Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by a184075 (administrator) on A184075 on 14-10-2013 16:16:13 Running from E:\ Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Sysinternals - www.sysinternals.com) E:\autoruns.exe (Microsoft Corporation) C:\Windows\regedit.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2013-07-19] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [CardOS API] - C:\Program Files\CardOS API\bin\cardoscp.exe [164864 2013-07-19] (Atos IT Solutions and Services GmbH) HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Policies\Explorer: [NoAutorun] 1 HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1 HKCU\...\Run: [Spotify Web Helper] - C:\Users\a184075\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-13] (Spotify Ltd) HKCU\...\Run: [Polar Sync] - [x] HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\a184075\AppData\Roaming\data.dat [77312 2013-08-02] () <==== ATTENTION HKCU\...\Policies\system: [HideLogonScripts] 0 HKCU\...\Policies\system: [HideLogoffScripts] 0 HKCU\...\Policies\system: [HideLegacyLogonScripts] 0 HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKCU\...\Policies\Explorer: [NoDrives] 2 HKCU\...\Policies\Explorer: [HideSCAHealth] 1 MountPoints2: {22bacbbb-fdd0-11e2-91a1-806e6f6e6963} - D:\setup.exe HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2013-07-19] (Analog Devices, Inc.) HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [318520 2011-05-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [USM] - C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2013-07-19] (Siemens AG) HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12108456 2013-06-27] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1380856 2012-12-29] (Trend Micro Inc.) HKLM-x32\...\Run: [AgentUiRunKey2] - C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe [239104 2011-06-26] (Autonomy Corporation plc) HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.) AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [2704352 2013-10-08] () Startup: C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\a184075\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/ HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=1C9A0026C67A4AF4&affID=119357&tt=080913_ctrl&tsp=5000 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=1C9A0026C67A4AF4&affID=119357&tt=080913_ctrl&tsp=5000 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=1C9A0026C67A4AF4&affID=119357&tt=080913_ctrl&tsp=5000 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_35\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_35\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre1.6.0_35\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Delta Toolbar) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0 CHR Extension: (Planio) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjmndjkeieeacmhpbfacalahgpknkkb\1.3.6_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\a184075\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\a184075\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2013-07-19] (Andrea Electronics Corporation) S2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7625120 2011-06-26] (Autonomy Corporation plc) S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] () S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496 2011-05-13] (Hewlett-Packard Company) S2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre1.6.0_35\bin\jqs.exe [153584 2013-07-19] (Sun Microsystems, Inc.) S2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2013-07-19] () S2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2211560 2012-12-17] (Trend Micro Inc.) S3 sit-WinVNC4; C:\Program Files (x86)\RealVNC4GAIN\VNC4\winvnc4.exe [1504632 2010-08-19] (RealVNC Ltd.) S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation) S2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2468256 2012-12-17] (Trend Micro Inc.) S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.) S2 UCMS; C:\Program Files\Siemens\UCMS\core\ucms.exe [227840 2013-07-19] () ==================== Drivers (Whitelisted) ==================== S3 dlcdbus; C:\Windows\system32\drivers\dlcdbus.sys [116224 2013-07-19] (MCCI Corporation) R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2011-05-13] (Hewlett-Packard Company) S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2010-05-05] () S1 NEOFLTR_720_22399; C:\Windows\system32\Drivers\NEOFLTR_720_22399.SYS [100728 2012-10-26] (Juniper Networks) S1 NEOFLTR_720_22399; C:\Windows\system32\Drivers\NEOFLTR_720_22399.SYS [100728 2012-10-26] (Juniper Networks) S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation) S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation) S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2013-07-19] (RICOH Company, Ltd.) S3 RtsUIR; C:\Windows\system32\drivers\RtsUIR.sys [19968 2013-07-19] (Realtek Semiconductor Corp.) S2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.) S2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.) S2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-14 16:16 - 2013-10-14 16:16 - 00000000 ____D C:\FRST 2013-10-12 14:37 - 2013-10-14 14:23 - 00000004 _____ C:\Users\a184075\AppData\Roaming\settings.ini 2013-10-11 14:44 - 2013-10-12 23:03 - 00000000 ____D C:\Users\a184075\Desktop\Iwona 2013-10-09 10:41 - 2013-10-09 10:41 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-10-07 17:19 - 2013-10-07 17:19 - 00000000 ____D C:\ProgramData\Citrix 2013-10-07 17:17 - 2013-10-07 17:17 - 17143752 _____ (Citrix Systems, Inc.) C:\Users\a184075\Desktop\CitrixOnlinePluginFull.exe 2013-10-07 17:16 - 2013-10-07 17:17 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Download Manager 2013-10-07 16:12 - 2013-10-14 14:00 - 00002068 _____ C:\Users\a184075\Desktop\A184075 a184075.lnk 2013-10-07 12:44 - 2013-10-07 12:44 - 00000786 _____ C:\Windows\ie8_main.log 2013-10-07 12:43 - 2013-10-07 12:44 - 26512240 _____ (Microsoft Corporation) C:\Users\a184075\Downloads\IE8-WindowsVista-x64-PLK.exe 2013-10-07 12:27 - 2013-10-07 12:27 - 00784840 _____ (Google Inc.) C:\Users\a184075\Downloads\ChromeSetup.exe 2013-10-07 11:51 - 2013-02-17 01:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-10-07 11:37 - 2013-10-07 11:37 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-07 11:37 - 2013-10-07 11:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-07 11:37 - 2013-10-07 11:37 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-07 11:37 - 2013-10-07 11:37 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-10-07 11:37 - 2013-10-07 11:37 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-10-07 11:37 - 2013-10-07 11:37 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-10-07 11:37 - 2013-10-07 11:37 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-10-07 11:37 - 2013-10-07 11:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-10-07 11:37 - 2013-10-07 11:37 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-10-07 11:37 - 2013-10-07 11:37 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-10-07 11:37 - 2013-10-07 11:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-10-07 11:34 - 2013-10-07 11:51 - 00014837 _____ C:\Windows\IE10_main.log 2013-10-01 21:16 - 2013-10-02 17:20 - 00004290 _____ C:\Users\a184075\Documents\NIELSEN.mm 2013-10-01 11:24 - 2013-10-01 11:24 - 00089087 _____ C:\Users\a184075\Documents\TO DO.mm.html 2013-09-27 14:22 - 2013-09-27 14:22 - 00000000 ____D C:\Program Files (x86)\Mindjet 2013-09-27 13:51 - 2013-09-27 13:53 - 00000039 _____ C:\Windows\vbaddin.ini 2013-09-27 12:14 - 2013-09-27 12:14 - 00000000 ____D C:\Users\a184075\AppData\Roaming\FreeCommander 2013-09-27 12:13 - 2013-09-27 12:13 - 00000000 ____D C:\Program Files (x86)\FreeCommander 2013-09-27 12:00 - 2012-05-05 03:17 - 00590472 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll 2013-09-27 12:00 - 2012-05-05 03:17 - 00422024 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll 2013-09-27 11:58 - 2013-09-27 11:58 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2013-09-25 11:51 - 2013-10-12 18:22 - 00000000 ____D C:\Users\a184075\Documents\PMI 2013-09-25 11:23 - 2013-09-25 11:23 - 00000000 ___SD C:\Users\a184075\Documents\My Data Sources 2013-09-24 00:16 - 2013-09-24 00:16 - 00001945 _____ C:\Users\a184075\Documents\CSS.mm 2013-09-23 09:38 - 2013-09-23 09:38 - 00016840 _____ C:\Users\a184075\Documents\Copy of PM - Terminarz - 2013 16 PK.xlsx 2013-09-23 09:27 - 2013-09-23 09:27 - 00000000 ____D C:\Users\a184075\AppData\Roaming\File Scout 2013-09-20 16:52 - 2013-09-20 16:52 - 05242880 _____ C:\Users\a184075\Downloads\python-2.7.z02 2013-09-20 16:52 - 2013-09-20 16:52 - 05242880 _____ C:\Users\a184075\Downloads\python-2.7.z01 2013-09-20 16:52 - 2013-09-20 16:52 - 04918819 _____ C:\Users\a184075\Downloads\python-2.7.zip 2013-09-20 16:44 - 2013-09-20 16:44 - 00451159 _____ C:\Users\a184075\Downloads\CherryPy-3.2.2.win32.zip 2013-09-20 16:43 - 2013-09-20 16:43 - 15913472 _____ C:\Users\a184075\Downloads\python-2.7.msi 2013-09-20 16:43 - 2013-09-20 16:43 - 00498525 _____ C:\Users\a184075\Downloads\CherryPy-3.2.2.win32.exe 2013-09-20 10:01 - 2013-10-14 12:00 - 00000000 ___RD C:\Users\a184075\Dropbox 2013-09-19 22:51 - 2013-09-25 11:36 - 00138240 _____ C:\Users\a184075\Documents\Copy of Consolidated sample file validation_V 1 0p - PK.xls 2013-09-19 10:50 - 2013-09-19 10:50 - 00010966 _____ C:\Users\a184075\Desktop\akuku.xlsx 2013-09-18 15:20 - 2013-09-18 15:20 - 00138752 _____ C:\Users\a184075\Desktop\Consolidated sample file validation_V 1 0p - PK.xls 2013-09-17 10:21 - 2013-10-10 11:32 - 00000000 ____D C:\ProgramData\BitGuard ==================== One Month Modified Files and Folders ======= 2013-10-14 16:16 - 2013-10-14 16:16 - 00000000 ____D C:\FRST 2013-10-14 14:49 - 2013-05-31 13:38 - 00780170 _____ C:\Windows\system32\perfh00C.dat 2013-10-14 14:49 - 2013-05-31 13:38 - 00160542 _____ C:\Windows\system32\perfc00C.dat 2013-10-14 14:49 - 2013-05-31 13:34 - 00780014 _____ C:\Windows\system32\perfh00A.dat 2013-10-14 14:49 - 2013-05-31 13:34 - 00169574 _____ C:\Windows\system32\perfc00A.dat 2013-10-14 14:49 - 2013-05-31 13:29 - 00731454 _____ C:\Windows\system32\perfh007.dat 2013-10-14 14:49 - 2013-05-31 13:29 - 00160032 _____ C:\Windows\system32\perfc007.dat 2013-10-14 14:49 - 2009-07-14 07:13 - 03588666 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-14 14:23 - 2013-10-12 14:37 - 00000004 _____ C:\Users\a184075\AppData\Roaming\settings.ini 2013-10-14 14:09 - 2009-07-14 06:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-14 14:09 - 2009-07-14 06:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-14 14:06 - 2013-08-05 15:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-14 14:00 - 2013-10-07 16:12 - 00002068 _____ C:\Users\a184075\Desktop\A184075 a184075.lnk 2013-10-14 14:00 - 2013-08-05 15:12 - 01180513 _____ C:\Windows\WindowsUpdate.log 2013-10-14 14:00 - 2013-05-31 13:20 - 00000473 _____ C:\Windows\SMSCFG.INI 2013-10-14 13:58 - 2013-09-02 16:56 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Dropbox 2013-10-14 13:58 - 2013-08-07 15:23 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-14 13:58 - 2013-08-06 16:02 - 00000000 ____D C:\Users\a184075\AppData\Local\TSVNCache 2013-10-14 13:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-14 13:56 - 2009-07-14 06:51 - 00040321 _____ C:\Windows\setupact.log 2013-10-14 13:33 - 2013-08-07 15:23 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-14 12:00 - 2013-09-20 10:01 - 00000000 ___RD C:\Users\a184075\Dropbox 2013-10-13 00:21 - 2013-08-13 13:25 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Spotify 2013-10-12 23:03 - 2013-10-11 14:44 - 00000000 ____D C:\Users\a184075\Desktop\Iwona 2013-10-12 18:42 - 2013-08-30 16:33 - 00072728 _____ C:\Users\a184075\Documents\TO DO.mm 2013-10-12 18:42 - 2013-08-30 16:00 - 00000000 ____D C:\Users\a184075\.freemind 2013-10-12 18:22 - 2013-09-25 11:51 - 00000000 ____D C:\Users\a184075\Documents\PMI 2013-10-12 17:01 - 2013-08-06 10:08 - 00000000 ____D C:\Users\a184075\Documents\Outlook Files 2013-10-12 16:06 - 2013-08-05 15:58 - 00000000 ____D C:\Users\a184075\Tracing 2013-10-10 11:32 - 2013-09-17 10:21 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-10 11:32 - 2010-11-21 05:47 - 00041274 _____ C:\Windows\PFRO.log 2013-10-09 10:41 - 2013-10-09 10:41 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-10-08 19:28 - 2013-08-07 15:23 - 00004046 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-08 19:28 - 2013-08-07 15:23 - 00003794 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-08 17:45 - 2013-08-05 15:56 - 00000000 ____D C:\Users\a184075\AppData\Local\Microsoft Help 2013-10-08 14:20 - 2013-08-13 13:25 - 00000000 ____D C:\Users\a184075\AppData\Local\Spotify 2013-10-08 09:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-07 17:19 - 2013-10-07 17:19 - 00000000 ____D C:\ProgramData\Citrix 2013-10-07 17:18 - 2013-08-05 15:39 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-10-07 17:17 - 2013-10-07 17:17 - 17143752 _____ (Citrix Systems, Inc.) C:\Users\a184075\Desktop\CitrixOnlinePluginFull.exe 2013-10-07 17:17 - 2013-10-07 17:16 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Download Manager 2013-10-07 12:44 - 2013-10-07 12:44 - 00000786 _____ C:\Windows\ie8_main.log 2013-10-07 12:44 - 2013-10-07 12:43 - 26512240 _____ (Microsoft Corporation) C:\Users\a184075\Downloads\IE8-WindowsVista-x64-PLK.exe 2013-10-07 12:28 - 2013-08-07 15:24 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-07 12:27 - 2013-10-07 12:27 - 00784840 _____ (Google Inc.) C:\Users\a184075\Downloads\ChromeSetup.exe 2013-10-07 11:58 - 2013-08-05 15:57 - 00001423 _____ C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-07 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-10-07 11:51 - 2013-10-07 11:34 - 00014837 _____ C:\Windows\IE10_main.log 2013-10-07 11:37 - 2013-10-07 11:37 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-07 11:37 - 2013-10-07 11:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-07 11:37 - 2013-10-07 11:37 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-07 11:37 - 2013-10-07 11:37 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-10-07 11:37 - 2013-10-07 11:37 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-10-07 11:37 - 2013-10-07 11:37 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-10-07 11:37 - 2013-10-07 11:37 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-10-07 11:37 - 2013-10-07 11:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-10-07 11:37 - 2013-10-07 11:37 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-10-07 11:37 - 2013-10-07 11:37 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-10-07 11:37 - 2013-10-07 11:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-10-07 11:37 - 2013-10-07 11:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-10-07 11:37 - 2013-10-07 11:37 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-10-03 11:50 - 2013-08-05 15:44 - 00009342 _____ C:\Windows\cfgall.ini 2013-10-03 11:13 - 2013-08-05 15:22 - 00000000 ____D C:\Program Files\Siemens 2013-10-03 10:58 - 2013-08-05 15:56 - 00023471 __RSH C:\Users\a184075\ntuser.pol 2013-10-03 10:58 - 2013-08-05 15:56 - 00000000 ____D C:\Users\a184075 2013-10-03 10:57 - 2013-08-05 15:46 - 00276061 __RSH C:\ProgramData\ntuser.pol 2013-10-03 10:56 - 2013-08-05 15:12 - 00004288 _____ C:\Windows\system32\config\netlogon.ftl 2013-10-02 17:20 - 2013-10-01 21:16 - 00004290 _____ C:\Users\a184075\Documents\NIELSEN.mm 2013-10-01 20:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-01 11:24 - 2013-10-01 11:24 - 00089087 _____ C:\Users\a184075\Documents\TO DO.mm.html 2013-09-27 23:04 - 2013-08-29 10:15 - 00000146 _____ C:\Windows\TMFilter.log 2013-09-27 14:22 - 2013-09-27 14:22 - 00000000 ____D C:\Program Files (x86)\Mindjet 2013-09-27 14:22 - 2013-05-31 13:21 - 00000000 ____D C:\ccmcache 2013-09-27 14:09 - 2013-05-31 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-27 13:53 - 2013-09-27 13:51 - 00000039 _____ C:\Windows\vbaddin.ini 2013-09-27 13:51 - 2013-05-31 16:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-09-27 12:47 - 2010-11-21 08:30 - 00000000 ____D C:\Windows\ShellNew 2013-09-27 12:14 - 2013-09-27 12:14 - 00000000 ____D C:\Users\a184075\AppData\Roaming\FreeCommander 2013-09-27 12:13 - 2013-09-27 12:13 - 00000000 ____D C:\Program Files (x86)\FreeCommander 2013-09-27 12:00 - 2013-08-06 11:36 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Juniper Networks 2013-09-27 12:00 - 2013-08-05 15:33 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-09-27 11:58 - 2013-09-27 11:58 - 00000000 ____D C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2013-09-25 11:36 - 2013-09-19 22:51 - 00138240 _____ C:\Users\a184075\Documents\Copy of Consolidated sample file validation_V 1 0p - PK.xls 2013-09-25 11:23 - 2013-09-25 11:23 - 00000000 ___SD C:\Users\a184075\Documents\My Data Sources 2013-09-24 00:16 - 2013-09-24 00:16 - 00001945 _____ C:\Users\a184075\Documents\CSS.mm 2013-09-23 09:38 - 2013-09-23 09:38 - 00016840 _____ C:\Users\a184075\Documents\Copy of PM - Terminarz - 2013 16 PK.xlsx 2013-09-23 09:27 - 2013-09-23 09:27 - 00000000 ____D C:\Users\a184075\AppData\Roaming\File Scout 2013-09-20 16:52 - 2013-09-20 16:52 - 05242880 _____ C:\Users\a184075\Downloads\python-2.7.z02 2013-09-20 16:52 - 2013-09-20 16:52 - 05242880 _____ C:\Users\a184075\Downloads\python-2.7.z01 2013-09-20 16:52 - 2013-09-20 16:52 - 04918819 _____ C:\Users\a184075\Downloads\python-2.7.zip 2013-09-20 16:44 - 2013-09-20 16:44 - 00451159 _____ C:\Users\a184075\Downloads\CherryPy-3.2.2.win32.zip 2013-09-20 16:43 - 2013-09-20 16:43 - 15913472 _____ C:\Users\a184075\Downloads\python-2.7.msi 2013-09-20 16:43 - 2013-09-20 16:43 - 00498525 _____ C:\Users\a184075\Downloads\CherryPy-3.2.2.win32.exe 2013-09-19 10:50 - 2013-09-19 10:50 - 00010966 _____ C:\Users\a184075\Desktop\akuku.xlsx 2013-09-18 15:20 - 2013-09-18 15:20 - 00138752 _____ C:\Users\a184075\Desktop\Consolidated sample file validation_V 1 0p - PK.xls 2013-09-17 10:21 - 2013-08-05 15:57 - 00000000 ___RD C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-17 10:21 - 2013-08-05 15:57 - 00000000 ___RD C:\Users\a184075\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-17 09:31 - 2009-07-14 06:45 - 00416712 _____ C:\Windows\system32\FNTCACHE.DAT Files to move or delete: ==================== C:\Users\a184075\AppData\Roaming\data.dat C:\Users\a184075\AppData\Roaming\settings.ini C:\Users\a184075\AppData\Roaming\i.ini Some content of TEMP: ==================== C:\Users\a184075\AppData\Local\Temp\dsHostCheckerSetup.exe C:\Users\a184075\AppData\Local\Temp\Free Download Manager793683.exe C:\Users\a184075\AppData\Local\Temp\neoNCSetup64.exe C:\Users\a184075\AppData\Local\Temp\pyl95CA.tmp.exe C:\Users\a184075\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\a184075\AppData\Local\Temp\unpacedxtcyjoansnbbdmdfvuugois.exe C:\Users\a184075\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-11 09:36 ==================== End Of Log ============================