Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2013 01 Ran by moj (administrator) on MOJ-HP on 13-12-2013 21:54:14 Running from C:\Users\moj\Desktop\download Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Ghisler Software GmbH) C:\totalcmd\TotalCmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3080264 2011-09-22] (ESET) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [3430608 2013-10-28] (SoftPerfect Research) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2013-10-07] (IDT, Inc.) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2013-10-08] (Intel Corporation) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738944 2011-07-25] (Check Point Software Technologies) HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [72336 2011-07-22] (Check Point Software Technologies LTD) HKLM\...\Run: [TNOD UP] - C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe [1024748 2013-07-01] (Tukero[X]Team) HKLM\...\Run: [] - [x] HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2945080 2011-09-12] (Hewlett-Packard Company) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company) HKLM\...\Run: [QLBController] - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-10] (Hewlett-Packard) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840 2010-09-28] (Hewlett-Packard) HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company) HKCU\...\Run: [AQQ] - C:\Users\moj\WapSter\WapSter AQQ\AQQ.exe [8174592 2013-10-16] (AQQ Sp. z o.o.) HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1124744 2013-08-12] (Autodesk, Inc.) HKCU\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1518136 2010-09-28] (Hewlett-Packard) HKCU\...\Policies\Explorer: [] MountPoints2: {fb517e91-43c9-11e3-885e-cf36f79549e6} - D:\AutoRun.exe HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2010-09-28] (Hewlett-Packard) HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-09-28] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2010-09-28] (Hewlett-Packard) HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-09-28] (Hewlett-Packard) Lsa: [Notification Packages] DPPassFilter scecli ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {FD2C03E6-D7D8-4C0D-9CAA-1AD109CE2C30} URL = BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\moj\AppData\Roaming\Mozilla\Firefox\Profiles\a8wvitfu.default FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q= FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: WOT - C:\Users\moj\AppData\Roaming\Mozilla\Firefox\Profiles\a8wvitfu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: noscript - C:\Users\moj\AppData\Roaming\Mozilla\Firefox\Profiles\a8wvitfu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: cookieController - C:\Users\moj\AppData\Roaming\Mozilla\Firefox\Profiles\a8wvitfu.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi FF Extension: Adblock Plus - C:\Users\moj\AppData\Roaming\Mozilla\Firefox\Profiles\a8wvitfu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird ========================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) S2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [331192 2013-09-25] (Microsoft Corporation) S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [974944 2011-09-22] (ESET) S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064752 2013-09-30] (Flexera Software LLC) S2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [142904 2011-09-12] (Hewlett-Packard Company) S2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-07-21] (Hewlett-Packard Company) S2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) S2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.) S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company) S3 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [493184 2011-07-25] (Check Point Software Technologies) S2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-03-16] (Portrait Displays, Inc.) S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2013-10-07] (IDT, Inc.) S2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.) S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2413936 2011-07-22] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-04] (ArcSoft, Inc.) S3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.) S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2013-10-08] (Broadcom Corporation.) R0 cfadisk; C:\Windows\System32\DRIVERS\cfadisk.sys [3712 2002-12-24] (Hitachi Global Storage Technologies) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.) S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2011-08-04] (ESET) S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27016 2011-07-25] (Check Point Software Technologies) S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.) S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.) S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.) S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.) S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.) S1 networx; C:\Windows\System32\drivers\networx.sys [38904 2013-10-21] (NetFilterSDK.com) S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2011-05-09] () R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-11 22:42 - 2013-12-11 22:50 - 00000000 ____D C:\Users\moj\Desktop\smieci 2013-12-11 21:26 - 2013-12-11 21:26 - 00143720 _____ C:\windows\Minidump\121113-18954-01.dmp 2013-12-11 18:11 - 2013-12-11 18:11 - 00143720 _____ C:\windows\Minidump\121113-24960-01.dmp 2013-12-11 17:55 - 2013-12-11 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-12-11 17:55 - 2013-12-11 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-12-11 17:55 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-12-11 17:55 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-12-11 17:55 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2013-12-11 17:55 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-12-11 17:55 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2013-12-11 17:55 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-12-11 17:55 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-12-11 17:55 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-12-11 17:55 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-12-11 17:55 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-12-11 17:55 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2013-12-11 17:55 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2013-12-11 17:55 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-12-11 17:55 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-12-11 17:55 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-12-11 17:55 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-12-11 17:55 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-12-11 17:55 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-12-11 17:55 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-12-11 17:51 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2013-12-11 17:51 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2013-12-11 17:31 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll 2013-12-11 17:31 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2013-12-11 17:31 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll 2013-12-11 17:31 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-12-11 17:31 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll 2013-12-11 17:31 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx 2013-12-11 17:31 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll 2013-12-11 17:31 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe 2013-12-11 17:31 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe 2013-12-11 17:30 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys 2013-12-11 17:30 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys 2013-12-11 00:31 - 2013-12-05 18:54 - 01219152 _____ (Microsoft Corporation) C:\Users\moj\Downloads\adksetup.exe 2013-12-11 00:31 - 2013-12-04 21:57 - 00602112 _____ (OldTimer Tools) C:\Users\moj\Downloads\OTL.exe 2013-12-11 00:31 - 2013-12-04 12:04 - 17416192 _____ C:\Users\moj\Downloads\DebugDiagx86.msi 2013-12-10 23:27 - 2013-12-13 21:35 - 00000000 ____D C:\FRST 2013-12-10 17:16 - 2013-12-10 17:16 - 00001919 _____ C:\Users\Public\Desktop\Update NOD32 license.lnk 2013-12-10 17:16 - 2013-07-01 12:27 - 01027827 _____ (Tukero[X]Team) C:\Users\moj\Desktop\TNod-1.4.2.3-final-setup.exe 2013-12-07 14:45 - 2013-12-07 14:45 - 00000000 ____D C:\Users\moj\Desktop\Backup 2013-12-06 00:21 - 2013-12-06 00:24 - 00000000 _____ C:\Users\moj\xbootmgr 2013-12-06 00:13 - 2013-12-06 00:13 - 00000000 ____D C:\ProgramData\WindowsPerformanceRecorder 2013-12-05 23:57 - 2013-12-05 23:57 - 20975616 _____ C:\Users\Public\Documents\inspekcja.evtx 2013-12-05 19:22 - 2013-12-05 19:22 - 00000000 ____D C:\SymCache 2013-12-05 19:12 - 2013-12-05 19:14 - 00000000 ____D C:\Users\moj\Documents\WPA Files 2013-12-05 19:05 - 2013-12-06 01:30 - 00000000 ____D C:\xperf 2013-12-05 18:58 - 2013-12-05 18:58 - 00000000 ____D C:\Program Files\Windows Kits 2013-12-05 18:57 - 2013-12-05 18:58 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-05 17:04 - 2013-11-20 21:23 - 00371728 _____ (WindowexeAllkiller.com) C:\Users\moj\Desktop\WindowexeAllkiller.exe 2013-12-04 18:41 - 2013-12-04 18:41 - 00642632 _____ (EFD Software ) C:\Users\moj\Downloads\hdtune_255.exe 2013-12-04 18:41 - 2013-12-04 18:41 - 00000900 _____ C:\Users\moj\Desktop\HD Tune.lnk 2013-12-04 18:41 - 2013-12-04 18:41 - 00000000 ____D C:\Program Files\HD Tune 2013-12-04 12:18 - 2013-12-11 22:33 - 00000000 ____D C:\msonly.080129-1624 2013-12-04 12:18 - 2013-12-04 12:18 - 00000000 ____D C:\support 2013-12-04 12:18 - 2008-01-29 03:00 - 00002155 _____ C:\hotfix.txt 2013-12-04 12:18 - 2008-01-29 02:54 - 00000449 _____ C:\FileList.txt 2013-12-04 12:18 - 2008-01-29 00:49 - 00264656 _____ (Microsoft Corporation) C:\SFU35-KB946226-X86-ENU.exe 2013-12-04 12:18 - 2008-01-19 07:02 - 00005828 _____ C:\KB946226.txt 2013-12-04 12:13 - 2013-12-04 12:13 - 00143768 _____ C:\windows\Minidump\120413-22042-01.dmp 2013-12-04 12:05 - 2013-12-04 16:54 - 00000000 ____D C:\Program Files\DebugDiag 2013-12-02 14:01 - 2013-12-02 14:01 - 00000000 ____D C:\Users\moj\AppData\Roaming\HYUNDAI I20 user guide 2013-11-30 21:12 - 2013-11-30 21:12 - 00143768 _____ C:\windows\Minidump\113013-22526-01.dmp 2013-11-28 22:45 - 2013-11-30 20:45 - 00004252 _____ C:\Users\moj\Desktop\Nowy dokument tekstowy (4).txt 2013-11-27 00:41 - 2013-11-27 00:41 - 02075648 _____ C:\Users\moj\Desktop\WPC User Manual-EG.ppt 2013-11-17 13:41 - 2013-11-17 13:41 - 00000000 ____D C:\ProgramData\McAfee 2013-11-17 11:16 - 2013-11-17 11:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-16 11:44 - 2013-12-11 19:21 - 01646522 _____ C:\windows\system32\PerfStringBackup.INI 2013-11-15 14:02 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2013-11-15 14:01 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2013-11-15 14:01 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-11-15 14:01 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-11-15 14:01 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2013-11-15 14:01 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2013-11-15 14:01 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2013-11-15 14:01 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2013-11-15 14:01 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2013-11-15 14:01 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2013-11-15 14:01 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2013-11-15 14:01 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2013-11-15 14:00 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2013-11-14 23:12 - 2013-12-11 21:26 - 710434510 _____ C:\windows\MEMORY.DMP 2013-11-14 23:12 - 2013-11-14 23:12 - 00143768 _____ C:\windows\Minidump\111413-23852-01.dmp 2013-11-13 21:59 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll 2013-11-13 21:59 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2013-11-13 21:59 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL 2013-11-13 21:59 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-11-13 21:59 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll 2013-11-13 21:59 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2013-11-13 21:59 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll 2013-11-13 21:59 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2013-11-13 21:59 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2013-11-13 21:59 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2013-11-13 21:59 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2013-11-13 21:59 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2013-11-13 21:59 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2013-11-13 21:59 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2013-11-13 21:59 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2013-11-13 21:59 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2013-11-13 21:59 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2013-11-13 21:59 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-13 21:54 - 2013-09-29 21:57 - 00000000 ____D C:\Users\moj\Desktop\download 2013-12-13 21:47 - 2013-09-29 09:23 - 01751803 _____ C:\windows\WindowsUpdate.log 2013-12-13 21:35 - 2013-12-10 23:27 - 00000000 ____D C:\FRST 2013-12-13 20:48 - 2013-10-03 19:45 - 00001030 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-13 19:17 - 2009-07-14 05:34 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-13 19:17 - 2009-07-14 05:34 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-13 19:12 - 2010-02-02 04:45 - 00000000 ____D C:\ProgramData\HPQLOG 2013-12-13 19:12 - 2009-07-14 03:37 - 00000000 ____D C:\windows\registration 2013-12-13 19:10 - 2013-10-03 19:45 - 00001026 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-13 19:10 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-12-13 19:10 - 2009-07-14 05:39 - 00060935 _____ C:\windows\setupact.log 2013-12-12 19:18 - 2013-09-29 21:46 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-12-12 18:47 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache 2013-12-11 22:50 - 2013-12-11 22:42 - 00000000 ____D C:\Users\moj\Desktop\smieci 2013-12-11 22:45 - 2013-09-29 15:31 - 00000000 ____D C:\Users\moj\Desktop\Nowy folder 2013-12-11 22:33 - 2013-12-04 12:18 - 00000000 ____D C:\msonly.080129-1624 2013-12-11 21:26 - 2013-12-11 21:26 - 00143720 _____ C:\windows\Minidump\121113-18954-01.dmp 2013-12-11 21:26 - 2013-11-14 23:12 - 710434510 _____ C:\windows\MEMORY.DMP 2013-12-11 21:26 - 2013-10-19 16:07 - 00000000 ____D C:\windows\Minidump 2013-12-11 20:33 - 2013-09-29 04:03 - 00113640 _____ C:\windows\PFRO.log 2013-12-11 19:21 - 2013-11-16 11:44 - 01646522 _____ C:\windows\system32\PerfStringBackup.INI 2013-12-11 19:21 - 2010-02-02 04:59 - 00742238 _____ C:\windows\system32\perfh015.dat 2013-12-11 19:21 - 2010-02-02 04:59 - 00156850 _____ C:\windows\system32\perfc015.dat 2013-12-11 18:45 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-12-11 18:15 - 2009-07-14 05:33 - 00491728 _____ C:\windows\system32\FNTCACHE.DAT 2013-12-11 18:13 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\pl-PL 2013-12-11 18:11 - 2013-12-11 18:11 - 00143720 _____ C:\windows\Minidump\121113-24960-01.dmp 2013-12-11 18:11 - 2013-10-07 18:18 - 00000312 _____ C:\windows\Tasks\HPCeeScheduleFormoj.job 2013-12-11 17:55 - 2013-12-11 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-12-11 17:55 - 2013-12-11 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-12-11 17:55 - 2010-02-02 04:58 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 17:54 - 2013-09-29 05:10 - 00000000 ____D C:\windows\system32\MRT 2013-12-11 17:52 - 2013-09-29 05:10 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-12-11 17:37 - 2013-10-08 19:32 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-12-11 17:37 - 2013-10-07 18:17 - 00000052 _____ C:\windows\system32\DOErrors.log 2013-12-11 17:20 - 2013-10-05 08:01 - 00028102 _____ C:\Users\moj\daemonprocess.txt 2013-12-10 23:37 - 2010-02-02 04:45 - 00000000 ____D C:\ProgramData\PDFC 2013-12-10 17:16 - 2013-12-10 17:16 - 00001919 _____ C:\Users\Public\Desktop\Update NOD32 license.lnk 2013-12-07 14:45 - 2013-12-07 14:45 - 00000000 ____D C:\Users\moj\Desktop\Backup 2013-12-07 14:21 - 2013-10-05 08:01 - 00000000 ____D C:\Users\moj\AppData\Local\Mobogenie 2013-12-06 01:30 - 2013-12-05 19:05 - 00000000 ____D C:\xperf 2013-12-06 00:24 - 2013-12-06 00:21 - 00000000 _____ C:\Users\moj\xbootmgr 2013-12-06 00:21 - 2013-09-29 00:40 - 00000000 ____D C:\Users\moj 2013-12-06 00:13 - 2013-12-06 00:13 - 00000000 ____D C:\ProgramData\WindowsPerformanceRecorder 2013-12-06 00:08 - 2013-09-30 18:10 - 00000000 ____D C:\ProgramData\Lavasoft 2013-12-05 23:57 - 2013-12-05 23:57 - 20975616 _____ C:\Users\Public\Documents\inspekcja.evtx 2013-12-05 19:22 - 2013-12-05 19:22 - 00000000 ____D C:\SymCache 2013-12-05 19:14 - 2013-12-05 19:12 - 00000000 ____D C:\Users\moj\Documents\WPA Files 2013-12-05 18:58 - 2013-12-05 18:58 - 00000000 ____D C:\Program Files\Windows Kits 2013-12-05 18:58 - 2013-12-05 18:57 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-05 18:54 - 2013-12-11 00:31 - 01219152 _____ (Microsoft Corporation) C:\Users\moj\Downloads\adksetup.exe 2013-12-04 21:57 - 2013-12-11 00:31 - 00602112 _____ (OldTimer Tools) C:\Users\moj\Downloads\OTL.exe 2013-12-04 18:41 - 2013-12-04 18:41 - 00642632 _____ (EFD Software ) C:\Users\moj\Downloads\hdtune_255.exe 2013-12-04 18:41 - 2013-12-04 18:41 - 00000900 _____ C:\Users\moj\Desktop\HD Tune.lnk 2013-12-04 18:41 - 2013-12-04 18:41 - 00000000 ____D C:\Program Files\HD Tune 2013-12-04 16:54 - 2013-12-04 12:05 - 00000000 ____D C:\Program Files\DebugDiag 2013-12-04 12:18 - 2013-12-04 12:18 - 00000000 ____D C:\support 2013-12-04 12:13 - 2013-12-04 12:13 - 00143768 _____ C:\windows\Minidump\120413-22042-01.dmp 2013-12-04 12:04 - 2013-12-11 00:31 - 17416192 _____ C:\Users\moj\Downloads\DebugDiagx86.msi 2013-12-04 10:28 - 2013-09-29 05:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-02 14:01 - 2013-12-02 14:01 - 00000000 ____D C:\Users\moj\AppData\Roaming\HYUNDAI I20 user guide 2013-11-30 22:58 - 2009-07-14 05:53 - 00032542 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-11-30 21:12 - 2013-11-30 21:12 - 00143768 _____ C:\windows\Minidump\113013-22526-01.dmp 2013-11-30 20:45 - 2013-11-28 22:45 - 00004252 _____ C:\Users\moj\Desktop\Nowy dokument tekstowy (4).txt 2013-11-27 00:41 - 2013-11-27 00:41 - 02075648 _____ C:\Users\moj\Desktop\WPC User Manual-EG.ppt 2013-11-26 11:11 - 2013-12-11 17:55 - 17112576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-11-26 10:23 - 2013-12-11 17:55 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-11-26 10:22 - 2013-12-11 17:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2013-11-26 09:53 - 2013-12-11 17:55 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-11-26 09:52 - 2013-12-11 17:55 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2013-11-26 09:38 - 2013-12-11 17:55 - 02166784 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-11-26 09:38 - 2013-12-11 17:55 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-11-26 09:36 - 2013-12-11 17:55 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-11-26 09:32 - 2013-12-11 17:55 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-11-26 09:29 - 2013-12-11 17:55 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-11-26 09:29 - 2013-12-11 17:55 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2013-11-26 09:28 - 2013-12-11 17:55 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2013-11-26 09:16 - 2013-12-11 17:55 - 04243968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-11-26 09:13 - 2013-12-11 17:55 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-11-26 08:32 - 2013-12-11 17:55 - 01928192 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-11-26 08:26 - 2013-12-11 17:55 - 11221504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-11-26 07:34 - 2013-12-11 17:55 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-11-26 07:33 - 2013-12-11 17:55 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-11-26 07:27 - 2013-12-11 17:55 - 01157632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-11-23 19:26 - 2013-12-11 17:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll 2013-11-20 21:23 - 2013-12-05 17:04 - 00371728 _____ (WindowexeAllkiller.com) C:\Users\moj\Desktop\WindowexeAllkiller.exe 2013-11-17 13:46 - 2013-09-29 22:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-11-17 13:46 - 2013-09-29 22:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-17 13:46 - 2013-09-29 16:45 - 00000000 ____D C:\Users\moj\AppData\Local\Adobe 2013-11-17 13:41 - 2013-11-17 13:41 - 00000000 ____D C:\ProgramData\McAfee 2013-11-17 11:16 - 2013-11-17 11:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 23:12 - 2013-11-14 23:12 - 00143768 _____ C:\windows\Minidump\111413-23852-01.dmp ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-12 18:37 ==================== End Of Log ============================