czeski utworzono 6 września 2014 utworzono 6 września 2014 (edytowane) Witam, mam problemy z internetem, wyskakuje na dzień dobry strona 22find, delta-serch i inne podobne. Skanowałem komputer różnymi programami, ale nie do końca chyba uporały się z problemem, strony nie zawsze się wczytują, dopiero po kilkukrotnym odświeżaniu załaduje się. Ogromna prośba o sprawdzenie logów. OTL [log]OTL logfile created on: 2014-09-05 23:24:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17239) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 5,89 Gb Total Physical Memory | 3,68 Gb Available Physical Memory | 62,47% Memory free 11,89 Gb Paging File | 9,68 Gb Available in Paging File | 81,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 673,58 Gb Total Space | 586,30 Gb Free Space | 87,04% Space Free | Partition Type: NTFS Computer Name: TARDIS | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-09-05 23:18:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe PRC - [2014-08-28 13:48:04 | 001,521,344 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe PRC - [2014-08-28 13:48:02 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2014-08-28 13:48:00 | 001,939,136 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2014-08-27 11:07:16 | 001,372,280 | ---- | M] () -- C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe PRC - [2014-08-27 11:07:14 | 048,077,432 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe PRC - [2014-08-15 20:47:50 | 036,414,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014-06-11 07:50:12 | 000,540,304 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe PRC - [2013-08-27 23:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013-08-26 15:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2013-08-26 15:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012-12-10 12:23:06 | 002,876,024 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2012-11-30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2012-11-30 09:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe PRC - [2012-11-30 09:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe PRC - [2012-11-06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012-07-18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012-07-18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-06-14 05:05:16 | 000,648,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe PRC - [2012-06-14 05:05:00 | 000,233,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe PRC - [2012-06-08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe ========== Modules (No Company Name) ========== MOD - [2014-09-05 23:06:49 | 000,043,008 | ---- | M] () -- c:\users\adam\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvxfm_.dll MOD - [2014-08-28 13:48:14 | 002,224,320 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll MOD - [2014-08-28 13:48:02 | 000,678,080 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2014-08-27 11:07:22 | 000,155,768 | ---- | M] () -- C:\Program Files (x86)\Opera\24.0.1558.53\message_center_win8.dll MOD - [2014-08-27 11:07:21 | 001,378,936 | ---- | M] () -- C:\Program Files (x86)\Opera\24.0.1558.53\libglesv2.dll MOD - [2014-08-27 11:07:20 | 000,182,392 | ---- | M] () -- C:\Program Files (x86)\Opera\24.0.1558.53\libegl.dll MOD - [2014-08-27 11:07:19 | 000,974,968 | ---- | M] () -- C:\Program Files (x86)\Opera\24.0.1558.53\ffmpegsumo.dll MOD - [2014-08-27 11:07:16 | 001,372,280 | ---- | M] () -- C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe MOD - [2014-08-21 20:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll MOD - [2014-08-21 20:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll MOD - [2014-08-21 20:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll MOD - [2014-08-21 20:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll MOD - [2014-08-21 20:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll MOD - [2014-08-21 00:38:18 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2014-08-21 00:38:12 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2014-08-15 20:46:08 | 003,610,624 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2014-01-20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014-01-20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013-09-05 03:36:28 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2013-08-23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012-11-30 09:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll MOD - [2012-11-30 09:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll MOD - [2012-11-30 09:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll MOD - [2012-11-30 09:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll MOD - [2012-11-30 09:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll MOD - [2012-06-14 05:06:20 | 000,500,064 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll MOD - [2012-06-14 04:57:22 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll MOD - [2012-06-14 04:56:52 | 000,481,792 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll MOD - [2012-06-14 04:55:22 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll MOD - [2012-06-14 04:54:18 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll MOD - [2012-06-08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012-06-08 04:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2011-08-17 09:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll MOD - [2011-08-17 09:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll MOD - [2011-08-17 09:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll MOD - [2011-08-15 13:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll MOD - [2011-08-15 13:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll MOD - [2011-08-15 13:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll MOD - [2011-08-15 12:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll ========== Services (SafeList) ========== SRV - [2014-08-28 13:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014-06-11 07:50:12 | 000,540,304 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014-05-21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014-03-14 08:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2013-09-18 23:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R) SRV - [2013-08-26 15:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2013-08-26 15:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2013-08-22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2013-08-22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2012-12-10 12:23:06 | 002,876,024 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService) SRV - [2012-11-30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2012-11-06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012-07-18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012-07-18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} IE - HKLM\..\SearchScopes\{779A2E64-4866-4DC0-893A-609F3F79FCD6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=34ABCAF73392DF1B&affID=125032&tsp=5026 IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=34ABCAF73392DF1B&affID=125032&tsp=5026 IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1735395495-2726210869-181527219-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Adam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2013-09-26 21:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://google.pl/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Adam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - Extension: Google Wallet = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\ CHR - Extension: Extended Protection = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo\3.4.2_0\ CHR - Extension: Quick start = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\ O1 HOSTS File: ([2013-08-22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [fst_pl_110] File not found O4 - HKLM..\Run: [fst_pl_15] File not found O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKU\S-1-5-21-1735395495-2726210869-181527219-1002..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C373D41B-2B50-4B05-AB77-7C4AE412AE4E}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014-09-05 22:18:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014-09-05 22:58:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014-09-05 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2014-08-13 18:01:34 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2014-08-13 18:01:31 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2014-08-13 18:01:28 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll [2014-08-13 18:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2014-08-13 18:01:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2014-08-13 18:01:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll [2014-08-13 17:59:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe [2014-08-13 17:59:20 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll [2014-08-13 17:59:15 | 012,711,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll [2014-08-13 17:59:13 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DaOtpCredentialProvider.dll [2014-08-13 17:58:39 | 002,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2014-08-13 17:58:37 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll [2014-08-12 11:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2014-08-12 11:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2014-08-12 11:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012-12-17 14:24:28 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014-09-05 23:05:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2014-09-05 23:05:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014-09-05 23:04:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014-09-05 23:04:57 | 764,608,511 | -HS- | M] () -- C:\hiberfil.sys [2014-09-05 23:04:25 | 002,359,296 | ---- | M] () -- C:\Users\Adam\NTUSER.DAT [2014-09-05 23:04:24 | 000,204,121 | -H-- | M] () -- C:\Users\Adam\AppData\Local\IconCache.db [2014-09-05 22:18:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2014-08-17 17:25:25 | 000,001,096 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-13 17:53:08 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll [2014-08-13 17:52:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll [2014-08-13 17:52:41 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe [2014-08-13 17:52:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll [2014-08-13 17:52:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2014-09-05 23:03:09 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2014-09-05 22:18:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2014-05-21 00:33:38 | 000,348,088 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll [2014-05-21 00:33:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2014-05-21 00:33:32 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2014-04-10 15:26:10 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014-04-07 11:06:51 | 000,204,121 | -H-- | C] () -- C:\Users\Adam\AppData\Local\IconCache.db [2014-04-05 11:14:57 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014-04-05 11:07:10 | 000,000,020 | -HS- | C] () -- C:\Users\Adam\ntuser.ini [2014-04-05 10:35:45 | 002,359,296 | ---- | C] () -- C:\Users\Adam\NTUSER.DAT [2014-04-05 10:35:45 | 000,524,288 | -HS- | C] () -- C:\Users\Adam\NTUSER.DAT{010fa2ed-4cfb-11e3-93fa-0026b949f8c7}.TMContainer00000000000000000002.regtrans-ms [2014-04-05 10:35:45 | 000,524,288 | -HS- | C] () -- C:\Users\Adam\NTUSER.DAT{010fa2ed-4cfb-11e3-93fa-0026b949f8c7}.TMContainer00000000000000000001.regtrans-ms [2014-04-05 10:35:45 | 000,065,536 | -HS- | C] () -- C:\Users\Adam\NTUSER.DAT{010fa2ed-4cfb-11e3-93fa-0026b949f8c7}.TM.blf [2013-09-21 15:03:40 | 000,002,527 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\AbsoluteReminder.xml [2013-08-22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013-08-22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013-08-22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013-08-22 15:25:43 | 000,000,219 | ---- | C] () -- C:\WINDOWS\system.ini [2013-08-22 15:25:43 | 000,000,092 | ---- | C] () -- C:\WINDOWS\win.ini [2013-08-22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013-08-22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013-08-22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013-08-22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012-12-17 14:24:28 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2012-12-17 14:06:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014-04-06 18:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-04-06 17:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014-02-27 09:45:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Battle.net [2013-09-26 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Delta [2014-09-05 21:38:51 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Dropbox [2013-11-17 11:43:00 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\EurekaLog [2013-12-08 10:38:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\LibreOffice [2013-09-26 21:50:53 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\NapiProjekt [2014-09-05 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Opera Software [2014-03-22 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\qone8 [2014-03-21 23:44:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SupTab [2013-09-21 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Synaptics [2014-05-06 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Wargaming.net ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 237 bytes -> C:\Users\Adam\SkyDrive:ms-properties @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:56E2E879 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720 < End of report >[/log] gmer nie udało się FRST [log] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 (ATTENTION: ====> FRST version is 47 days old and could be outdated) Ran by Adam (administrator) on TARDIS on 06-09-2014 10:07:36 Running from C:\Users\Adam\Downloads Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Dropbox, Inc.) C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe () C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1735395495-2726210869-181527219-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation) Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {C3A420F9-A911-4925-B4CB-2909DBDB6199} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {C3A420F9-A911-4925-B4CB-2909DBDB6199} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1395438208&from=smt&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1395438208&from=smt&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {779A2E64-4866-4DC0-893A-609F3F79FCD6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {779A2E64-4866-4DC0-893A-609F3F79FCD6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {779A2E64-4866-4DC0-893A-609F3F79FCD6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Adam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) Chrome: ======= CHR HomePage: hxxp://google.pl/ CHR StartupUrls: "hxxp://google.pl/", "hxxp://www.google.com/", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=5C640026187D0562&affID=119828&tsp=4968", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=34ABCAF73392DF1B&affID=125032&tsp=5026", "hxxp://start.qone8.com/?type=hp&ts=1395438208&from=smt&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX", "hxxp://start.qone8.com/?type=hp&ts=1395525395&from=smt&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX", "hxxp://www.delta-homes.com/?type=hp&ts=1402672456&from=wpm0612&uid=HitachiXHTS547575A9E384_J1140021GBT7AKGBT7AKX" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Adam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21] CHR Extension: (Extended Protection) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-13] CHR HKLM-x32\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx [2014-06-13] CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-06-13] ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2876024 2012-12-10] (Samsung Electronics CO., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies) R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-09-06 10:07 - 2014-09-06 10:07 - 00020009 _____ () C:\Users\Adam\Downloads\FRST.txt 2014-09-06 10:07 - 2014-09-06 10:07 - 00000000 ____D () C:\FRST 2014-09-06 10:06 - 2014-09-06 10:06 - 02090496 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe 2014-09-06 09:58 - 2014-09-06 09:58 - 00291912 _____ () C:\WINDOWS\Minidump\090614-44750-01.dmp 2014-09-06 09:53 - 2014-09-06 09:58 - 00000000 ____D () C:\WINDOWS\Minidump 2014-09-06 09:53 - 2014-09-06 09:53 - 00296232 _____ () C:\WINDOWS\Minidump\090614-32578-01.dmp 2014-09-06 09:52 - 2014-09-06 09:57 - 866616857 _____ () C:\WINDOWS\MEMORY.DMP 2014-09-06 09:51 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Adam\Downloads\gmer.exe 2014-09-06 09:04 - 2014-09-06 09:04 - 00000000 ___SH () C:\DkHyperbootSync 2014-09-06 08:33 - 2014-09-06 09:52 - 00103984 _____ () C:\WINDOWS\PFRO.log 2014-09-06 08:17 - 2014-09-06 08:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-06 08:16 - 2014-09-06 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-06 08:16 - 2014-09-06 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-06 08:16 - 2014-09-06 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-06 08:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-06 08:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-09-06 08:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-05 23:30 - 2014-09-05 23:30 - 00068532 _____ () C:\Users\Adam\Downloads\OTL Windows8.Txt 2014-09-05 23:29 - 2014-09-05 23:29 - 00068532 _____ () C:\Users\Adam\Downloads\OTL.Txt 2014-09-05 23:18 - 2014-09-05 23:18 - 00602112 _____ (OldTimer Tools) C:\Users\Adam\Downloads\OTL.exe 2014-09-05 23:03 - 2014-09-05 23:03 - 00003856 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1409950988 2014-09-05 23:03 - 2014-09-05 23:03 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-09-05 22:18 - 2014-09-05 22:18 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 _____ () C:\autoexec.bat 2014-09-05 22:17 - 2014-09-05 22:58 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-05 22:17 - 2014-09-05 22:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-04 09:01 - 2014-09-04 09:01 - 00000000 ____D () C:\Users\Adam\Downloads\Doctor Who 2014-09-04 09:00 - 2014-09-04 09:00 - 00000000 ____D () C:\Users\Adam\Downloads\The Knick 2014-09-02 06:25 - 2014-09-06 10:04 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1735395495-2726210869-181527219-1002 2014-08-28 06:43 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-25 18:00 - 2014-08-28 18:06 - 00590976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-24 13:46 - 2014-09-06 09:12 - 01077144 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-13 18:01 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-08-13 18:01 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-08-13 18:01 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-08-13 18:01 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-08-13 18:01 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-08-13 18:01 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-08-13 18:01 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-08-13 18:01 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-08-13 18:01 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-08-13 18:01 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-08-13 18:01 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-08-13 18:01 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-08-13 18:01 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-08-13 18:01 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-08-13 18:01 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-08-13 18:01 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-08-13 18:01 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-08-13 18:01 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-08-13 18:01 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-08-13 18:01 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-13 18:01 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-08-13 18:01 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-08-13 18:01 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-08-13 18:01 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-08-13 18:01 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-08-13 18:01 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-08-13 18:01 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-08-13 18:01 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-08-13 18:01 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-08-13 18:01 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-08-13 18:01 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-08-13 18:01 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-08-13 18:01 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-08-13 18:01 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-08-13 18:01 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-08-13 18:00 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2014-08-13 18:00 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2014-08-13 17:59 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-08-13 17:59 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-08-13 17:59 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-08-13 17:59 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-08-13 17:59 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-08-13 17:59 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-08-13 17:59 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-08-13 17:59 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-08-13 17:59 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-08-13 17:59 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-08-13 17:59 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-08-13 17:59 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-08-13 17:59 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-08-13 17:59 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-08-13 17:59 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-08-13 17:59 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-08-13 17:59 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-08-13 17:59 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-08-13 17:59 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-08-13 17:59 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-08-13 17:59 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-08-13 17:59 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-08-13 17:59 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-08-13 17:59 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-08-13 17:59 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-08-13 17:59 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-08-13 17:59 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-08-13 17:59 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-08-13 17:59 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-08-13 17:59 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-08-13 17:59 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-08-13 17:58 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-08-13 17:58 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-08-13 17:58 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-08-13 17:58 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-08-13 17:58 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2014-08-13 17:58 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-08-13 17:58 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-08-13 17:58 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-08-13 17:58 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-08-13 17:58 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-08-13 17:58 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-08-12 11:09 - 2014-08-12 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-12 11:08 - 2014-08-12 11:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-12 11:08 - 2014-08-12 11:09 - 00000000 ____D () C:\Program Files\iTunes 2014-08-12 11:08 - 2014-08-12 11:09 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-12 11:08 - 2014-08-12 11:08 - 00000000 ____D () C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2014-09-06 10:07 - 2014-09-06 10:07 - 00020009 _____ () C:\Users\Adam\Downloads\FRST.txt 2014-09-06 10:07 - 2014-09-06 10:07 - 00000000 ____D () C:\FRST 2014-09-06 10:06 - 2014-09-06 10:06 - 02090496 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe 2014-09-06 10:04 - 2014-09-02 06:25 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1735395495-2726210869-181527219-1002 2014-09-06 10:04 - 2012-12-17 14:19 - 00000000 ____D () C:\ProgramData\WinClon 2014-09-06 10:02 - 2013-10-29 18:49 - 00000000 ___DO () C:\Users\Adam\SkyDrive 2014-09-06 10:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-09-06 10:01 - 2013-09-22 13:11 - 00000000 ___RD () C:\Users\Adam\Dropbox 2014-09-06 10:01 - 2013-09-22 13:08 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Dropbox 2014-09-06 10:00 - 2014-01-18 19:20 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-06 09:58 - 2014-09-06 09:58 - 00291912 _____ () C:\WINDOWS\Minidump\090614-44750-01.dmp 2014-09-06 09:58 - 2014-09-06 09:53 - 00000000 ____D () C:\WINDOWS\Minidump 2014-09-06 09:58 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-06 09:57 - 2014-09-06 09:52 - 866616857 _____ () C:\WINDOWS\MEMORY.DMP 2014-09-06 09:53 - 2014-09-06 09:53 - 00296232 _____ () C:\WINDOWS\Minidump\090614-32578-01.dmp 2014-09-06 09:53 - 2014-04-05 10:35 - 00000000 ____D () C:\Users\Adam 2014-09-06 09:52 - 2014-09-06 08:33 - 00103984 _____ () C:\WINDOWS\PFRO.log 2014-09-06 09:12 - 2014-08-24 13:46 - 01077144 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-06 09:04 - 2014-09-06 09:04 - 00000000 ___SH () C:\DkHyperbootSync 2014-09-06 08:36 - 2014-09-06 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-06 08:32 - 2014-03-21 23:44 - 00000000 ____D () C:\ProgramData\WPM 2014-09-06 08:32 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-06 08:32 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-09-06 08:16 - 2014-09-06 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-06 08:16 - 2014-09-06 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-06 08:16 - 2014-09-06 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-06 08:12 - 2013-11-03 00:52 - 00003972 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{95F6F344-88D7-4240-BCD6-DC4E54645EDB} 2014-09-05 23:30 - 2014-09-05 23:30 - 00068532 _____ () C:\Users\Adam\Downloads\OTL Windows8.Txt 2014-09-05 23:29 - 2014-09-05 23:29 - 00068532 _____ () C:\Users\Adam\Downloads\OTL.Txt 2014-09-05 23:19 - 2014-02-27 08:09 - 00000000 ____D () C:\Users\Adam\AppData\Local\Battle.net 2014-09-05 23:18 - 2014-09-05 23:18 - 00602112 _____ (OldTimer Tools) C:\Users\Adam\Downloads\OTL.exe 2014-09-05 23:03 - 2014-09-05 23:03 - 00003856 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1409950988 2014-09-05 23:03 - 2014-09-05 23:03 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-09-05 23:03 - 2014-04-26 09:12 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Opera Software 2014-09-05 23:03 - 2014-04-26 09:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\Opera Software 2014-09-05 23:03 - 2014-04-26 09:11 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-05 22:58 - 2014-09-05 22:17 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-05 22:18 - 2014-09-05 22:18 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 _____ () C:\autoexec.bat 2014-09-05 22:17 - 2014-09-05 22:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-05 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-09-04 09:01 - 2014-09-04 09:01 - 00000000 ____D () C:\Users\Adam\Downloads\Doctor Who 2014-09-04 09:00 - 2014-09-04 09:00 - 00000000 ____D () C:\Users\Adam\Downloads\The Knick 2014-09-01 17:39 - 2013-11-14 09:33 - 01825074 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-01 17:39 - 2013-11-14 09:13 - 00807160 _____ () C:\WINDOWS\system32\perfh015.dat 2014-09-01 17:39 - 2013-11-14 09:13 - 00163478 _____ () C:\WINDOWS\system32\perfc015.dat 2014-09-01 09:04 - 2013-09-23 19:12 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\vlc 2014-08-28 18:06 - 2014-08-25 18:00 - 00590976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-28 12:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-27 20:24 - 2013-09-21 15:02 - 00000000 ____D () C:\Users\Adam\AppData\Local\Packages 2014-08-27 09:10 - 2013-09-24 15:40 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-08-26 07:51 - 2014-01-25 11:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-25 14:31 - 2013-09-28 00:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\ChomikBox 2014-08-25 13:47 - 2013-09-28 00:01 - 00000000 ____D () C:\Users\Adam\.gstreamer-0.10 2014-08-25 10:42 - 2014-02-26 00:52 - 00000000 ____D () C:\Users\Adam\Downloads\ChomikBox 2014-08-23 02:42 - 2014-08-28 06:43 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-22 16:59 - 2014-02-27 08:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-19 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-08-17 18:48 - 2012-12-17 14:13 - 00000000 ____D () C:\ProgramData\Norton 2014-08-17 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-08-17 18:44 - 2014-07-11 00:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-08-17 18:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-08-17 17:33 - 2013-09-22 09:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-08-17 17:30 - 2013-09-22 09:09 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-17 17:25 - 2013-09-22 13:09 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-13 17:55 - 2014-05-14 20:54 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-08-13 17:53 - 2014-07-10 08:44 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-08-13 17:53 - 2013-08-22 05:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-08-13 17:52 - 2014-07-10 08:43 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-08-13 17:52 - 2014-07-01 14:59 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-08-13 17:52 - 2014-07-01 14:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-08-13 17:52 - 2014-04-10 15:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-08-13 17:52 - 2014-04-10 15:26 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-08-13 17:52 - 2013-11-14 09:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-08-13 17:52 - 2013-08-22 13:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-08-13 17:52 - 2013-08-22 13:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-08-13 17:52 - 2013-08-22 13:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-08-13 17:52 - 2013-08-22 13:10 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-08-13 17:52 - 2013-08-22 13:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-08-13 17:52 - 2013-08-22 05:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-08-13 17:52 - 2013-08-22 05:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-08-13 17:52 - 2013-08-22 05:40 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-08-12 11:09 - 2014-08-12 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-12 11:09 - 2014-08-12 11:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-12 11:09 - 2014-08-12 11:08 - 00000000 ____D () C:\Program Files\iTunes 2014-08-12 11:09 - 2014-08-12 11:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-12 11:08 - 2014-08-12 11:08 - 00000000 ____D () C:\Program Files\iPod 2014-08-07 04:12 - 2014-08-13 17:58 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-08-07 00:38 - 2014-08-13 17:59 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Adam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegtdxi.dll C:\Users\Adam\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-03 07:25 ==================== End Of Log ============================ [/log] [log] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014 Ran by Adam at 2014-09-06 10:08:14 Running from C:\Users\Adam\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Aktualizacje NVIDIA 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden ALLConverter PRO 1.3 (HKLM-x32\...\{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1) (Version: - ALLCinema, Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.2.1.0 - Auslogics Labs Pty Ltd) Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 7.2.1.0 - Auslogics Labs Pty Ltd) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitcasa version 0.9.20.4133 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4133 - Bitcasa Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) ChomikBox (HKLM-x32\...\{9D7628BE-6E32-42B9-A188-2917E1EB24FB}) (Version: 2.0.7.9 - Chomikuj.pl) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) FM Genie Scout 14 version 1.2 14.3.1 (HKLM-x32\...\FM Genie Scout 14_is1) (Version: 1.2 14.3.1 - ) Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version: - Sports Interactive) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Help Desk (HKLM\...\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}) (Version: 1.0.8 - Samsung Electronics CO., LTD.) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - pl-pl (HKLM\...\ProPlusRetail - pl-pl) (Version: 15.0.4641.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Oprogramowanie systemu PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Optimus 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA Sterownik graficzny 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation) Obsługa programów Apple (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Odkurzacz (HKLM-x32\...\Odkurzacz 13.5_is1) (Version: 13.5.0.1911 - FranmoSoftware - Maciej Opaliński) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Opera Stable 24.0.1558.53 (HKLM-x32\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA) Panel sterowania NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.) S Agent (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Support Center (HKLM\...\{FD334FD4-FABA-4991-8614-A718C15E45A5}) (Version: 2.1.10 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.6 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{F5B5BA56-8FEB-494B-84E6-C8DA9C2BEE50}) (Version: 2.1.6 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated) User Guide (HKLM-x32\...\{93467343-BD37-4643-8A4B-E5463CD9B7E2}) (Version: 1.3.00 - Samsung Electronics CO., LTD.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 17-08-2014 15:23:22 Windows Update 26-08-2014 18:46:05 Zaplanowany punkt kontrolny 05-09-2014 20:17:23 Installed SpyHunter ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0186ADF7-1758-42FB-B89C-06D05B532F12} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-17] (Microsoft Corporation) Task: {04D1C7EB-AFBD-4642-8509-A60EDFD6D649} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {07BFF428-8B15-419B-8197-00421CEC5244} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {206FEEF5-E047-4107-95FD-B139C2FE52B4} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-25] (Samsung Electronics CO., LTD.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C04A7B8-50E5-4879-9928-8DA9BA087B7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {30162037-9E26-494A-9A08-920EB2BF02B7} - \BitGuard No Task File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {39A3F779-EA06-437E-9514-203BF6187D16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3F12508A-C354-4FE4-8105-ED288199AC4D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {547F565F-B014-4DE2-BD82-2BCFCA0272C9} - System32\Tasks\Opera scheduled Autoupdate 1409950988 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-27] (Opera Software) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {7232B67D-5D19-46E8-8493-E925C32FBD5C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation) Task: {72D29F98-F3BE-4114-AFF3-22744318978D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8A30C837-F5F4-4BF7-996B-3CE1FC394832} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {93123AE4-1036-4902-90AC-B9AB01832B22} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A47A150C-4047-4F64-AF87-ABB199ADCEDB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A5E75690-9E4F-4061-8FE7-02F9F57DAA92} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC) Task: {C3A92719-7E93-4EC2-B2F5-3F105ADEE68E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {CA9D3126-C6A9-4315-95FF-47E2C60F89E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D326012C-B010-4CD5-B46E-582532B59FE8} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E3D655A5-6A01-4375-A8EF-16840815704A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F2F28914-0F36-4379-BB21-A1B3EB2A4031} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (2).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (3).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-03-19 09:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2014-09-05 23:03 - 2014-08-27 11:07 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2014-08-31 10:55 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-31 10:55 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-31 10:55 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2013-12-12 15:04 - 2014-08-21 00:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2014-05-22 19:39 - 2014-08-28 13:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-31 10:55 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-31 10:55 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-01-07 14:00 - 2014-08-28 13:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2012-12-17 14:02 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-09-06 10:00 - 2014-09-06 10:00 - 00043008 _____ () c:\users\adam\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegtdxi.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Adam\AppData\Roaming\Dropbox\bin\libcef.dll 2014-09-05 23:03 - 2014-08-27 11:07 - 00155768 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\message_center_win8.dll 2014-09-05 23:03 - 2014-08-27 11:07 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libglesv2.dll 2014-09-05 23:03 - 2014-08-27 11:07 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libegl.dll 2014-09-05 23:03 - 2014-08-27 11:07 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\ffmpegsumo.dll 2013-12-12 15:04 - 2014-08-21 00:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Adam\SkyDrive:ms-properties AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:56E2E879 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2014 10:00:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ZeroConfigService.exe, wersja: 15.5.5.0, sygnatura czasowa: 0x5060e311 Nazwa modułu powodującego błąd: MurocApi.dll, wersja: 15.5.5.0, sygnatura czasowa: 0x5060e22c Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000265e0 Identyfikator procesu powodującego błąd: 0x84c Godzina uruchomienia aplikacji powodującej błąd: 0xZeroConfigService.exe0 Ścieżka aplikacji powodującej błąd: ZeroConfigService.exe1 Ścieżka modułu powodującego błąd: ZeroConfigService.exe2 Identyfikator raportu: ZeroConfigService.exe3 Pełna nazwa pakietu powodującego błąd: ZeroConfigService.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: ZeroConfigService.exe5 Error: (09/05/2014 10:58:45 PM) (Source: MsiInstaller) (EventID: 11721) (User: TARDIS) Description: Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g5 Error: (09/05/2014 10:14:32 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT) Description: There was an error with the Windows Location Provider database Error: (09/05/2014 10:10:48 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: TARDIS) Description: There was an error communicating to the Orion inference server Error: (09/05/2014 10:10:48 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: ZARZĄDZANIE NT) Description: There was an error communicating to the Orion inference server Error: (09/05/2014 10:02:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TARDIS) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2147023174. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/05/2014 09:54:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: TARDIS) Description: There was an error communicating to the Orion inference server Error: (09/05/2014 09:54:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: ZARZĄDZANIE NT) Description: There was an error communicating to the Orion inference server Error: (09/05/2014 09:54:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT) Description: There was an error with the Windows Location Provider database Error: (09/05/2014 09:41:33 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: TARDIS) Description: There was an error communicating to the Orion inference server System errors: ============= Error: (09/06/2014 10:00:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) PROSet/Wireless Zero Configuration Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (09/06/2014 09:58:31 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000124 (0x0000000000000000, 0xffffe000f4c43028, 0x00000000fe200000, 0x0000000000041136)C:\WINDOWS\MEMORY.DMP090614-44750-01 Error: (09/06/2014 09:58:15 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 09:53:14 na 2014-09-06 było nieoczekiwane. Error: (09/04/2014 07:42:14 AM) (Source: DCOM) (EventID: 10001) (User: TARDIS) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNiedostępnyNiedostępny Error: (08/31/2014 10:57:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Steam Client Service z powodu następującego błędu: %%1053 Error: (08/31/2014 10:57:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Steam Client Service. Error: (08/28/2014 06:04:34 PM) (Source: DCOM) (EventID: 10010) (User: TARDIS) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (08/25/2014 02:32:57 PM) (Source: intmsd) (EventID: 2) (User: ) Description: \Device\intmsd0TCB- Write Error %0x Microsoft Office Sessions: ========================= Error: (09/06/2014 10:00:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ZeroConfigService.exe15.5.5.05060e311MurocApi.dll15.5.5.05060e22cc000000500000000000265e084c01cfc9a8671fc461C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlldbe13ce5-359b-11e4-bf0e-1867b02580fe Error: (09/05/2014 10:58:45 PM) (Source: MsiInstaller) (EventID: 11721) (User: TARDIS) Description: Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g5 (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/05/2014 10:14:32 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT) Description: -2147024883 Error: (09/05/2014 10:10:48 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: TARDIS) Description: -2143485936 Error: (09/05/2014 10:10:48 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: ZARZĄDZANIE NT) Description: -2143485936 Error: (09/05/2014 10:02:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TARDIS) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174 Error: (09/05/2014 09:54:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: TARDIS) Description: -2143485936 Error: (09/05/2014 09:54:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: ZARZĄDZANIE NT) Description: -2143485936 Error: (09/05/2014 09:54:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: ZARZĄDZANIE NT) Description: -2147024883 Error: (09/05/2014 09:41:33 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: TARDIS) Description: -2143485936 CodeIntegrity Errors: =================================== Date: 2014-09-06 09:51:41.567 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:41.476 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:41.370 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:41.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:41.142 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:41.048 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:40.958 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:40.873 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:40.781 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-06 09:51:40.694 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 6031.48 MB Available physical RAM: 3655.32 MB Total Pagefile: 12175.49 MB Available Pagefile: 9797.59 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:673.58 GB) (Free:584.88 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ [/log] Z góry dziękuję za pomoc
pawel315 komentarz 6 września 2014 komentarz 6 września 2014 Dorzuć jeszcze Extras.txt i Addition.txt
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.