Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by CORTEZ (administrator) on CORTEZ-PC on 27-01-2015 22:23:17 Running from C:\Users\CORTEZ\Desktop\Nowy folder (2) Loaded Profiles: CORTEZ (Available profiles: CORTEZ) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Flux Software LLC) C:\Users\CORTEZ\AppData\Local\FluxSoftware\Flux\flux.exe () C:\Users\CORTEZ\AppData\Roaming\pwo7\svchost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Evernote) C:\Program Files (x86)\Evernote\Skitch\Skitch.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Users\CORTEZ\AppData\Local\Temp\_MEI28922\bin\winlogon.exe (Adobe Systems Incorporated) C:\Config.Msi\14b0998.rbf (Adobe Systems Incorporated) C:\Config.Msi\14b0998.rbf (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2797469910-1678933392-3196651384-1000\...\Run: [f.lux] => C:\Users\CORTEZ\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-2797469910-1678933392-3196651384-1000\...\Run: [pwo7] => C:\Users\CORTEZ\AppData\Roaming\pwo7\svchost.exe [8164139 2014-10-11] () HKU\S-1-5-21-2797469910-1678933392-3196651384-1000\...\Run: [Skitch] => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe [4864320 2014-12-17] (Evernote) HKU\S-1-5-21-2797469910-1678933392-3196651384-1000\...\MountPoints2: {75434b8b-3e7d-11e4-993b-50e549b0509d} - F:\SETUP.EXE ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.pl/ CHR StartupUrls: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=ST1000LM024XHN-M101MBB_S2U5J9GCA14507&ts=1383344870", "hxxp://www.google.com", "hxxp://mysearch.avg.com?cid={A356FACC-25A8-4E0B-B0D5-B6E3780591F8}&mid=e8f348c6617547d3944281ac0f54b96e-34f06abc416fee108782b6cae5b195a7c23f7274&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-20 19:50:55&v=17.2.0.38&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-26 01:41:39&v=17.2.0.38&pid=safeguard&sg=&sap=hp", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&ts=1383344870 hxxp://www.google.com hxxp://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-20 19:50:55&v=18.0.5.292&pid=safeguard&sg=&sap=hp hxxp://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-26 01:41:39&v=17.2.0.38&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-26 01:41:39&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-26 01:41:39&v=18.1.5.512&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-26 01:41:39&v=18.1.7.598&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={6AE37F0F-1CB1-4A91-A7CE-8CA1D76445F5}&mid=7b7e3a0d75b747d39dc3115d7b37a587-49b22fb077e63cdd229a41abf3455df0acf8c9c6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-26 01:41:39&v=18.1.9.786&pid=safeguard&sg=&sap=hp" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-16] CHR Extension: (Google Docs) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-16] CHR Extension: (Google Drive) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16] CHR Extension: (YouTube) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-16] CHR Extension: (Google Search) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-16] CHR Extension: (Google Sheets) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-16] CHR Extension: (AdBlock) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-16] CHR Extension: (AVG Secure Search) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-27] CHR Extension: (Google Wallet) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-16] CHR Extension: (Evernote Web Clipper) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-01-16] CHR Extension: (Gmail) - C:\Users\CORTEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed] S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) S3 VGPU; No ImagePath U3 uwdirpow; \??\C:\Users\CORTEZ\AppData\Local\Temp\uwdirpow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 22:20 - 2015-01-27 22:21 - 00008779 _____ () C:\Users\CORTEZ\Desktop\MGER.txt 2015-01-27 16:42 - 2015-01-27 16:43 - 00380416 _____ () C:\Users\CORTEZ\Desktop\jc73rh8u.exe 2015-01-27 16:38 - 2015-01-27 16:38 - 00002285 _____ () C:\Users\CORTEZ\Desktop\Trackery 2014.txt 2015-01-27 16:27 - 2015-01-27 16:27 - 00009721 _____ () C:\Users\CORTEZ\Desktop\pytania.odt 2015-01-27 15:58 - 2015-01-27 22:23 - 00000000 ____D () C:\Users\CORTEZ\Desktop\Nowy folder (2) 2015-01-27 15:58 - 2015-01-27 22:23 - 00000000 ____D () C:\FRST 2015-01-27 15:49 - 2015-01-27 15:50 - 00000000 ____D () C:\Users\CORTEZ\Desktop\spoleczna kolokwium 2 2015-01-27 15:45 - 2015-01-27 15:45 - 00000000 ____D () C:\Users\CORTEZ\AppData\Roaming\BinarySense 2015-01-27 15:45 - 2015-01-27 15:45 - 00000000 ____D () C:\ProgramData\TEMP 2015-01-27 15:45 - 2015-01-27 15:45 - 00000000 ____D () C:\ProgramData\Licenses 2015-01-27 15:41 - 2015-01-27 15:55 - 00000000 ____D () C:\AdwCleaner 2015-01-27 15:40 - 2015-01-27 15:40 - 00000000 ____D () C:\Windows\pss 2015-01-27 15:39 - 2015-01-27 15:39 - 02194432 _____ () C:\Users\CORTEZ\Desktop\AdwCleaner.exe 2015-01-25 19:28 - 2015-01-25 21:43 - 00000000 ____D () C:\Users\CORTEZ\Desktop\Nowy folder 2015-01-24 19:44 - 2015-01-24 19:52 - 00000000 ____D () C:\Users\CORTEZ\Desktop\pojęcia rozwojowa egzmain 2015-01-24 18:06 - 2015-01-24 18:19 - 00000000 ____D () C:\Users\CORTEZ\Desktop\EDGARD - Hiszpański - Kurs podstawowy 2015-01-23 18:19 - 2015-01-23 18:19 - 00000000 ____D () C:\Users\CORTEZ\Desktop\mózg 2015-01-19 19:20 - 2015-01-19 19:34 - 00000000 ____D () C:\Users\CORTEZ\Desktop\EYE TO EYE BATTLE 3 17.01.2015 2015-01-19 17:53 - 2015-01-19 17:59 - 00000000 ____D () C:\Users\CORTEZ\Desktop\pytania_prezentacje 2015-01-19 16:07 - 2015-01-24 18:19 - 00000000 ____D () C:\Users\CORTEZ\Desktop\prezki 2015-01-16 17:54 - 2015-01-16 17:54 - 00026997 _____ () C:\Users\CORTEZ\Desktop\Harmonogram sesji_termin g owny_rozpiska sal_zima 2014_2015_13.01.2015.xlsx 2015-01-16 14:26 - 2015-01-27 15:56 - 00000000 ____D () C:\Users\CORTEZ\AppData\Local\Skitch 2015-01-16 14:25 - 2015-01-16 14:25 - 00002030 _____ () C:\Users\Public\Desktop\Skitch.lnk 2015-01-16 14:25 - 2015-01-16 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skitch 2015-01-16 14:03 - 2015-01-16 14:25 - 00000000 ____D () C:\Program Files (x86)\Evernote 2015-01-16 14:03 - 2015-01-16 14:03 - 00000936 _____ () C:\Users\CORTEZ\Desktop\Evernote.lnk 2015-01-16 14:03 - 2015-01-16 14:03 - 00000000 ____D () C:\Users\CORTEZ\AppData\Local\Evernote 2015-01-16 14:03 - 2015-01-16 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-01-14 16:28 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:28 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:28 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:28 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:28 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:28 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-13 18:11 - 2015-01-13 18:11 - 493072262 _____ () C:\Windows\MEMORY.DMP 2015-01-13 18:11 - 2015-01-13 18:11 - 00292560 _____ () C:\Windows\Minidump\011315-37221-01.dmp 2015-01-13 18:11 - 2015-01-13 18:11 - 00000000 ____D () C:\Windows\Minidump 2015-01-12 22:41 - 2015-01-13 12:14 - 00073166 _____ () C:\Users\CORTEZ\Desktop\Agresja.pptx 2015-01-12 22:41 - 2015-01-12 22:41 - 00000165 ____H () C:\Users\CORTEZ\Desktop\~$Agresja.pptx 2015-01-11 18:05 - 2015-01-11 22:15 - 00000000 ____D () C:\Users\CORTEZ\Desktop\biol 2015-01-08 23:12 - 2015-01-08 23:54 - 00000000 ____D () C:\Users\CORTEZ\Desktop\Blondynka Na Językach - Hiszpański Europejski 2015-01-08 20:55 - 2015-01-08 21:45 - 00334755 _____ () C:\Users\CORTEZ\Desktop\Planowanie kariery zawodowej Michał Nadolski.pptx 2015-01-06 18:03 - 2015-01-06 18:03 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-01-02 17:56 - 2015-01-02 17:56 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll 2015-01-02 17:56 - 2015-01-02 17:56 - 00000000 __RHD () C:\Users\CORTEZ\AppData\Roaming\SecuROM 2015-01-02 17:56 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-01-02 17:56 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2015-01-02 17:56 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-01-02 17:56 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2015-01-02 17:56 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-01-02 17:56 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2015-01-02 17:56 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-01-02 17:56 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2015-01-02 17:56 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-01-02 17:56 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-01-02 17:56 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-01-02 17:56 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2015-01-02 17:56 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-01-02 17:56 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-01-02 17:49 - 2015-01-02 17:50 - 00000000 ____D () C:\Users\CORTEZ\Desktop\STUDIA 2014-12-31 12:32 - 2015-01-02 17:46 - 00000000 ____D () C:\Program Files (x86)\UltraISO ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 22:22 - 2014-10-11 12:27 - 00000000 ___HD () C:\Users\CORTEZ\AppData\Roaming\pwo7 2015-01-27 21:57 - 2014-09-16 15:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-27 21:56 - 2014-09-17 10:36 - 00000000 ____D () C:\Users\CORTEZ\AppData\Roaming\uTorrent 2015-01-27 21:48 - 2014-09-16 06:19 - 01967810 _____ () C:\Windows\WindowsUpdate.log 2015-01-27 21:31 - 2014-09-16 09:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-27 16:29 - 2014-09-16 09:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-27 16:12 - 2014-12-09 19:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-01-27 16:12 - 2014-09-15 22:56 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-27 15:56 - 2014-09-15 22:19 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-27 15:56 - 2010-11-21 04:47 - 00015546 _____ () C:\Windows\PFRO.log 2015-01-27 15:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-27 15:56 - 2009-07-14 05:51 - 00041715 _____ () C:\Windows\setupact.log 2015-01-27 14:58 - 2014-09-16 11:51 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-27 12:30 - 2014-09-16 09:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-26 22:40 - 2014-09-16 14:08 - 00000000 ____D () C:\Users\CORTEZ\AppData\Roaming\vlc 2015-01-26 22:40 - 2014-09-15 22:24 - 00742582 _____ () C:\Windows\system32\perfh015.dat 2015-01-26 22:40 - 2014-09-15 22:24 - 00156096 _____ () C:\Windows\system32\perfc015.dat 2015-01-26 22:40 - 2009-07-14 06:13 - 01676118 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-24 14:30 - 2014-09-16 11:55 - 00000995 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-01-24 14:30 - 2014-09-16 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-24 01:47 - 2009-07-14 05:45 - 00025936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 01:47 - 2009-07-14 05:45 - 00025936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-12 22:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-06 18:03 - 2014-09-17 17:51 - 00000000 ____D () C:\Users\CORTEZ\Documents\My Games 2015-01-06 18:03 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-06 18:03 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-02 17:56 - 2014-12-23 18:19 - 00000000 ____D () C:\Users\CORTEZ\Desktop\now amuza tre 2015-01-02 17:56 - 2014-09-17 17:42 - 00082836 _____ () C:\Windows\DirectX.log 2014-12-31 13:12 - 2014-09-15 22:56 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\CORTEZ\AppData\Local\Temp\ose00000.exe C:\Users\CORTEZ\AppData\Local\Temp\ose00002.exe C:\Users\CORTEZ\AppData\Local\Temp\Quarantine.exe C:\Users\CORTEZ\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 12:14 ==================== End Of Log ============================