Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03 Ran by User (administrator) on USER-HP on 19-01-2014 10:37:14 Running from C:\Users\User\Desktop\Logi Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHKE.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [EPSON SX235 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [232448 2011-01-21] (SEIKO EPSON CORPORATION) HKCU\...\Run: [Epson Stylus SX235(Sieć)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [232448 2011-01-21] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPSON SX230 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION) HKCU\...\Run: [NextLive] - C:\Users\User\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1389209332&from=cor&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1389209332&from=cor&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2C4DC018857B4274&affID=123627&tsp=4944 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1389209332&from=cor&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} SearchScopes: HKLM - {ACE05FB9-18E8-48AC-A0EC-2D474C167A90} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1389282380&from=tt4u&uid=HitachiXHTS545050B9A300_120309PBN408P7JYKALEX&q={searchTerms} SearchScopes: HKLM-x32 - {ACE05FB9-18E8-48AC-A0EC-2D474C167A90} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {ACE05FB9-18E8-48AC-A0EC-2D474C167A90} URL = SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File BHO-x32: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\User\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-21] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.255.1 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.0.0\\npsitesafety.dll No File CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-04] CHR Extension: (Szukaj w Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-04] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-04] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-19 10:36 - 2014-01-19 10:36 - 00000000 ____D C:\FRST 2014-01-19 10:33 - 2014-01-19 10:37 - 00000000 ____D C:\Users\User\Desktop\Logi 2014-01-18 18:18 - 2014-01-18 18:18 - 00000040 _____ C:\Users\Public\Documents\_rgpl 2014-01-18 17:30 - 2014-01-18 18:07 - 00000000 ____D C:\Program Files\Registry Workshop 2014-01-18 17:30 - 2014-01-18 17:30 - 00001801 _____ C:\Users\User\Desktop\Registry Workshop.lnk 2014-01-18 17:22 - 2014-01-18 17:22 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-01-18 17:22 - 2014-01-18 17:22 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-18 17:04 - 2014-01-18 17:04 - 00003878 _____ C:\Windows\System32\Tasks\SetupManager 2014-01-18 15:56 - 2014-01-18 15:56 - 00000000 ____D C:\ProgramData\Synaptics 2014-01-18 15:42 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-01-18 15:42 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-01-18 15:42 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2014-01-18 15:42 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-01-18 15:42 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-01-18 15:42 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-01-18 15:42 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-01-18 15:42 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-01-18 15:42 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-01-18 15:42 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-01-18 15:42 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-01-18 15:42 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-01-18 15:42 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-01-18 15:42 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-01-18 15:42 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-01-18 15:42 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-01-18 15:42 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-01-18 15:42 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-01-18 15:42 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-01-18 15:42 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-01-18 15:42 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-01-18 15:42 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-01-18 15:42 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-01-18 15:42 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-01-18 15:42 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-01-18 15:41 - 2014-01-18 15:41 - 00000000 ____D C:\Program Files\Synaptics 2014-01-18 15:38 - 2014-01-18 15:40 - 00000000 ____D C:\Windows\system32\MRT 2014-01-18 15:37 - 2014-01-06 16:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-18 15:37 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-01-18 15:37 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-01-18 15:20 - 2014-01-18 15:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth 2014-01-18 14:28 - 2014-01-18 14:28 - 00000000 ____D C:\Users\User\Desktop\Autoruns 2014-01-18 13:09 - 2014-01-18 13:09 - 00000904 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2014-01-16 23:29 - 2014-01-16 23:35 - 00000000 ____D C:\Users\User\Downloads\dokumenty 2014-01-16 23:27 - 2014-01-16 23:29 - 00000000 ____D C:\Users\User\Downloads\muzyka 2014-01-16 23:23 - 2014-01-16 23:23 - 00000000 ____D C:\Program Files (x86)\predm 2014-01-16 20:52 - 2014-01-16 20:52 - 00000353 _____ C:\Windows\SynInst.log 2014-01-15 17:40 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 17:40 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 17:40 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 17:40 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 17:40 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 17:40 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 17:40 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 17:40 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 17:40 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-08 21:45 - 2014-01-18 01:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-08 20:34 - 2014-01-16 21:32 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+ 2014-01-08 20:34 - 2014-01-08 20:34 - 00000000 ____D C:\Users\User\AppData\Roaming\0C1I1L1R1J0M1P0I1G 2014-01-08 20:30 - 2014-01-08 16:03 - 00823160 _____ (AnyProtect.com) C:\Users\User\AppData\Local\AnyProtectScannerSetup.exe 2014-01-08 20:30 - 2012-01-20 14:14 - 00018816 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2014-01-08 20:29 - 2014-01-09 19:11 - 00000000 ____D C:\ProgramData\WPM 2014-01-08 20:29 - 2014-01-08 20:29 - 00000000 ____D C:\Users\User\AppData\Local\BonanzaDealsLive 2014-01-08 20:29 - 2014-01-08 20:29 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-12-25 19:35 - 2014-01-01 00:46 - 00000000 ____D C:\Program Files (x86)\Przyspiesz Komputer 2013-12-25 19:34 - 2013-12-25 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG 2013-12-25 19:33 - 2013-12-25 19:37 - 00000000 ____D C:\ProgramData\AVG 2013-12-25 19:33 - 2013-12-25 19:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-12-22 18:42 - 2013-12-22 18:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software 2013-12-22 18:42 - 2013-12-22 18:42 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software 2013-12-22 18:41 - 2014-01-08 22:31 - 00000000 ____D C:\Program Files (x86)\Opera 2013-12-22 18:40 - 2013-12-22 18:41 - 33799952 _____ (Opera Software ASA) C:\Users\User\Downloads\Opera_18.0.1284.49_Campaign_19_Setup.exe 2013-12-22 16:59 - 2014-01-19 10:32 - 00000000 ____D C:\Users\User\AppData\Roaming\newnext.me 2013-12-22 16:59 - 2014-01-18 18:01 - 00000000 ____D C:\Users\User\AppData\Local\Mobogenie 2013-12-22 16:59 - 2014-01-18 17:52 - 00011724 _____ C:\Users\User\daemonprocess.txt 2013-12-22 16:59 - 2014-01-18 17:40 - 00000000 ____D C:\Users\User\AppData\Local\genienext 2013-12-22 16:59 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\Documents\Mobogenie 2013-12-22 16:59 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\.android 2013-12-22 16:59 - 2013-08-22 18:09 - 00217176 _____ C:\Windows\SysWOW64\unrar.dll 2013-12-22 16:57 - 2013-12-25 19:33 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenCandy ==================== One Month Modified Files and Folders ======= 2014-01-19 10:37 - 2014-01-19 10:33 - 00000000 ____D C:\Users\User\Desktop\Logi 2014-01-19 10:36 - 2014-01-19 10:36 - 00000000 ____D C:\FRST 2014-01-19 10:36 - 2011-12-12 00:42 - 01519739 _____ C:\Windows\WindowsUpdate.log 2014-01-19 10:32 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\AppData\Roaming\newnext.me 2014-01-19 10:31 - 2012-11-04 15:51 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-19 10:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-19 10:31 - 2009-07-14 05:51 - 00107700 _____ C:\Windows\setupact.log 2014-01-18 18:32 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-18 18:32 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-18 18:18 - 2014-01-18 18:18 - 00000040 _____ C:\Users\Public\Documents\_rgpl 2014-01-18 18:18 - 2012-11-04 15:51 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-18 18:07 - 2014-01-18 17:30 - 00000000 ____D C:\Program Files\Registry Workshop 2014-01-18 18:01 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\AppData\Local\Mobogenie 2014-01-18 17:52 - 2013-12-22 16:59 - 00011724 _____ C:\Users\User\daemonprocess.txt 2014-01-18 17:50 - 2011-10-21 19:26 - 00741140 _____ C:\Windows\system32\perfh015.dat 2014-01-18 17:50 - 2011-10-21 19:26 - 00156424 _____ C:\Windows\system32\perfc015.dat 2014-01-18 17:50 - 2009-07-14 06:13 - 01672142 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-18 17:42 - 2010-11-21 04:47 - 00492654 _____ C:\Windows\PFRO.log 2014-01-18 17:40 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\AppData\Local\genienext 2014-01-18 17:39 - 2012-11-04 15:51 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-18 17:30 - 2014-01-18 17:30 - 00001801 _____ C:\Users\User\Desktop\Registry Workshop.lnk 2014-01-18 17:23 - 2012-08-25 13:44 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2014-01-18 17:22 - 2014-01-18 17:22 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-01-18 17:22 - 2014-01-18 17:22 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-18 17:22 - 2011-10-21 10:20 - 00000000 ____D C:\ProgramData\Adobe 2014-01-18 17:12 - 2012-11-04 15:51 - 00000000 ____D C:\Program Files\Google 2014-01-18 17:12 - 2012-10-14 20:33 - 00000000 ____D C:\Program Files (x86)\Google 2014-01-18 17:11 - 2011-10-21 09:56 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2014-01-18 17:07 - 2011-10-21 10:14 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2014-01-18 17:04 - 2014-01-18 17:04 - 00003878 _____ C:\Windows\System32\Tasks\SetupManager 2014-01-18 17:04 - 2012-08-11 17:51 - 00000000 ____D C:\Users\User\AppData\Roaming\Hewlett-Packard 2014-01-18 17:04 - 2012-08-11 17:49 - 00000000 ____D C:\Users\User\AppData\Local\Hewlett-Packard_Company 2014-01-18 17:03 - 2011-09-06 03:20 - 00000000 ____D C:\Program Files\Hewlett-Packard 2014-01-18 17:01 - 2012-08-11 17:50 - 00000000 ____D C:\Users\User\AppData\Roaming\hpqlog 2014-01-18 16:59 - 2012-08-11 17:50 - 00000000 ____D C:\Users\User\AppData\Local\Hewlett-Packard 2014-01-18 16:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help 2014-01-18 16:20 - 2012-10-14 20:33 - 00000000 ____D C:\Users\User\AppData\Local\Google 2014-01-18 15:56 - 2014-01-18 15:56 - 00000000 ____D C:\ProgramData\Synaptics 2014-01-18 15:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2014-01-18 15:48 - 2012-08-12 14:51 - 01637034 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-18 15:41 - 2014-01-18 15:41 - 00000000 ____D C:\Program Files\Synaptics 2014-01-18 15:40 - 2014-01-18 15:38 - 00000000 ____D C:\Windows\system32\MRT 2014-01-18 15:20 - 2014-01-18 15:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth 2014-01-18 14:50 - 2012-08-11 17:52 - 00001425 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-18 14:46 - 2012-10-14 20:25 - 00000000 ____D C:\ProgramData\AVG Secure Search 2014-01-18 14:28 - 2014-01-18 14:28 - 00000000 ____D C:\Users\User\Desktop\Autoruns 2014-01-18 14:24 - 2012-08-12 15:03 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2014-01-18 13:09 - 2014-01-18 13:09 - 00000904 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2014-01-18 12:40 - 2012-08-13 21:07 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client 2014-01-18 12:13 - 2012-08-11 17:52 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6D4CB0EC-C9A2-48F1-9AC6-69D3BA797F2C} 2014-01-18 01:56 - 2014-01-08 21:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-18 01:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2014-01-16 23:35 - 2014-01-16 23:29 - 00000000 ____D C:\Users\User\Downloads\dokumenty 2014-01-16 23:29 - 2014-01-16 23:27 - 00000000 ____D C:\Users\User\Downloads\muzyka 2014-01-16 23:23 - 2014-01-16 23:23 - 00000000 ____D C:\Program Files (x86)\predm 2014-01-16 23:20 - 2013-06-12 20:34 - 00000000 ____D C:\Program Files\PDFCreator 2014-01-16 22:53 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-16 22:50 - 2013-07-15 15:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Systweak 2014-01-16 21:40 - 2012-09-09 11:45 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job 2014-01-16 21:32 - 2014-01-08 20:34 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+ 2014-01-16 20:54 - 2011-12-12 00:41 - 00000000 ____D C:\Program Files (x86)\Realtek 2014-01-16 20:52 - 2014-01-16 20:52 - 00000353 _____ C:\Windows\SynInst.log 2014-01-16 18:54 - 2009-07-14 05:45 - 00276200 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 15:55 - 2012-08-11 17:54 - 00058016 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-12 21:39 - 2012-12-30 12:10 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-01-12 21:39 - 2012-09-02 11:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2014-01-10 19:13 - 2012-08-12 16:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2014-01-09 19:14 - 2012-11-03 14:25 - 00000000 ____D C:\Users\User\AppData\Local\GG 2014-01-09 19:11 - 2014-01-08 20:29 - 00000000 ____D C:\ProgramData\WPM 2014-01-09 16:45 - 2012-11-03 14:25 - 00000000 ____D C:\Users\User\AppData\Roaming\GG 2014-01-08 22:47 - 2013-08-04 17:59 - 00000000 ____D C:\Users\User\Desktop\Ja i Marcinek 2014-01-08 22:31 - 2013-12-22 18:41 - 00000000 ____D C:\Program Files (x86)\Opera 2014-01-08 20:34 - 2014-01-08 20:34 - 00000000 ____D C:\Users\User\AppData\Roaming\0C1I1L1R1J0M1P0I1G 2014-01-08 20:29 - 2014-01-08 20:29 - 00000000 ____D C:\Users\User\AppData\Local\BonanzaDealsLive 2014-01-08 20:29 - 2014-01-08 20:29 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2014-01-08 16:03 - 2014-01-08 20:30 - 00823160 _____ (AnyProtect.com) C:\Users\User\AppData\Local\AnyProtectScannerSetup.exe 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2014-01-06 16:20 - 2014-01-18 15:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-01 00:46 - 2013-12-25 19:35 - 00000000 ____D C:\Program Files (x86)\Przyspiesz Komputer 2013-12-26 22:32 - 2012-08-11 17:48 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore 2013-12-25 19:48 - 2012-11-04 15:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-25 19:48 - 2012-11-04 15:51 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-25 19:48 - 2011-10-21 10:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-25 19:37 - 2013-12-25 19:33 - 00000000 ____D C:\ProgramData\AVG 2013-12-25 19:34 - 2013-12-25 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG 2013-12-25 19:33 - 2013-12-25 19:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-12-25 19:33 - 2013-12-22 16:57 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenCandy 2013-12-24 20:52 - 2012-12-30 21:44 - 00000000 ___HD C:\Users\User\Desktop\.picasaoriginals 2013-12-22 18:42 - 2013-12-22 18:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software 2013-12-22 18:42 - 2013-12-22 18:42 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software 2013-12-22 18:41 - 2013-12-22 18:40 - 33799952 _____ (Opera Software ASA) C:\Users\User\Downloads\Opera_18.0.1284.49_Campaign_19_Setup.exe 2013-12-22 16:59 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\Documents\Mobogenie 2013-12-22 16:59 - 2013-12-22 16:59 - 00000000 ____D C:\Users\User\.android 2013-12-22 16:59 - 2012-08-12 16:54 - 00000000 ____D C:\Users\User\AppData\Local\cache Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\User\AppData\Local\Temp\Resource.exe C:\Users\User\AppData\Local\Temp\uninst1.exe C:\Users\User\AppData\Local\Temp\UNINSTALL.exe C:\Users\User\AppData\Local\Temp\wupdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-29 23:07 ==================== End Of Log ============================