish) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfgfpbcplmockgngcmgnalfnploegfi [2014-02-14]
CHR Extension: (Gmail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-14]
CHR Extension: (Abstract-Blue) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-02-14]
CHR Extension: (Wartune) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pojkgabgkoodmjjdcidakakmjnghfhdn [2014-02-14]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-11-24] ()
R2 SCService; C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe [1901872 2013-09-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [78336 2014-01-11] (BiniSoft.org)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe" [X]
S3 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe" [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-02-02] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-10-27] (FNet Co., Ltd.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2013-11-04] (SoftEther Project at University of Tsukuba, Japan.)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2013-11-04] (SoftEther Project at University of Tsukuba, Japan.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
S3 cmudaxp; \SystemRoot\system32\drivers\cmudaxp.sys [X]
U0 msahci;
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 18:10 - 2014-02-21 18:10 - 00000637 _____ () C:\Users\Hubert\Desktop\JRT.txt
2014-02-21 17:59 - 2014-02-21 18:11 - 00021087 _____ () C:\Users\Hubert\Desktop\FRST.txt
2014-02-21 17:59 - 2014-02-21 18:11 - 00000000 ____D () C:\FRST
2014-02-21 17:59 - 2014-02-21 17:59 - 00033189 _____ () C:\Users\Hubert\Desktop\Addition.txt
2014-02-21 17:57 - 2014-02-21 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-21 17:54 - 2014-02-21 17:54 - 02153984 _____ (Farbar) C:\Users\Hubert\Desktop\FRST64.exe
2014-02-21 17:54 - 2014-02-21 17:54 - 01241834 _____ () C:\Users\Hubert\Desktop\adwcleaner.exe
2014-02-21 17:54 - 2014-02-21 17:54 - 01037734 _____ (Thisisu) C:\Users\Hubert\Desktop\JRT.exe
2014-02-21 17:18 - 2014-02-21 17:20 - 00002494 _____ () C:\Users\Hubert\Desktop\Rkill.txt
2014-02-21 17:14 - 2014-02-21 17:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\rkill.exe
2014-02-21 17:13 - 2014-02-21 17:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\iExplore.exe
2014-02-21 17:12 - 2014-02-21 17:12 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\huberciak.exe
2014-02-21 17:11 - 2014-02-21 17:11 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\your_name.exe
2014-02-21 17:06 - 2014-02-21 17:06 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-02-21 17:03 - 2014-02-21 17:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-21 16:22 - 2014-02-21 16:22 - 10820032 _____ (SurfRight B.V.) C:\Users\Hubert\Desktop\hitmanpro_x64.exe
2014-02-21 11:56 - 2014-02-21 11:56 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
2014-02-21 11:38 - 2014-02-21 11:56 - 00000000 ____D () C:\Program Files (x86)\VG-Ripper
2014-02-21 11:38 - 2014-02-21 11:38 - 00001035 _____ () C:\Users\Public\Desktop\VG-Ripper.lnk
2014-02-21 11:30 - 2014-02-21 17:25 - 00000000 ___SD () C:\32788R22FWJFW
 
2014-02-21 00:12 - 2014-02-21 14:22 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-21 00:12 - 2014-02-21 00:12 - 00002450 _____ () C:\Users\Hubert\Desktop\takie tamlol.txt
2014-02-20 22:34 - 2014-02-20 22:34 - 00062331 _____ () C:\Users\Hubert\Desktop\Rematch_2_2_8.zip
2014-02-20 22:33 - 2014-02-20 22:36 - 1053931526 _____ () C:\Users\Hubert\Desktop\CSI.S14E15.720p.HDTV.X264-DIMENSION.mkv
2014-02-20 22:01 - 2014-02-20 22:01 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 21:49 - 2014-02-08 12:42 - 06712608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-02-20 21:49 - 2014-02-08 12:42 - 03498272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-02-20 21:49 - 2014-02-08 12:42 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-02-20 21:49 - 2014-02-08 12:42 - 00923936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-02-20 21:49 - 2014-02-08 12:42 - 00386336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-02-20 21:49 - 2014-02-08 12:42 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-02-20 21:49 - 2014-02-05 12:52 - 03573739 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-02-20 21:48 - 2014-02-08 13:34 - 31432480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 23683360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 18257576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 17715784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 15740232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 14669032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 12324640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-02-20 21:48 - 2014-02-08 13:34 - 11636176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 11589272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 09728064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 09690424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 03142432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 03090184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 02956576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 02782496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 02713728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 02410784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 01885472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433489.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433489.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00947296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00892192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00875296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00863520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00844576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00832424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00483104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00408352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00378656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00353504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00333600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00174296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00148528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-02-20 21:48 - 2014-02-08 13:34 - 00024544 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-02-20 21:48 - 2013-11-28 08:38 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-02-20 21:48 - 2013-11-28 08:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-02-20 21:48 - 2013-11-22 03:36 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2014-02-20 21:39 - 2014-02-21 17:55 - 00000000 ____D () C:\AdwCleaner
2014-02-20 21:37 - 2014-02-20 21:38 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-02-18 09:16 - 2014-02-18 09:16 - 00000607 _____ () C:\Users\Hubert\Desktop\NetBridgeVu.exe — skrót.lnk
2014-02-17 22:48 - 2014-02-17 22:48 - 00001516 _____ () C:\Users\Hubert\Desktop\Skype.exe — skrót.lnk
2014-02-17 22:47 - 2014-02-17 22:47 - 00000000 ____D () C:\Users\Hubert\Desktop\YGOPRO Dawn of a New Era
2014-02-17 22:46 - 2014-02-17 22:46 - 00000000 ____D () C:\Users\Hubert\Desktop\ygopro-1.032.1-V5-Percy-full
2014-02-17 21:43 - 2014-02-17 21:43 - 00000116 _____ () C:\Users\Public\Documents\SAH_Install.ini
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\ShopAtHome
2014-02-17 17:33 - 2014-02-17 17:33 - 00000000 ____D () C:\Program Files\7-Zip
2014-02-17 16:42 - 2014-02-21 18:08 - 00000860 __RSH () C:\ProgramData\ntuser.pol
2014-02-17 16:37 - 2014-02-17 16:47 - 00000000 ____D () C:\Program Files (x86)\Minion Rush
2014-02-17 16:34 - 2014-02-17 16:34 - 00000043 _____ () C:\Users\Hubert\AppData\Roaming\WB.CFG
2014-02-17 11:56 - 2014-02-17 11:56 - 00000000 ____D () C:\Users\Hubert\Desktop\MapSwitcher
2014-02-17 11:43 - 2014-02-17 12:13 - 00000000 ____D () C:\Users\Hubert\Documents\Heroes of the Storm
2014-02-17 00:40 - 2014-02-17 00:40 - 00000688 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
2014-02-16 16:50 - 2014-02-20 20:49 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-02-15 17:14 - 2014-02-15 23:32 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\IDM
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Video
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Compressed
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-02-15 07:16 - 2014-02-15 14:40 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\XBMC
2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Program Files (x86)\XBMC
2014-02-15 07:14 - 2014-02-15 07:14 - 59604731 _____ () C:\Users\Hubert\Downloads\xbmc-12.3.exe
2014-02-15 06:56 - 2014-02-15 06:56 - 00032973 _____ () C:\Users\Hubert\Downloads\Real.Time.with.Bill.Maher.2014.02.14.720p.HDTV.x264-BATV.torrent
2014-02-14 23:45 - 2014-02-14 23:45 - 00002879 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E03.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
2014-02-14 23:20 - 2014-02-14 23:20 - 00081211 _____ () C:\Users\Hubert\Downloads\Helix.S01E07.720p.HDTV.x264-REMARKABLE.torrent
2014-02-14 23:20 - 2014-02-14 23:20 - 00003019 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E02.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
2014-02-14 21:35 - 2014-02-14 21:35 - 00000222 _____ () C:\Users\Hubert\Desktop\Marvel Heroes.url
2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install.user.js
2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install (1).user.js
2014-02-14 21:12 - 2014-02-14 21:12 - 00000222 _____ () C:\Users\Hubert\Desktop\Defiance.url
2014-02-14 19:26 - 2014-02-14 19:26 - 01455104 _____ () C:\Users\Hubert\Downloads\7z932-x64.msi
2014-02-14 19:11 - 2014-02-21 17:54 - 00001080 _____ () C:\Users\Hubert\Desktop\takie tam.txt
2014-02-14 17:23 - 2014-02-14 17:32 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\InstallX Search Protect for Yahoo
2014-02-14 17:04 - 2014-02-14 17:04 - 00000000 ____D () C:\Users\Hubert\Documents\Respawn
2014-02-14 15:56 - 2014-02-14 17:31 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\PC-Gizmos
2014-02-13 20:45 - 2014-02-13 20:45 - 00000000 ____D () C:\Users\Hubert\Documents\ARC SYSTEM WORKS
2014-02-13 11:06 - 2014-02-13 11:06 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-13 10:37 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-13 10:37 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-13 10:37 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-13 10:37 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-13 10:37 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-13 10:37 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-13 10:37 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-13 10:37 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-13 10:37 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-13 10:37 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-13 10:37 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-13 10:37 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-13 10:37 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-13 10:37 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-13 10:37 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-13 10:37 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-13 10:37 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-13 10:37 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-13 10:37 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-13 10:37 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-13 10:37 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-13 10:37 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-13 10:37 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-13 10:37 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-13 10:37 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-13 10:37 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-13 10:37 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-13 10:37 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-13 10:37 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-13 10:37 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-13 10:37 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-13 10:37 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-13 10:37 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-13 10:37 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-13 10:37 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-13 10:37 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-13 10:37 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-13 10:37 - 2014-01-09 03:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-13 10:37 - 2014-01-09 02:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-13 10:37 - 2014-01-09 02:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-13 10:37 - 2014-01-09 02:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-13 10:37 - 2014-01-09 02:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-13 10:37 - 2014-01-09 02:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-13 10:37 - 2014-01-09 02:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-13 10:37 - 2014-01-09 02:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-13 10:37 - 2014-01-09 02:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-13 10:37 - 2014-01-09 02:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-13 10:37 - 2014-01-07 20:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-13 10:37 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-13 10:37 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-13 10:37 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-13 10:37 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-13 10:37 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-13 10:37 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-13 10:37 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-13 10:37 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-13 10:37 - 2014-01-04 10:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-13 10:37 - 2014-01-04 10:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-13 10:37 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-13 10:37 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-13 10:37 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-13 10:37 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-13 10:37 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-13 10:37 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-13 10:37 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-13 10:37 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-13 10:37 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-13 10:37 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-13 10:37 - 2014-01-02 18:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-02-13 10:37 - 2014-01-02 18:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-02-13 10:37 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-02-13 10:37 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-02-13 10:37 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-02-13 10:37 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-02-13 10:37 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-02-13 10:37 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-02-13 10:37 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-02-13 10:37 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-02-13 10:37 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-02-13 10:37 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-02-13 10:37 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-02-13 10:37 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-02-13 10:37 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-02-13 10:37 - 2013-12-27 05:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-02-13 10:37 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-02-13 10:37 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-13 10:37 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-13 10:37 - 2013-12-27 03:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-02-13 10:37 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-02-13 10:37 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-13 10:37 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-13 10:37 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-02-13 10:37 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-13 10:37 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-13 10:37 - 2013-12-20 05:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-13 10:37 - 2013-12-20 01:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-13 10:37 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-02-13 10:37 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-13 10:37 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-13 10:37 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-02-13 10:37 - 2013-12-13 02:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-02-13 10:37 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-02-13 10:37 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-02-13 10:37 - 2013-12-09 03:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-13 10:37 - 2013-12-08 23:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-13 10:37 - 2013-12-08 22:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-13 10:37 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-13 10:37 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-13 10:37 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-13 10:37 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-13 10:37 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-13 10:37 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-13 10:37 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-13 10:37 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-13 10:15 - 2014-02-13 10:48 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-02-13 10:15 - 2014-02-13 10:15 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-02-13 10:14 - 2014-02-13 10:14 - 04494696 _____ (NCSOFT) C:\Users\Hubert\Desktop\Wildstar.exe
2014-02-13 09:47 - 2014-02-14 17:17 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Deployment
2014-02-13 09:47 - 2014-02-13 09:47 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Apps\2.0
2014-02-13 09:36 - 2014-02-13 09:36 - 00000000 ____D () C:\ProgramData\CDB
2014-02-13 09:35 - 2014-02-13 09:36 - 00000119 _____ () C:\WINDOWS\efix.ini
2014-02-13 09:34 - 2014-02-13 09:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\cache
2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 ____D () C:\Users\Hubert\.android
2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 _____ () C:\Users\Hubert\daemonprocess.txt
2014-02-13 09:33 - 2014-02-13 10:40 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Popajar
2014-02-13 09:06 - 2014-02-20 21:43 - 00001488 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-05 07:44 - 2013-11-27 19:24 - 00175480 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2014-02-03 20:51 - 2014-02-03 20:51 - 00000000 ____D () C:\Program Files\CPUID
2014-02-02 18:19 - 2014-02-02 18:19 - 00000808 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackguards.lnk
2014-02-02 13:34 - 2014-02-02 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Daedalic Entertainment GmbH
2014-02-02 12:59 - 2014-02-02 12:59 - 00228695 _____ () C:\Users\Hubert\Desktop\Wszystko.m3u
2014-02-02 08:51 - 2014-02-02 08:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Playfire_Ltd
2014-02-02 00:38 - 2014-02-02 00:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\HardDiskSentinel
2014-02-02 00:09 - 2014-02-02 00:31 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-02-02 00:09 - 2014-02-02 00:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Hard Disk Sentinel
2014-02-01 23:22 - 2014-02-01 23:22 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Ascaron Entertainment
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files\Realtek
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-02-01 22:49 - 2013-07-30 20:16 - 03564376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2014-02-01 22:49 - 2013-07-30 17:14 - 02585304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2014-02-01 22:49 - 2013-07-30 13:47 - 00620273 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-02-01 22:49 - 2013-07-29 18:41 - 00147672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2014-02-01 22:49 - 2013-07-29 13:48 - 30311936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2014-02-01 22:49 - 2013-07-27 03:56 - 06219096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2014-02-01 22:49 - 2013-07-27 03:55 - 01908568 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2014-02-01 22:49 - 2013-07-27 03:55 - 00312152 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2014-02-01 22:49 - 2013-07-27 03:55 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2014-02-01 22:49 - 2013-07-26 14:26 - 05694504 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat
2014-02-01 22:49 - 2013-07-26 14:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 27519232 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 14042880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 03604224 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnN64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 01904384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 01044736 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 00933120 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 00920832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 00660224 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2014-02-01 22:49 - 2013-07-24 10:07 - 00650496 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2014-02-01 22:49 - 2013-07-24 01:45 - 00875776 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2014-02-01 22:49 - 2013-07-24 01:45 - 00845568 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2014-02-01 22:49 - 2013-07-24 01:45 - 00720128 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2014-02-01 22:49 - 2013-07-24 01:45 - 00244480 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2014-02-01 22:49 - 2013-07-22 15:37 - 01004248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2014-02-01 22:49 - 2013-07-18 14:48 - 02795224 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2014-02-01 22:49 - 2013-07-17 16:17 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2014-02-01 22:49 - 2013-07-08 18:32 - 04810008 _____ (ASUSTeKcomputer.Inc) C:\WINDOWS\system32\RTKSMlfx.dll
2014-02-01 22:49 - 2013-07-08 18:31 - 00758104 _____ (A-Volute) C:\WINDOWS\system32\RTKSMSettingsIPC.dll
2014-02-01 22:49 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2014-02-01 22:49 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2014-02-01 22:49 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2014-02-01 22:49 - 2013-06-21 11:01 - 00109848 _____ () C:\WINDOWS\system32\AcpiServiceVnA64.dll
2014-02-01 22:49 - 2013-06-18 17:00 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2014-02-01 22:49 - 2013-06-05 21:42 - 00208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2014-02-01 22:49 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2014-02-01 22:49 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2014-02-01 22:49 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2014-02-01 22:49 - 2012-10-02 14:41 - 00501192 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2014-02-01 22:49 - 2012-10-02 14:41 - 00487368 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2014-02-01 22:49 - 2012-10-02 14:41 - 00415688 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2014-02-01 22:49 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2014-02-01 22:49 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2014-02-01 22:49 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2014-02-01 22:49 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2014-02-01 22:49 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2014-02-01 22:49 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2014-02-01 22:49 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2014-02-01 22:49 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2014-02-01 22:49 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2014-02-01 22:49 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2014-02-01 22:49 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2014-02-01 22:49 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2014-02-01 22:49 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2014-02-01 22:49 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2014-02-01 22:49 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2014-02-01 22:49 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2014-02-01 22:49 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2014-02-01 22:49 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2014-02-01 22:49 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2014-02-01 22:49 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2014-02-01 22:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2014-02-01 22:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2014-02-01 22:49 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2014-02-01 22:49 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2014-02-01 22:49 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2014-02-01 22:49 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2014-02-01 22:49 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2014-02-01 22:49 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2014-02-01 22:49 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2014-02-01 22:49 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2014-02-01 22:49 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2014-02-01 22:49 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2014-02-01 22:43 - 2013-07-19 15:55 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2014-02-01 21:20 - 2014-02-01 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WizardWars
2014-02-01 16:09 - 2014-02-03 08:37 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Vulcan
2014-02-01 16:09 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Vulcan
2014-02-01 16:08 - 2014-02-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Playfire
2014-02-01 13:18 - 2014-02-08 12:42 - 00000000 ____D () C:\ProgramData\PMS
2014-02-01 13:18 - 2014-02-01 13:18 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-02-01 12:34 - 2014-02-01 12:34 - 00419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00413696 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-02-01 08:26 - 2014-02-01 08:26 - 00000000 ____D () C:\ProgramData\Wowhead
2014-02-01 08:21 - 2014-02-01 08:21 - 00000000 ____D () C:\Program Files (x86)\Master Games International
2014-02-01 07:51 - 2014-02-01 08:17 - 00000000 ____D () C:\Users\Hubert\Documents\InfiniteCrisis
2014-02-01 07:51 - 2014-02-01 07:52 - 00000000 ____D () C:\Users\Hubert\AppData\Local\InfiniteCrisis
2014-01-31 22:16 - 2014-01-31 22:16 - 00000000 ____D () C:\Users\Hubert\Documents\Paradox Interactive
2014-01-31 20:41 - 2014-02-01 07:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Turbine
2014-01-31 20:39 - 2014-01-31 20:39 - 00000000 ____D () C:\ProgramData\Turbine
2014-01-26 17:10 - 2013-12-27 13:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-01-26 17:10 - 2013-12-27 13:42 - 00033056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-01-25 14:33 - 2014-01-25 14:33 - 00000000 ____D () C:\Users\Hubert\Desktop\Books
2014-01-25 14:32 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Hubert\Documents\Biblioteka calibre
2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Users\Hubert\AppData\Local\calibre-cache
2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Program Files\Calibre2
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 ____D () C:\Users\Hubert\Documents\Larian Studios
2014-01-25 11:23 - 2014-01-25 11:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2014-01-24 23:10 - 2014-01-24 23:10 - 00000000 ____D () C:\Users\Hubert\Documents\Assassin's Creed Liberation HD

==================== One Month Modified Files and Folders =======

2014-02-21 18:11 - 2014-02-21 17:59 - 00021087 _____ () C:\Users\Hubert\Desktop\FRST.txt
2014-02-21 18:11 - 2014-02-21 17:59 - 00000000 ____D () C:\FRST
2014-02-21 18:10 - 2014-02-21 18:10 - 00000637 _____ () C:\Users\Hubert\Desktop\JRT.txt
2014-02-21 18:08 - 2014-02-17 16:42 - 00000860 __RSH () C:\ProgramData\ntuser.pol
2014-02-21 18:08 - 2013-10-18 21:47 - 01561725 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-21 18:08 - 2013-10-18 21:47 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs
2014-02-21 18:08 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-21 18:04 - 2013-11-08 12:12 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-21 18:01 - 2013-10-26 11:01 - 00806930 _____ () C:\WINDOWS\system32\perfh015.dat
2014-02-21 18:01 - 2013-10-26 11:01 - 00163808 _____ () C:\WINDOWS\system32\perfc015.dat
2014-02-21 18:01 - 2013-09-29 23:15 - 01828496 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-21 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-21 17:59 - 2014-02-21 17:59 - 00033189 _____ () C:\Users\Hubert\Desktop\Addition.txt
2014-02-21 17:57 - 2014-02-21 17:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-21 17:55 - 2014-02-20 21:39 - 00000000 ____D () C:\AdwCleaner
2014-02-21 17:54 - 2014-02-21 17:54 - 02153984 _____ (Farbar) C:\Users\Hubert\Desktop\FRST64.exe
2014-02-21 17:54 - 2014-02-21 17:54 - 01241834 _____ () C:\Users\Hubert\Desktop\adwcleaner.exe
2014-02-21 17:54 - 2014-02-21 17:54 - 01037734 _____ (Thisisu) C:\Users\Hubert\Desktop\JRT.exe
2014-02-21 17:54 - 2014-02-14 19:11 - 00001080 _____ () C:\Users\Hubert\Desktop\takie tam.txt
2014-02-21 17:48 - 2013-10-18 21:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2124072431-2675259793-1593044314-1001
2014-02-21 17:43 - 2013-10-18 21:48 - 00000000 ____D () C:\Users\Hubert
2014-02-21 17:42 - 2013-08-22 08:25 - 71827456 _____ () C:\WINDOWS\system32\config\software.rcbak
2014-02-21 17:42 - 2013-08-22 08:25 - 12582912 _____ () C:\WINDOWS\system32\config\system.rcbak
2014-02-21 17:42 - 2013-08-22 08:25 - 00524288 _____ () C:\WINDOWS\system32\config\default.rcbak
2014-02-21 17:42 - 2013-08-22 08:25 - 00262144 _____ () C:\WINDOWS\system32\config\security.rcbak
2014-02-21 17:42 - 2013-08-22 08:25 - 00262144 _____ () C:\WINDOWS\system32\config\sam.rcbak
2014-02-21 17:41 - 2013-10-24 23:29 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-02-21 17:25 - 2014-02-21 11:30 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-21 17:20 - 2014-02-21 17:18 - 00002494 _____ () C:\Users\Hubert\Desktop\Rkill.txt
2014-02-21 17:15 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-21 17:14 - 2014-02-21 17:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\rkill.exe
2014-02-21 17:14 - 2013-11-29 15:12 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\DMCache
2014-02-21 17:13 - 2014-02-21 17:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Hubert\Desktop\iExplore.exe
2014-02-21 17:12 - 2014-02-21 17:12 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\huberciak.exe
2014-02-21 17:11 - 2014-02-21 17:11 - 05183886 ____R (Swearware) C:\Users\Hubert\Desktop\your_name.exe
2014-02-21 17:06 - 2014-02-21 17:06 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-02-21 17:06 - 2014-02-21 17:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-21 16:22 - 2014-02-21 16:22 - 10820032 _____ (SurfRight B.V.) C:\Users\Hubert\Desktop\hitmanpro_x64.exe
2014-02-21 14:25 - 2013-10-18 21:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{50612425-6FF1-4E51-B419-5D1EC9984006}
2014-02-21 14:22 - 2014-02-21 00:12 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-21 14:22 - 2013-12-25 20:51 - 00010851 _____ () C:\missing.ini
2014-02-21 11:56 - 2014-02-21 11:56 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
2014-02-21 11:56 - 2014-02-21 11:38 - 00000000 ____D () C:\Program Files (x86)\VG-Ripper
2014-02-21 11:38 - 2014-02-21 11:38 - 00001035 _____ () C:\Users\Public\Desktop\VG-Ripper.lnk
2014-02-21 09:54 - 2013-11-30 10:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-21 09:50 - 2013-10-18 21:51 - 00000000 __RDO () C:\Users\Hubert\SkyDrive
2014-02-21 09:35 - 2013-10-24 23:29 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Raptr
2014-02-21 09:35 - 2013-10-18 22:26 - 01790976 ___SH () C:\Users\Hubert\Desktop\Thumbs.db
2014-02-21 03:06 - 2013-10-19 11:24 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Skype
2014-02-21 03:05 - 2013-10-18 22:06 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Battle.net
2014-02-21 00:12 - 2014-02-21 00:12 - 00002450 _____ () C:\Users\Hubert\Desktop\takie tamlol.txt
2014-02-20 22:36 - 2014-02-20 22:33 - 1053931526 _____ () C:\Users\Hubert\Desktop\CSI.S14E15.720p.HDTV.X264-DIMENSION.mkv
2014-02-20 22:34 - 2014-02-20 22:34 - 00062331 _____ () C:\Users\Hubert\Desktop\Rematch_2_2_8.zip
2014-02-20 22:01 - 2014-02-20 22:01 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-20 21:49 - 2014-02-20 21:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 21:49 - 2013-10-18 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-20 21:49 - 2013-10-18 21:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-20 21:49 - 2013-10-18 21:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-20 21:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Help
2014-02-20 21:49 - 2013-08-22 09:46 - 00338121 _____ () C:\WINDOWS\setupact.log
2014-02-20 21:43 - 2014-02-13 09:06 - 00001488 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-20 21:38 - 2014-02-20 21:37 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-02-20 20:49 - 2014-02-16 16:50 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-02-20 20:28 - 2013-10-18 22:29 - 00000000 ____D () C:\Program Files (x86)\Clementine
2014-02-20 15:04 - 2013-11-08 12:12 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 14:39 - 2013-12-14 13:04 - 00000000 ____D () C:\Bridge Base Online
2014-02-18 09:16 - 2014-02-18 09:16 - 00000607 _____ () C:\Users\Hubert\Desktop\NetBridgeVu.exe — skrót.lnk
2014-02-18 08:06 - 2013-09-29 23:03 - 00492230 _____ () C:\WINDOWS\PFRO.log
2014-02-17 22:48 - 2014-02-17 22:48 - 00001516 _____ () C:\Users\Hubert\Desktop\Skype.exe — skrót.lnk
2014-02-17 22:47 - 2014-02-17 22:47 - 00000000 ____D () C:\Users\Hubert\Desktop\YGOPRO Dawn of a New Era
2014-02-17 22:46 - 2014-02-17 22:46 - 00000000 ____D () C:\Users\Hubert\Desktop\ygopro-1.032.1-V5-Percy-full
2014-02-17 21:43 - 2014-02-17 21:43 - 00000116 _____ () C:\Users\Public\Documents\SAH_Install.ini
2014-02-17 21:43 - 2014-02-17 21:43 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\ShopAtHome
2014-02-17 17:33 - 2014-02-17 17:33 - 00000000 ____D () C:\Program Files\7-Zip
2014-02-17 16:47 - 2014-02-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Minion Rush
2014-02-17 16:42 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-02-17 16:42 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-02-17 16:34 - 2014-02-17 16:34 - 00000043 _____ () C:\Users\Hubert\AppData\Roaming\WB.CFG
2014-02-17 12:13 - 2014-02-17 11:43 - 00000000 ____D () C:\Users\Hubert\Documents\Heroes of the Storm
2014-02-17 11:56 - 2014-02-17 11:56 - 00000000 ____D () C:\Users\Hubert\Desktop\MapSwitcher
2014-02-17 11:49 - 2013-10-18 22:06 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-17 00:40 - 2014-02-17 00:40 - 00000688 _____ () C:\Users\Hubert\AppData\Local\recently-used.xbel
2014-02-16 16:50 - 2013-10-19 10:34 - 00000000 ____D () C:\Program Files (x86)\Deluge
2014-02-16 16:49 - 2013-11-30 10:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-16 16:49 - 2013-10-18 22:26 - 00000000 ____D () C:\Users\Hubert\Desktop\TreeSizeFree
2014-02-16 15:37 - 2013-12-31 13:19 - 00000000 ____D () C:\ProgramData\Origin
2014-02-16 10:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-16 09:39 - 2013-12-31 13:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-02-16 09:38 - 2013-12-31 13:19 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-15 23:32 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\IDM
2014-02-15 21:50 - 2013-10-18 21:08 - 00000000 ___RD () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-15 19:11 - 2014-01-01 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Video
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\Downloads\Compressed
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-02-15 17:14 - 2014-02-15 17:14 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-02-15 14:40 - 2014-02-15 07:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\XBMC
2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
2014-02-15 07:15 - 2014-02-15 07:15 - 00000000 ____D () C:\Program Files (x86)\XBMC
2014-02-15 07:14 - 2014-02-15 07:14 - 59604731 _____ () C:\Users\Hubert\Downloads\xbmc-12.3.exe
2014-02-15 06:56 - 2014-02-15 06:56 - 00032973 _____ () C:\Users\Hubert\Downloads\Real.Time.with.Bill.Maher.2014.02.14.720p.HDTV.x264-BATV.torrent
2014-02-14 23:45 - 2014-02-14 23:45 - 00002879 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E03.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
2014-02-14 23:45 - 2013-10-19 10:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\deluge
2014-02-14 23:20 - 2014-02-14 23:20 - 00081211 _____ () C:\Users\Hubert\Downloads\Helix.S01E07.720p.HDTV.x264-REMARKABLE.torrent
2014-02-14 23:20 - 2014-02-14 23:20 - 00003019 _____ () C:\Users\Hubert\Downloads\House.of.Cards.2013.S02E02.1080p.NF.WEBRip.DD5.1.x264-NTb.mkv.torrent
2014-02-14 21:35 - 2014-02-14 21:35 - 00000222 _____ () C:\Users\Hubert\Desktop\Marvel Heroes.url
2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install.user.js
2014-02-14 21:19 - 2014-02-14 21:19 - 00001683 _____ () C:\Users\Hubert\Downloads\steamgifts-plus-alternative-install (1).user.js
 
2014-02-14 21:12 - 2014-02-14 21:12 - 00000222 _____ () C:\Users\Hubert\Desktop\Defiance.url
2014-02-14 19:26 - 2014-02-14 19:26 - 01455104 _____ () C:\Users\Hubert\Downloads\7z932-x64.msi
2014-02-14 17:44 - 2013-10-18 22:26 - 00000000 ____D () C:\Users\Hubert\Desktop\jobs
2014-02-14 17:32 - 2014-02-14 17:23 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\InstallX Search Protect for Yahoo
2014-02-14 17:31 - 2014-02-14 15:56 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\PC-Gizmos
2014-02-14 17:17 - 2014-02-13 09:47 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Deployment
2014-02-14 17:12 - 2013-11-29 14:51 - 00001250 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-02-14 17:04 - 2014-02-14 17:04 - 00000000 ____D () C:\Users\Hubert\Documents\Respawn
2014-02-14 17:04 - 2013-12-31 13:19 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Origin
2014-02-14 14:21 - 2013-10-18 22:44 - 00849875 _____ () C:\WINDOWS\DirectX.log
2014-02-13 20:45 - 2014-02-13 20:45 - 00000000 ____D () C:\Users\Hubert\Documents\ARC SYSTEM WORKS
2014-02-13 11:08 - 2013-10-18 21:07 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Packages
2014-02-13 11:06 - 2014-02-13 11:06 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-13 10:48 - 2014-02-13 10:15 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-02-13 10:40 - 2014-02-13 09:33 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Popajar
2014-02-13 10:40 - 2013-10-18 21:08 - 00000000 ___RD () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 10:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-13 10:40 - 2013-08-22 09:44 - 00376824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-13 10:38 - 2013-11-14 11:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 10:37 - 2013-11-14 11:18 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 10:15 - 2014-02-13 10:15 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-02-13 10:14 - 2014-02-13 10:14 - 04494696 _____ (NCSOFT) C:\Users\Hubert\Desktop\Wildstar.exe
2014-02-13 09:47 - 2014-02-13 09:47 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Apps\2.0
2014-02-13 09:37 - 2014-02-13 09:34 - 00000000 ____D () C:\Users\Hubert\AppData\Local\cache
2014-02-13 09:36 - 2014-02-13 09:36 - 00000000 ____D () C:\ProgramData\CDB
2014-02-13 09:36 - 2014-02-13 09:35 - 00000119 _____ () C:\WINDOWS\efix.ini
2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 ____D () C:\Users\Hubert\.android
2014-02-13 09:34 - 2014-02-13 09:34 - 00000000 _____ () C:\Users\Hubert\daemonprocess.txt
2014-02-13 08:00 - 2013-10-19 14:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-12 20:51 - 2013-10-18 22:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-08 13:34 - 2014-02-20 21:48 - 31432480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 23683360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 18257576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 17715784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 15740232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 14669032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 12324640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-02-08 13:34 - 2014-02-20 21:48 - 11636176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 11589272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 09728064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 09690424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 03142432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 03090184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 02956576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 02782496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 02713728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 02410784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 01885472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433489.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433489.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00947296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00892192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00875296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00863520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00844576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00832424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00483104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00408352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00378656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00353504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00333600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00174296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00148528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-02-08 13:34 - 2014-02-20 21:48 - 00024544 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-02-08 12:42 - 2014-02-20 21:49 - 06712608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-02-08 12:42 - 2014-02-20 21:49 - 03498272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-02-08 12:42 - 2014-02-20 21:49 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-02-08 12:42 - 2014-02-20 21:49 - 00923936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-02-08 12:42 - 2014-02-20 21:49 - 00386336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-02-08 12:42 - 2014-02-20 21:49 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-02-08 12:42 - 2014-02-01 13:18 - 00000000 ____D () C:\ProgramData\PMS
2014-02-06 07:16 - 2014-02-13 10:37 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-13 10:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-13 10:37 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-13 10:37 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-13 10:37 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-13 10:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-13 10:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-13 10:37 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 05:49 - 2014-02-13 10:37 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-13 10:37 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-13 10:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-13 10:37 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-13 10:37 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-13 10:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-13 10:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 05:11 - 2014-02-13 10:37 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-13 10:37 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-13 10:37 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 10:37 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-13 10:37 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-13 10:37 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-13 10:37 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-13 10:37 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 04:47 - 2014-02-13 10:37 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-13 10:37 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-13 10:37 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-13 10:37 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-13 10:37 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 04:22 - 2014-02-13 10:37 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-13 10:37 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-13 10:37 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-13 10:37 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-13 10:37 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-13 10:37 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-13 10:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-13 10:37 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-13 10:37 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-05 12:52 - 2014-02-20 21:49 - 03573739 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-02-03 20:51 - 2014-02-03 20:51 - 00000000 ____D () C:\Program Files\CPUID
2014-02-03 08:37 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Vulcan
2014-02-03 07:33 - 2013-10-18 22:52 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Adobe
2014-02-02 18:19 - 2014-02-02 18:19 - 00000808 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackguards.lnk
2014-02-02 13:34 - 2014-02-02 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Daedalic Entertainment GmbH
2014-02-02 12:59 - 2014-02-02 12:59 - 00228695 _____ () C:\Users\Hubert\Desktop\Wszystko.m3u
2014-02-02 08:51 - 2014-02-02 08:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Playfire_Ltd
2014-02-02 00:38 - 2014-02-02 00:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\HardDiskSentinel
2014-02-02 00:31 - 2014-02-02 00:09 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-02-02 00:30 - 2013-10-27 21:49 - 00032320 _____ (FNet Co., Ltd.) C:\WINDOWS\system32\Drivers\FNETTBOH_305.SYS
2014-02-02 00:09 - 2014-02-02 00:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Hard Disk Sentinel
2014-02-01 23:22 - 2014-02-01 23:22 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Ascaron Entertainment
2014-02-01 22:54 - 2013-10-18 21:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files\Realtek
2014-02-01 22:49 - 2014-02-01 22:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-02-01 22:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-02-01 21:20 - 2014-02-01 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WizardWars
2014-02-01 16:09 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Vulcan
2014-02-01 16:08 - 2014-02-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Playfire
2014-02-01 16:08 - 2013-11-02 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-01 13:18 - 2014-02-01 13:18 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-02-01 12:34 - 2014-02-01 12:34 - 00419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00413696 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2014-02-01 12:34 - 2014-02-01 12:34 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-02-01 12:34 - 2013-10-18 22:53 - 00000000 ____D () C:\Users\Hubert\Documents\my games
2014-02-01 08:26 - 2014-02-01 08:26 - 00000000 ____D () C:\ProgramData\Wowhead
2014-02-01 08:21 - 2014-02-01 08:21 - 00000000 ____D () C:\Program Files (x86)\Master Games International
2014-02-01 08:17 - 2014-02-01 07:51 - 00000000 ____D () C:\Users\Hubert\Documents\InfiniteCrisis
2014-02-01 07:52 - 2014-02-01 07:51 - 00000000 ____D () C:\Users\Hubert\AppData\Local\InfiniteCrisis
2014-02-01 07:51 - 2014-01-31 20:41 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Turbine
2014-01-31 22:16 - 2014-01-31 22:16 - 00000000 ____D () C:\Users\Hubert\Documents\Paradox Interactive
2014-01-31 20:39 - 2014-01-31 20:39 - 00000000 ____D () C:\ProgramData\Turbine
2014-01-30 15:47 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 15:47 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:17 - 2013-11-11 18:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-25 17:49 - 2013-10-18 22:26 - 00000703 _____ () C:\Users\Hubert\Desktop\hasła.txt
2014-01-25 17:23 - 2013-11-10 10:31 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\FMRTE14
2014-01-25 14:46 - 2014-01-25 14:32 - 00000000 ____D () C:\Users\Hubert\Documents\Biblioteka calibre
2014-01-25 14:42 - 2013-12-18 01:01 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\calibre
2014-01-25 14:33 - 2014-01-25 14:33 - 00000000 ____D () C:\Users\Hubert\Desktop\Books
2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Users\Hubert\AppData\Local\calibre-cache
2014-01-25 14:32 - 2014-01-25 14:32 - 00000000 ____D () C:\Program Files\Calibre2
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 ____D () C:\Users\Hubert\Documents\Larian Studios
2014-01-25 11:23 - 2014-01-25 11:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2014-01-24 23:10 - 2014-01-24 23:10 - 00000000 ____D () C:\Users\Hubert\Documents\Assassin's Creed Liberation HD

Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 12:01
==================== End Of Log ============================
 
Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by Hubert at 2014-02-21 18:11:59
Running from C:\Users\Hubert\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.32 (x64 edition) (Version: 9.32.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Polish (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146 - Adobe Systems, Inc.)
Aktualizacje NVIDIA 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
Assassins Creed IV Black Flag Deluxe Edition (x32 Version: - Ubisoft)
Battle.net (x32 Version: - Blizzard Entertainment)
Bridge Base Online (x32 Version: Version 5.2.21 - Bridge Base Online, Ltd.)
calibre 64bit (Version: 1.21.0 - Kovid Goyal)
Clementine (x32 Version: 1.2.2 - Clementine)
CPUID CPU-Z 1.68 (Version: - )
Daum PotPlayer 1.5.40688 x64 Edition (Version: - )
Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc)
Deadly Boss Mods Updater (x32 Version: 1.07.00 - Master Games International, Inc) Hidden
Defiance (x32 Version: - Trion Worlds)
Deluge 1.3.6 (x32 Version: - )
Diablo III (x32 Version: - Blizzard Entertainment)
f.lux (HKCU Version: - )
FastImageResizer (remove only) (x32 Version: - )
FMRTE 14.1.3.3 (Version: 14.1.3.3 - Raul Bravo)
Football Manager 2014 (x32 Version: - Sports Interactive)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GG (HKCU Version: 12 - GG Network S.A.)
Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)
Hard Disk Sentinel PRO (x32 Version: - HDS)
Hearthstone (x32 Version: - Blizzard Entertainment)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Internet Download Manager (x32 Version: - Tonec Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450 - Oracle)
LastPass (uninstall only) (x32 Version: - LastPass)
LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvel Heroes (x32 Version: - Gazillion Entertainment)
Microsoft Access MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2013 - Polish/Polski (Version: 15.0.4433.1507 - Microsoft Corporation)
Microsoft Office O MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Microsoft X MUI (Polish) 2013 (Version: 15.0.4433.1507 - Microsoft Corporation) Hidden
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Sterownik dźwięku HD 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 334.89 (Version: 334.89 - NVIDIA Corporation)
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OpenAL (x32 Version: - )
Opera Stable 19.0.1326.63 (x32 Version: 19.0.1326.63 - Opera Software ASA)
Origin (x32 Version: 9.3.11.2762 - Electronic Arts, Inc.)
Panel sterowania NVIDIA 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
Playfire (x32 Version: 0.0.53.0 - Playfire) Hidden
PS3 Media Server (x32 Version: 1.90.1 - PS3 Media Server)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Raptr (x32 Version: - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
SavvyConnect (x32 Version: 3.9.0002 - Luth Research)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.181 (x32 Version: 2.10.181 - Sony)
Steam (x32 Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (x32 Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (x32 Version: 9.0.26297 - TeamViewer)
Total Commander Ultima Prime 5.8.0.0 (x32 Version: 5.8.0.0 - Robert Łajka & Paweł Porwisz)
Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SharePoint Designer 2013 (KB2760212) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version: - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
Ventrilo Client for Windows x64 (Version: 3.0.8.0 - Flagship Industries, Inc.)
VG-Ripper version 2.9.5.6 (x32 Version: 2.9.5.6 - The Watcher)
WildStar (x32 Version: 1.0.0.6512 - NCSOFT)
Winamp (x32 Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows 8 Manager (Version: 1.1.8 - Yamicsoft)
Windows Firewall Control (Version: 4.0.6.0 - BiniSoft.org)
XBMC (HKCU Version: - Team XBMC)
XFastUSB (x32 Version: 3.02.31 - ASRock Inc.)
Your Uninstaller! 7 (x32 Version: 7.5.2013.2 - URSoft, Inc.)

==================== Restore Points =========================

21-02-2014 05:47:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2013-08-22 08:25 - 2014-02-21 17:24 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E1F36CA-C503-4A1D-A482-BCD04DCF1EB3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2124072431-2675259793-1593044314-1001
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3B82596C-F55A-4247-96F4-AF5A6C350755} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {49004DE5-5F4F-4BC3-8FE0-37A87AB521E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-13] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C11DC01-ED14-4B05-9C6C-6ED6F699BC62} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {91735981-AE0D-4205-9454-435C9C14C4BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B27E41A7-163E-4026-A97E-1158E138B262} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2124072431-2675259793-1593044314-1001Core1cf13e64fcf6056.job => C:\Users\Hubert\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-20 21:49 - 2014-02-08 12:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-18 22:49 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-10-18 22:49 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-10-18 22:49 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-11-19 15:03 - 2013-11-24 13:06 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-09-19 13:22 - 2013-09-19 13:22 - 01901872 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
2014-01-17 13:53 - 2014-01-17 13:53 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-10 17:20 - 2013-06-10 17:20 - 00612152 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\sqlite3.dll
2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 15:46 - 2011-09-21 15:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-01-17 19:46 - 2014-01-11 05:28 - 00715544 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-17 19:46 - 2014-01-11 05:28 - 00100120 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-17 19:46 - 2014-01-11 05:29 - 04055320 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 19:46 - 2014-01-11 05:29 - 00399640 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 19:46 - 2014-01-11 05:28 - 01634584 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2013-10-27 21:48 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-21 14:26 - 2014-02-21 14:26 - 13632904 _____ () C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\Hubert\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 05:12:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception code: 0x40000015
Fault offset: 0x0008d1c0
Faulting process id: 0x1358
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (02/21/2014 05:10:16 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/21/2014 11:56:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: VG-Ripper.exe, version: 2.9.5.6, time stamp: 0x53003eda
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16496, time stamp: 0x52b3e015
Exception code: 0xe0434352
Fault offset: 0x00012eec
Faulting process id: 0x598
Faulting application start time: 0xVG-Ripper.exe0
Faulting application path: VG-Ripper.exe1
Faulting module path: VG-Ripper.exe2
Report Id: VG-Ripper.exe3
Faulting package full name: VG-Ripper.exe4
Faulting package-relative application ID: VG-Ripper.exe5

Error: (02/21/2014 11:56:58 AM) (Source: .NET Runtime) (User: )
Description: Aplikacja: VG-Ripper.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.ArgumentOutOfRangeException
Stos:
w System.String.Substring(Int32, Int32)
w Ripper.Core.Components.ServiceTemplate.GetImageName(System.String, System.String, Int32)
w Ripper.Services.ImageHosts.ImgWoot.DoDownload()
w Ripper.Core.Components.ServiceTemplate.StartDownloadAsync()
w Ripper.Services.ImageDownloader.GetImgWoot()
w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
w System.Threading.ThreadHelper.ThreadStart()

Error: (02/21/2014 09:35:20 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/21/2014 02:54:44 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/21/2014 01:04:02 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/21/2014 00:47:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.

System Error:
Odmowa dostępu.
.

Error: (02/20/2014 11:35:26 PM) (Source: Application Hang) (User: )
Description: The program Wow-64.exe version 5.4.7.17930 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23e8

Start Time: 01cf2eb5d9b986b4

Termination Time: 244

Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Report Id: 935dc824-9ab1-11e3-befd-bc5ff455a450

Faulting package full name:

Faulting package-relative application ID:

Error: (02/20/2014 10:21:04 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (02/21/2014 06:10:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (02/21/2014 06:08:27 PM) (Source: Service Control Manager) (User: )
Description: The BingBar Service service failed to start due to the following error:
%%2

Error: (02/21/2014 05:58:22 PM) (Source: Service Control Manager) (User: )
Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (02/21/2014 05:56:19 PM) (Source: Service Control Manager) (User: )
Description: The BingBar Service service failed to start due to the following error:
%%2

Error: (02/21/2014 05:45:17 PM) (Source: Service Control Manager) (User: )
Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (02/21/2014 05:43:13 PM) (Source: Service Control Manager) (User: )
Description: The BingBar Service service failed to start due to the following error:
%%2

Error: (02/21/2014 05:38:06 PM) (Source: Service Control Manager) (User: )
Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (02/21/2014 05:35:58 PM) (Source: Service Control Manager) (User: )
Description: The BingBar Service service failed to start due to the following error:
%%2

Error: (02/21/2014 05:35:25 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Uruchom usługę ponownie.

Error: (02/21/2014 05:21:37 PM) (Source: Service Control Manager) (User: )
Description: The Usługa udostępniania w sieci programu Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (02/21/2014 05:12:11 PM) (Source: Application Error)(User: )
Description: iexplore.exe0.0.0.04e06cfe8iexplore.exe0.0.0.04e06cfe8400000150008d1c0135801cf2f51f8044d83C:\32788R22FWJFW\License\iexplore.exeC:\32788R22FWJFW\License\iexplore.exe35cc668d-9b45-11e3-beff-bc5ff455a450

Error: (02/21/2014 05:10:16 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (02/21/2014 11:56:58 AM) (Source: Application Error)(User: )
Description: VG-Ripper.exe2.9.5.653003edaKERNELBASE.dll6.3.9600.1649652b3e015e043435200012eec59801cf2f236d89e4bbC:\Program Files (x86)\VG-Ripper\VG-Ripper.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll2c891176-9b19-11e3-beff-bc5ff455a450

Error: (02/21/2014 11:56:58 AM) (Source: .NET Runtime)(User: )
Description: Aplikacja: VG-Ripper.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.ArgumentOutOfRangeException
Stos:
w System.String.Substring(Int32, Int32)
w Ripper.Core.Components.ServiceTemplate.GetImageName(System.String, System.String, Int32)
w Ripper.Services.ImageHosts.ImgWoot.DoDownload()
w Ripper.Core.Components.ServiceTemplate.StartDownloadAsync()
w Ripper.Services.ImageDownloader.GetImgWoot()
w System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
w System.Threading.ThreadHelper.ThreadStart()

Error: (02/21/2014 09:35:20 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/21/2014 02:54:44 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/21/2014 01:04:02 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/21/2014 00:47:54 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft.

System Error:
Odmowa dostępu.

Error: (02/20/2014 11:35:26 PM) (Source: Application Hang)(User: )
Description: Wow-64.exe5.4.7.1793023e801cf2eb5d9b986b4244C:\Program Files (x86)\World of Warcraft\Wow-64.exe935dc824-9ab1-11e3-befd-bc5ff455a450

Error: (02/20/2014 10:21:04 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883


CodeIntegrity Errors:
===================================
Date: 2014-02-20 21:46:10.760
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:43:32.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:43:07.724
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:43:07.583
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:36:31.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:35:55.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:35:55.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:35:55.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:35:54.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-20 21:35:54.494
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8077.64 MB
Available physical RAM: 5778.36 MB
Total Pagefile: 9357.64 MB
Available Pagefile: 6483.92 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.9 GB) (Free:12.24 GB) NTFS
Drive d: (Takie Tam) (Fixed) (Total:232.88 GB) (Free:139.46 GB) NTFS
Drive e: (Moje) (Fixed) (Total:279.46 GB) (Free:26.61 GB) NTFS
Drive f: (Rozne) (Fixed) (Total:232.88 GB) (Free:53.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 60CA1AAD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C7BB37BC)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 233 GB) (Disk ID: 06C9BD92)
Partition 1: (Not Active) - (Size=233 GB) - (Type=OF Extended)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: 9F3AEC7E)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    729 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014
Ran by Hubert at 2014-02-21 18:46:34 Run:1
Running from C:\Users\Hubert\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: No Name - {11111111-1111-1111-1111-110511071178} - No File
BHO: No Name - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - No File
BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511071178} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5682CA62-1A80-40AE-82A0-B67833CE75FF} => Key deleted successfully.
HKCR\CLSID\{5682CA62-1A80-40AE-82A0-B67833CE75FF} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
HKCR\PROTOCOLS\Handler\cup => Key deleted successfully.
HKCR\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
HKCR\PROTOCOLS\Handler\dup => Key deleted successfully.
HKCR\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\cup => Key not found.
HKCR\Wow6432Node\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\dup => Key not found.
HKCR\Wow6432Node\CLSID\{A0BE0236-AB5A-45DC-A304-2269CE96708E} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.


The system needs a manual reboot.

==== End of Fixlog ====
 
Excellent!

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
There were no logs for Eset Online Scanner.

checkup.txt
Results of screen317's Security Check version 0.99.79
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 32.0.1700.76
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Firewall Control wfcs.exe
Windows Firewall Control wfc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


FSS.txt
Farbar Service Scanner Version: 16-02-2014
Ran by Hubert (administrator) on 21-02-2014 at 23:33:10
Running from "C:\Users\Hubert\Desktop"
Microsoft Windows 8.1 Pro with Media Center (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 08:25] - [2013-08-22 08:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2014-01-17 19:37] - [2013-11-05 15:12] - 2551128 ____A (Microsoft Corporation) 3D9A5AC880D7AA2305812D665D24ED23

C:\Windows\System32\dnsrslvr.dll
[2013-11-14 11:17] - [2013-10-08 00:48] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-14 11:17] - [2013-10-12 16:48] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-14 11:17] - [2013-10-06 21:13] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-14 11:17] - [2013-09-14 04:11] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50

C:\Windows\System32\iphlpsvc.dll
[2013-11-14 11:17] - [2013-10-07 23:50] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back