Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by Agata_Szram (ATTENTION: The logged in user is not administrator) on 31-08-2013 14:48:45 Running from F:\ Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) D:\Users\Agata_Szram\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) D:\Users\Agata_Szram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (iPass, Inc.) C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [Spotify] - D:\Users\Agata_Szram\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-08-26] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - D:\Users\Agata_Szram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-26] (Spotify Ltd) MountPoints2: {ee3ac4eb-72a6-11e1-88b7-806e6f6e6963} - E:\setup64.exe HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12105344 2012-09-28] (Microsoft Corporation) HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-28] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-28] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Coty Open Mobile Powered by GCIS.lnk ShortcutTarget: Coty Open Mobile Powered by GCIS.lnk -> C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe (iPass, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.cotyww.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.cotyww.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130330111329.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130330111329.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {9b935470-ad4a-11d5-b63e-00c04faedb18} DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{7DB7FEC3-2D71-42A3-8D1B-34CFB7107F40}: [NameServer]212.2.96.51 212.2.96.52 ==================== Services (Whitelisted) ================= R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [157496 2012-08-27] (LANDesk Software, Inc. and its affiliates.) R3 iMobilityService; C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [30208 2012-05-21] (iPass Inc.) R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [202744 2013-02-25] (LANDesk Software, Inc. and its affiliates.) R2 Intel PDS; C:\Windows\SysWow64\CBA\pds.exe [32825 2012-10-04] (LANDesk Software Ltd.) R2 iPlatformService; C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [22528 2012-05-21] (iPass Inc.) R2 ISSUSER; C:\PROGRA~2\LANDesk\LDClient\issuser.exe [1001536 2013-04-17] (LANDesk Software, Inc. and its affiliates.) R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [219648 2012-12-13] (LANDesk Software, Inc. and its affiliates.) R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [179200 2012-10-04] (LANDesk Software, Inc. and its affiliates.) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 Lotus Notes Diagnostics; C:\Notes\nsd.exe [3417480 2011-07-11] (IBM) R2 Lotus Notes Single Logon; C:\Notes\nslsvice.exe [62856 2011-07-11] (IBM Corp) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2013-03-30] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2013-03-30] (McAfee, Inc.) R2 Multi-user Cleanup Service; C:\Notes\ntmulti.exe [58760 2011-07-11] (IBM Corp) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [121200 2011-04-14] (SAP AG) S2 ProcTrigger; C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [153376 2012-10-04] (LANDesk Software, Inc. and its affiliates.) R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [639464 2013-01-11] (LANDesk Software, Inc. and its affiliates.) R2 tracksvc; C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [75608 2012-10-04] (LANDesk Software, Inc. and its affiliates.) ==================== Drivers (Whitelisted) ==================== R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB) S3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-09] (Lenovo) S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2012-10-04] (LANDesk Software, Inc. and its affiliates.) R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2012-10-04] (LANDesk Software, Inc. and its affiliates.) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2013-03-30] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2013-03-30] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2013-03-30] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2013-03-30] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2013-03-30] (McAfee, Inc.) R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2012-10-04] (LANDesk Software, Inc. and its affiliates.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation) S3 qcusbserlno2k; C:\Windows\system32\drivers\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB) U3 mfeavfk01; No ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-30 00:53 - 2013-08-30 05:06 - 524288000 _____ C:\REMOVE_THIS_FILE.livecd.swap 2013-08-29 23:12 - 2013-08-29 23:12 - 00000000 ____D C:\FRST 2013-08-28 23:18 - 2013-08-28 23:18 - 00003352 ____N C:\bootsqm.dat 2013-08-28 19:46 - 2013-08-28 19:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-27 23:45 - 2013-08-28 00:34 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-27 20:44 - 2013-08-27 20:50 - 00000000 ____D D:\Users\Agata_Szram\Desktop\a2 2013-08-27 20:16 - 2013-08-27 20:16 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Comodo 2013-08-27 14:44 - 2013-08-27 14:44 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\TeamViewer 2013-08-26 21:12 - 2013-08-26 21:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-08-26 20:57 - 2013-08-31 00:26 - 00000000 ____D C:\Quarantine 2013-08-26 18:12 - 2013-08-30 03:41 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\Spotify 2013-08-26 18:12 - 2013-08-26 18:12 - 00001787 _____ D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2013-08-26 18:08 - 2013-08-31 14:43 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Spotify 2013-08-20 23:33 - 2013-02-28 03:47 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 11009312 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-08-20 23:33 - 2013-02-28 03:47 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 07565088 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 06263632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 01107440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 00958120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 00284448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys 2013-08-20 23:33 - 2013-02-28 03:47 - 00245872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 00201576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-08-20 23:33 - 2013-02-28 03:47 - 00030496 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2013-08-20 23:33 - 2013-02-28 03:47 - 00017266 _____ C:\Windows\system32\nvinfo.pb 2013-08-20 23:32 - 2013-02-28 03:47 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2013-08-20 23:32 - 2013-02-28 03:47 - 02504096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-08-20 23:31 - 2012-10-18 00:19 - 01048376 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2013-08-20 23:31 - 2012-10-18 00:19 - 00539960 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll 2013-08-20 23:31 - 2012-10-18 00:19 - 00460600 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2013-08-20 23:31 - 2012-10-18 00:19 - 00229176 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2013-08-20 23:31 - 2012-10-18 00:19 - 00177976 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo14.dll 2013-08-20 23:31 - 2012-10-18 00:19 - 00113976 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll 2013-08-20 23:31 - 2012-10-18 00:19 - 00044344 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys 2013-08-20 23:31 - 2011-09-14 19:11 - 01048576 _____ C:\Windows\system32\syndata.bin 2013-08-20 23:31 - 2010-09-07 16:09 - 00015472 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\smiifx64.sys 2013-08-20 23:30 - 2013-08-20 23:30 - 00000000 ____D C:\Windows\LANDesk_Installs 2013-08-20 15:43 - 2012-01-13 13:38 - 00589896 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll 2013-08-20 15:43 - 2012-01-13 13:38 - 00421448 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll 2013-08-20 15:40 - 2013-08-20 15:40 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2013-08-20 15:38 - 2013-08-31 01:15 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Juniper Networks 2013-08-20 15:23 - 2013-08-31 01:15 - 00000000 ___RD D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-20 15:23 - 2013-08-27 15:10 - 00009716 __RSH D:\Users\Agata_Szram\ntuser.pol 2013-08-20 15:23 - 2013-08-27 15:10 - 00000000 ____D D:\Users\Agata_Szram 2013-08-20 15:23 - 2013-08-21 23:21 - 00000000 ____D D:\Users\Agata_Szram\Documents\SAP 2013-08-20 15:23 - 2013-08-21 23:21 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\SAP 2013-08-20 15:23 - 2013-08-21 23:21 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\SAP 2013-08-20 15:23 - 2013-08-20 15:36 - 00112872 _____ D:\Users\AGATA_~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-20 15:23 - 2013-08-20 15:25 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\NGC 2013-08-20 15:23 - 2013-08-20 15:23 - 00001305 _____ D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-08-20 15:23 - 2013-08-20 15:23 - 00001283 _____ D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-08-20 15:23 - 2013-08-20 15:23 - 00000000 ___RD D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-08-20 15:23 - 2013-08-20 15:23 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\iPass 2013-08-20 15:23 - 2013-07-02 10:29 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\RidNacs 2013-08-20 15:23 - 2013-03-05 18:20 - 00000000 ____D D:\Users\Agata_Szram\Tracing 2013-08-20 15:23 - 2012-08-13 20:20 - 00000000 ____D D:\Users\Agata_Szram\.java 2013-08-20 15:23 - 2012-06-15 01:16 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Adobe 2013-08-20 15:23 - 2012-06-13 00:29 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\Adobe 2013-08-20 15:23 - 2012-04-26 03:07 - 00330480 _____ D:\Users\Agata_Szram\Documents\LotusInstall.log 2013-08-20 15:23 - 2012-04-26 02:49 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\Lotus 2013-08-20 15:23 - 2012-03-29 17:43 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\ICAClient 2013-08-20 15:23 - 2012-03-27 23:49 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\IsolatedStorage 2013-08-20 15:23 - 2012-03-27 13:27 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\ICAClient 2013-08-20 15:23 - 2012-03-27 13:20 - 00000017 _____ D:\Users\AGATA_~1\AppData\Local\resmon.resmoncfg 2013-08-20 15:23 - 2012-03-21 21:11 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Macromedia 2013-08-20 15:23 - 2012-03-21 19:34 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\McAfee 2013-08-20 15:23 - 2012-03-21 19:32 - 00000020 ___SH D:\Users\Agata_Szram\ntuser.ini 2013-08-20 15:23 - 2012-03-21 00:49 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\Microsoft Help 2013-08-20 15:23 - 2009-07-14 06:54 - 00000000 ___RD D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-08-20 15:23 - 2009-07-14 06:49 - 00000000 ___RD D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-08-20 14:53 - 2013-08-20 14:53 - 00000000 ____D D:\Users\warsaw_admin 2013-08-20 14:37 - 2013-08-20 14:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_l36gsen_01_09_00.Wdf 2013-08-20 14:37 - 2013-08-20 14:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WwanUsbMp64_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wwussf64_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wwuss64_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____D C:\Program Files\Protector Suite 2013-08-20 14:35 - 2013-08-28 23:21 - 00303035 _____ C:\Windows\WindowsUpdate.log 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\Intel 2013-08-20 14:35 - 2013-01-10 23:37 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2013-08-20 14:35 - 2013-01-10 23:37 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2013-08-20 14:35 - 2013-01-10 23:36 - 02934933 _____ C:\Windows\system32\nvcoproc.bin 2013-08-20 14:35 - 2013-01-10 23:36 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2013-08-20 14:35 - 2013-01-10 23:36 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2013-08-20 14:35 - 2013-01-10 23:36 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2013-08-20 14:35 - 2013-01-10 23:36 - 00558880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll 2013-08-20 14:35 - 2013-01-10 23:36 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2013-08-20 14:35 - 2013-01-10 23:36 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-08-20 14:35 - 2013-01-10 23:36 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2013-08-20 14:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-08-20 14:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-08-20 14:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-08-20 14:27 - 2013-05-27 07:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-20 14:27 - 2013-05-27 07:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-20 14:27 - 2013-05-27 07:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-20 14:27 - 2013-05-27 07:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-20 14:27 - 2013-05-27 07:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-20 14:27 - 2013-05-27 07:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-20 14:27 - 2013-05-27 07:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-08-20 14:27 - 2013-05-27 06:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-20 14:27 - 2013-05-27 06:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-20 14:27 - 2013-05-27 06:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-08-20 14:27 - 2013-05-27 06:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-20 14:27 - 2013-05-27 06:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-20 14:27 - 2013-05-27 06:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-20 14:27 - 2013-05-27 06:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-20 14:27 - 2013-05-27 05:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-20 14:27 - 2013-05-27 05:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-20 14:26 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-08-20 14:26 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-08-20 14:25 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-20 14:25 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-20 14:11 - 2013-08-31 14:46 - 00763276 _____ C:\Windows\system32\perfh015.dat 2013-08-20 14:11 - 2013-08-31 14:46 - 00163476 _____ C:\Windows\system32\perfc015.dat 2013-08-20 14:11 - 2013-08-20 14:08 - 00337158 _____ C:\Windows\system32\perfi015.dat 2013-08-20 14:11 - 2013-08-20 14:08 - 00038710 _____ C:\Windows\system32\perfd015.dat 2013-08-20 14:10 - 2013-08-20 14:10 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-08-20 14:10 - 2013-08-20 14:10 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-08-20 14:09 - 2013-08-20 14:09 - 00000000 ____D C:\Windows\system32\pl 2013-08-20 13:50 - 2013-08-30 03:39 - 00000000 ____D C:\ProgramData\NGC 2013-08-20 13:50 - 2013-08-20 15:43 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-08-20 13:50 - 2013-08-20 13:50 - 00000078 _____ C:\Windows\init.ini 2013-08-20 13:50 - 2013-08-20 13:50 - 00000000 ____D D:\Users\Public\Juniper Networks 2013-08-20 13:50 - 2013-08-20 13:50 - 00000000 ____D C:\ProgramData\Sierra Wireless 2013-08-20 13:50 - 2013-08-20 13:50 - 00000000 ____D C:\Program Files (x86)\iPass 2013-08-20 13:49 - 2013-08-20 13:49 - 00010722 _____ C:\Windows\DPINST.LOG 2013-08-20 13:49 - 2013-08-20 13:49 - 00001414 _____ C:\Windows\Synaptics.log 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____D C:\Program Files\Synaptics 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-08-20 13:48 - 2013-08-20 13:49 - 00000000 ____D C:\Program Files\Lenovo 2013-08-20 13:48 - 2013-08-20 13:48 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-08-20 13:48 - 2012-07-05 09:23 - 00001244 _____ D:\Users\Public\Desktop\Coty Help.lnk 2013-08-20 13:47 - 2012-05-25 19:29 - 00000259 _____ D:\Users\Public\Desktop\Coty SSL VPN.url 2013-08-20 13:47 - 2012-01-13 13:37 - 01080392 _____ (Juniper Networks) C:\Windows\CotyVpnIcon.exe 2013-08-20 13:42 - 2013-08-27 15:16 - 00000000 ____D C:\ProgramData\vulScan 2013-08-20 13:42 - 2013-08-20 13:42 - 00000000 ____D C:\ProgramData\LANDesk 2013-08-20 13:41 - 2013-08-20 13:48 - 00000000 ____D C:\Program Files (x86)\LANDesk 2013-08-20 13:41 - 2013-08-20 13:41 - 00000000 ____D C:\Windows\SysWOW64\cba 2013-08-20 13:41 - 2012-10-04 07:16 - 00044232 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\poweroff.exe 2013-08-20 13:41 - 2012-10-04 07:16 - 00033896 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\poweroffUI.exe 2013-08-20 13:41 - 2012-10-04 06:33 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\enuPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:54 - 00056832 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\ELOGAPI.DLL 2013-08-20 13:41 - 2012-10-04 04:17 - 00004096 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\itaPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00004096 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\deuPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\rusPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\korPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\jpnPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\fraPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\chtPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\chsPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:16 - 00004096 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\ptbPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:16 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\espPWOFF.dll 2013-08-20 13:41 - 2012-10-04 04:15 - 00059600 _____ (Avocent Corporation ) C:\Windows\SysWOW64\LDCmd32.EXE 2013-08-20 13:41 - 2012-10-04 04:07 - 00027984 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\system32\ldmirror.dll 2013-08-20 13:41 - 2012-10-04 04:07 - 00020992 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\system32\Drivers\ldblank.sys 2013-08-20 13:41 - 2012-10-04 04:07 - 00007168 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\system32\Drivers\mirrorflt.sys 2013-08-20 13:41 - 2012-10-04 04:07 - 00005120 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\system32\Drivers\ldmirror.sys 2013-08-20 13:41 - 2012-10-04 04:02 - 00086073 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\nts.dll 2013-08-20 13:41 - 2012-10-04 04:02 - 00077884 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\pds.dll 2013-08-20 13:41 - 2012-10-04 04:02 - 00041023 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\msgsys.dll 2013-08-20 13:41 - 2012-10-04 04:02 - 00036927 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\msgsys.exe 2013-08-20 13:41 - 2012-10-04 04:02 - 00028729 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\cba.dll 2013-08-20 13:41 - 2012-10-04 04:01 - 00077824 _____ (Intel) C:\Windows\SysWOW64\loc32vc0.dll 2013-08-20 13:39 - 2013-08-20 14:45 - 00000000 ____D D:\Users\LANDesk_Image 2013-08-20 13:39 - 2013-08-20 14:45 - 00000000 ____D C:\Windows\rescache 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\Windows\system32\NV 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\ProgramData\GroupPolicy 2013-08-20 12:59 - 2013-08-29 01:01 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Agata Szram 2013-08-01 21:44 - 2013-08-01 21:44 - 00012118 _____ D:\Users\Agata_Szram\Desktop\meteor_afp_390.jpeg ==================== One Month Modified Files and Folders ======= 2013-08-31 14:46 - 2013-08-20 14:11 - 00763276 _____ C:\Windows\system32\perfh015.dat 2013-08-31 14:46 - 2013-08-20 14:11 - 00163476 _____ C:\Windows\system32\perfc015.dat 2013-08-31 14:46 - 2009-07-14 07:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-31 14:43 - 2013-08-26 18:08 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Spotify 2013-08-31 14:42 - 2013-07-02 10:53 - 00026734 _____ C:\Windows\setupact.log 2013-08-31 14:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-31 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration 2013-08-31 01:15 - 2013-08-20 15:38 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Juniper Networks 2013-08-31 01:15 - 2013-08-20 15:23 - 00000000 ___RD D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-31 00:26 - 2013-08-26 20:57 - 00000000 ____D C:\Quarantine 2013-08-30 05:06 - 2013-08-30 00:53 - 524288000 _____ C:\REMOVE_THIS_FILE.livecd.swap 2013-08-30 03:46 - 2009-07-14 06:45 - 00011360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-30 03:46 - 2009-07-14 06:45 - 00011360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-30 03:41 - 2013-08-26 18:12 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\Spotify 2013-08-30 03:39 - 2013-08-20 13:50 - 00000000 ____D C:\ProgramData\NGC 2013-08-29 23:12 - 2013-08-29 23:12 - 00000000 ____D C:\FRST 2013-08-29 01:01 - 2013-08-20 12:59 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Agata Szram 2013-08-28 23:21 - 2013-08-20 14:35 - 00303035 _____ C:\Windows\WindowsUpdate.log 2013-08-28 23:18 - 2013-08-28 23:18 - 00003352 ____N C:\bootsqm.dat 2013-08-28 19:46 - 2013-08-28 19:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-28 00:34 - 2013-08-27 23:45 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-27 20:50 - 2013-08-27 20:44 - 00000000 ____D D:\Users\Agata_Szram\Desktop\a2 2013-08-27 20:16 - 2013-08-27 20:16 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Comodo 2013-08-27 15:22 - 2013-06-17 09:24 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Zadania_PH 2013-08-27 15:16 - 2013-08-20 13:42 - 00000000 ____D C:\ProgramData\vulScan 2013-08-27 15:10 - 2013-08-20 15:23 - 00009716 __RSH D:\Users\Agata_Szram\ntuser.pol 2013-08-27 15:10 - 2013-08-20 15:23 - 00000000 ____D D:\Users\Agata_Szram 2013-08-27 15:10 - 2012-03-20 17:37 - 00013332 __RSH C:\ProgramData\ntuser.pol 2013-08-27 14:44 - 2013-08-27 14:44 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\TeamViewer 2013-08-26 21:12 - 2013-08-26 21:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-08-26 18:12 - 2013-08-26 18:12 - 00001787 _____ D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2013-08-23 15:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-22 16:01 - 2013-04-11 17:58 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Grafiki 2013-08-21 23:37 - 2013-03-03 21:02 - 00000000 ____D D:\Users\Agata_Szram\Desktop\raporty 2013-08-21 23:21 - 2013-08-20 15:23 - 00000000 ____D D:\Users\Agata_Szram\Documents\SAP 2013-08-21 23:21 - 2013-08-20 15:23 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\SAP 2013-08-21 23:21 - 2013-08-20 15:23 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\SAP 2013-08-20 23:30 - 2013-08-20 23:30 - 00000000 ____D C:\Windows\LANDesk_Installs 2013-08-20 15:51 - 2013-03-08 22:19 - 00000000 ____D D:\Users\Agata_Szram\Desktop\WSB 2013-08-20 15:51 - 2013-03-03 22:31 - 00000000 ___SD D:\Users\Agata_Szram\Desktop\GG dysk 2013-08-20 15:50 - 2013-07-28 18:04 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Foto_robota 2013-08-20 15:50 - 2013-07-22 10:55 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Prezentacje21_07 2013-08-20 15:50 - 2013-07-09 18:20 - 00000000 ____D D:\Users\Agata_Szram\Desktop\foto_prezentacja 2013-08-20 15:50 - 2013-06-11 14:03 - 00000000 ____D D:\Users\Agata_Szram\Desktop\dowód 2013-08-20 15:50 - 2013-05-24 21:01 - 00000000 ____D D:\Users\Agata_Szram\Desktop\motywowanie-wbiznesie 2013-08-20 15:50 - 2013-05-15 09:30 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Legitka 2013-08-20 15:50 - 2013-04-17 10:40 - 00000000 ____D D:\Users\Agata_Szram\Desktop\paragony 2013-08-20 15:50 - 2013-03-16 01:19 - 00000000 ____D D:\Users\Agata_Szram\Desktop\słuchowiska 2013-08-20 15:50 - 2013-03-12 19:39 - 00000000 ____D D:\Users\Agata_Szram\Desktop\Regulamin_kompa 2013-08-20 15:50 - 2013-03-03 21:02 - 00000000 ____D D:\Users\Agata_Szram\Desktop\kontakty 2013-08-20 15:48 - 2013-03-13 22:20 - 00000000 ____D D:\Users\Agata_Szram\Desktop\do nauki 2013-08-20 15:48 - 2013-03-08 12:04 - 00000000 ____D D:\Users\Agata_Szram\Desktop\dokumenty_szkolenie_trenerów 2013-08-20 15:48 - 2013-02-26 13:21 - 00000000 ____D D:\Users\Agata_Szram\Desktop\cyklVIII 2013-08-20 15:47 - 2013-04-22 20:29 - 00000000 ____D D:\Users\Agata_Szram\Desktop\barcelona 2013-08-20 15:47 - 2013-04-11 12:02 - 00000000 ____D D:\Users\Agata_Szram\Documents\Pliki programu Outlook 2013-08-20 15:43 - 2013-08-20 13:50 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-08-20 15:40 - 2013-08-20 15:40 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2013-08-20 15:36 - 2013-08-20 15:23 - 00112872 _____ D:\Users\AGATA_~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-20 15:25 - 2013-08-20 15:23 - 00000000 ____D D:\Users\AGATA_~1\AppData\Local\NGC 2013-08-20 15:23 - 2013-08-20 15:23 - 00001305 _____ D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-08-20 15:23 - 2013-08-20 15:23 - 00001283 _____ D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-08-20 15:23 - 2013-08-20 15:23 - 00000000 ___RD D:\Users\Agata_Szram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-08-20 15:23 - 2013-08-20 15:23 - 00000000 ____D D:\Users\Agata_Szram\AppData\Roaming\iPass 2013-08-20 14:53 - 2013-08-20 14:53 - 00000000 ____D D:\Users\warsaw_admin 2013-08-20 14:46 - 2012-03-20 21:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-20 14:46 - 2012-03-20 21:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-20 14:46 - 2011-04-12 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-20 14:46 - 2009-07-14 06:45 - 00427800 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-20 14:45 - 2013-08-20 13:39 - 00000000 ____D D:\Users\LANDesk_Image 2013-08-20 14:45 - 2013-08-20 13:39 - 00000000 ____D C:\Windows\rescache 2013-08-20 14:42 - 2012-03-20 19:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-20 14:42 - 2011-04-12 09:45 - 00000000 ____D C:\Windows\ShellNew 2013-08-20 14:42 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini 2013-08-20 14:37 - 2013-08-20 14:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_l36gsen_01_09_00.Wdf 2013-08-20 14:37 - 2013-08-20 14:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WwanUsbMp64_01009.Wdf 2013-08-20 14:37 - 2013-07-03 06:51 - 00002236 _____ C:\Windows\TSSysprep.log 2013-08-20 14:37 - 2012-03-29 18:16 - 00003293 _____ C:\Windows\DtcInstall.log 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wwussf64_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wwuss64_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2013-08-20 14:36 - 2013-08-20 14:36 - 00000000 ____D C:\Program Files\Protector Suite 2013-08-20 14:36 - 2012-04-26 02:59 - 00000000 ____D C:\Notes 2013-08-20 14:36 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-20 14:35 - 2013-08-20 14:35 - 00000000 ____D C:\Intel 2013-08-20 14:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help 2013-08-20 14:10 - 2013-08-20 14:10 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-08-20 14:10 - 2013-08-20 14:10 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\system32\winrm 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\system32\WCN 2013-08-20 14:10 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\system32\slmgr 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-20 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME 2013-08-20 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-08-20 14:09 - 2013-08-20 14:09 - 00000000 ____D C:\Windows\system32\pl 2013-08-20 14:09 - 2011-04-12 09:38 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2013-08-20 14:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com 2013-08-20 14:08 - 2013-08-20 14:11 - 00337158 _____ C:\Windows\system32\perfi015.dat 2013-08-20 14:08 - 2013-08-20 14:11 - 00038710 _____ C:\Windows\system32\perfd015.dat 2013-08-20 13:50 - 2013-08-20 13:50 - 00000078 _____ C:\Windows\init.ini 2013-08-20 13:50 - 2013-08-20 13:50 - 00000000 ____D D:\Users\Public\Juniper Networks 2013-08-20 13:50 - 2013-08-20 13:50 - 00000000 ____D C:\ProgramData\Sierra Wireless 2013-08-20 13:50 - 2013-08-20 13:50 - 00000000 ____D C:\Program Files (x86)\iPass 2013-08-20 13:49 - 2013-08-20 13:49 - 00010722 _____ C:\Windows\DPINST.LOG 2013-08-20 13:49 - 2013-08-20 13:49 - 00001414 _____ C:\Windows\Synaptics.log 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____D C:\Program Files\Synaptics 2013-08-20 13:49 - 2013-08-20 13:49 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-08-20 13:49 - 2013-08-20 13:48 - 00000000 ____D C:\Program Files\Lenovo 2013-08-20 13:49 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore 2013-08-20 13:48 - 2013-08-20 13:48 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-08-20 13:48 - 2013-08-20 13:41 - 00000000 ____D C:\Program Files (x86)\LANDesk 2013-08-20 13:42 - 2013-08-20 13:42 - 00000000 ____D C:\ProgramData\LANDesk 2013-08-20 13:41 - 2013-08-20 13:41 - 00000000 ____D C:\Windows\SysWOW64\cba 2013-08-20 13:41 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\Windows\system32\NV 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-20 13:39 - 2013-08-20 13:39 - 00000000 ____D C:\ProgramData\GroupPolicy 2013-08-20 13:39 - 2012-03-20 19:07 - 00000000 ____D C:\Windows\Panther 2013-08-20 13:37 - 2013-03-30 13:11 - 00000000 ____D C:\ProgramData\McAfee 2013-08-01 21:44 - 2013-08-01 21:44 - 00012118 _____ D:\Users\Agata_Szram\Desktop\meteor_afp_390.jpeg ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================