Jump to content

I am afraid that my computer is infected


Leoneq
 Share

Recommended Posts

Someone from China tried to log in to my email this morning. Could you please check my logs?

 

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Maćko at 14:50:42 on 2014-01-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1033.18.4095.2601 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\vsnpstd3.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maćko\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{48D565FA-71B4-4941-9809-C2B2C5287855} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Maćko\AppData\Roaming\Mozilla\Firefox\Profiles\4nabr79p.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-31 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-8-31 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-31 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-31 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-31 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-1 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-2 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-1 79672]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-24 39200]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-2 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-9-30 155824]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-9-17 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-2 57856]
.
=============== Created Last 30 ================
.
2014-01-17 13:50:42 -------- d-----w- C:\Users\MaŠko\AppData\Local\Microsoft
2014-01-17 07:07:08 -------- d-----w- C:\Users\Maćko\AppData\Roaming\Malwarebytes
2014-01-17 07:06:54 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-17 07:06:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-17 07:06:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 16:51:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C6A4731-56C5-48FB-ABF8-DD8024C162B7}\offreg.dll
2014-01-14 16:48:33 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
2014-01-04 09:01:49 -------- d-----w- C:\Program Files (x86)\SubEdit-Player
2014-01-01 11:51:00 -------- d-----w- C:\Users\Maćko\AppData\Roaming\AVAST Software
2014-01-01 08:45:42 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-24 13:52:30 -------- d-----w- C:\Users\Maćko\AppData\Roaming\MOVAVI
2013-12-24 10:53:03 -------- d-----w- C:\NVIDIA
2013-12-24 10:44:58 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-24 10:44:58 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M  ====================
.
2014-01-01 08:45:32 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-01 08:45:32 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-01 08:45:32 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-01 08:45:32 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-01 08:45:32 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-01 08:45:32 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-15 12:53:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 12:53:50 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 07:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-11-02 08:42:59 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-11-02 08:42:59 77312 ----a-w- C:\Windows\System32\tdc.ocx
2013-11-02 08:42:59 51200 ----a-w- C:\Windows\System32\imgutil.dll
2013-11-02 08:42:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2013-11-02 08:42:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-02 08:42:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-02 08:42:59 173568 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-02 08:42:59 13824 ----a-w- C:\Windows\System32\mshta.exe
2013-11-02 08:42:59 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-11-02 08:42:59 135680 ----a-w- C:\Windows\System32\IEAdvpack.dll
2013-11-02 08:35:58 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-02 08:35:58 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
.
============= FINISH: 14:51:24,77 ===============
 
 
attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-08-30 11:27:00
System Uptime: 2014-01-17 14:35:43 (0 hours ago)
.
Motherboard:  EVGA  |  | 122-CK-NF68
Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | Socket 775 | 2933/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 86,04 GiB free.
D: is FIXED (NTFS) - 366 GiB total, 43,351 GiB free.
E: is FIXED (NTFS) - 370 GiB total, 315,15 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&4A03A84&0&8
Manufacturer: (Standardowy kontroler hosta USB)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&4A03A84&0&8
Service: 
.
==== System Restore Points ===================
.
RP57: 2013-12-07 20:31:16 - Zainstalowany program DirectX
RP58: 2013-12-13 08:10:15 - Zainstalowany program DirectX
RP59: 2013-12-13 17:43:52 - Zainstalowany program DirectX
RP60: 2013-12-17 15:34:41 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
RP61: 2013-12-17 15:35:57 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
RP62: 2013-12-24 11:46:06 - Zainstalowany program DirectX
RP63: 2014-01-01 09:43:42 - avast! antivirus system restore point
RP64: 2014-01-04 13:31:27 - Installed Microsoft Games for Windows - LIVE Redistributable
.
==== Installed Programs ======================
.
2.0
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05) - Polish
AIMP3
Airfix Dogfighter
Aktualizacje NVIDIA 10.11.15
Audacity 2.0.4
Auto Clicker v1.5
AutoHotkey 1.1.13.01
avast! Free Antivirus
Battlefield 3™
Battlelog Web Plugins
CCleaner
ConvertHelper 2.2
Dark Souls: Prepare to Die Edition
DivX Setup
Europe MapleStory
Flashtool
Free Video to JPG Converter version 5.0.32.1230
Free YouTube Download version 3.2.20.1230
Free YouTube to MP3 Converter version 3.12.17.1127
GeForce Experience NvStream Client Components
GIMP 2.8.6
Guitar Hero World Tour
HandBrake 0.9.9.1
Hotline Miami
Java 7 Update 45
Java Auto Updater
Just Cause 2: Multiplayer Mod
LAME v3.99.3 (for Windows)
League of Legends
Left 4 Dead 2
Malwarebytes Anti-Malware wersja 1.75.0.1300
McPixel version 1.0.7
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PLK Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PLK Language Pack
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Polish) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Polish) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Polish) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Polish) 2010
Microsoft Office Language Pack 2010 - Polish/Polski
Microsoft Office O MUI (Polish) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Polish) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Polish) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Polish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Polish) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Polish) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Polish) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (Polish) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Polish) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Polish) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Polish) 2010
Microsoft Office X MUI (Polish) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Minecraft1.6.2
Minecraft1.7.2
Mirror's Edge
Mozilla Firefox 26.0 (x86 pl)
Mozilla Maintenance Service
NVIDIA GeForce Experience 1.8.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Oprogramowanie systemu PhysX 9.13.0725
NVIDIA PhysX
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Sterownik 3D Vision 331.82
NVIDIA Sterownik dźwięku HD 1.3.26.4
NVIDIA Sterownik graficzny 331.82
NVIDIA Sterownik kontrolera 3D Vision 331.82
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Opera Next 19.0.1326.34
Origin
Pando Media Booster
Panel sterowania NVIDIA 331.82
Papers, Please
Path of Exile
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
PowerISO
PunkBuster Services
Realtek High Definition Audio Driver
Rogue Legacy
Sanctum
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SHIELD Streaming
Sid Meier's Civilization V
Skype™ 6.9
Sony PC Companion 2.10.181
System Requirements Lab CYRI
TeamSpeak 3 Client
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
VC80CRTRedist - 8.0.50727.6195
Warhammer® 40,000™: Dawn of War® II
Windows Live ID Sign-in Assistant
.
==== End Of File ===========================
 
 
Here is also MBAM log:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Wersja bazy: v2014.01.17.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Maćko :: MÓJKOMPUTEREK [administrator]
 
2014-01-17 08:07:57
MBAM-log-2014-01-17 (10-30-55).txt
 
Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 633614
Upłynęło: 1 godzin(y), 27 minut(y), 50 sekund(y)
 
Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)
 
Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)
 
Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)
 
Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)
 
Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)
 
wykrytych folderów: 0
(Nie znaleziono zagrożeń)
 
Wykrytych plików: 10
C:\System Volume Information\_restore{C72BADE5-7302-4565-8C04-737F50690FD9}\RP18\A0007862.exe (PUP.Optional.OpenCandy) -> Nie wykonano akcji.
C:\System Volume Information\_restore{C72BADE5-7302-4565-8C04-737F50690FD9}\RP27\A0010627.exe (PUP.Optional.InstallCore) -> Nie wykonano akcji.
C:\System Volume Information\_restore{C72BADE5-7302-4565-8C04-737F50690FD9}\RP27\A0010628.exe (PUP.Optional.InstallCore) -> Nie wykonano akcji.
C:\System Volume Information\_restore{C72BADE5-7302-4565-8C04-737F50690FD9}\RP41\A0020556.exe (PUP.Optional.OpenCandy.A) -> Nie wykonano akcji.
C:\Users\Maćko\Downloads\FreeVideoToJPGConverter.exe (PUP.Optional.OpenCandy) -> Nie wykonano akcji.
E:\System Volume Information\_restore{C72BADE5-7302-4565-8C04-737F50690FD9}\RP65\A0028919.dll (VirTool.Obfuscator) -> Nie wykonano akcji.
 
(zakończone)
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 02

Ran by Maćko (administrator) on MÓJKOMPUTEREK on 17-01-2014 19:53:24
Running from C:\Users\Maćko\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\vsnpstd3.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-22] (Power Software Ltd)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
MountPoints2: G - G:\Setup.exe
MountPoints2: {b9f952e7-29ca-11e3-a0ee-00044b006790} - H:\Startme.exe
 
==================== Internet (Whitelisted) ====================
 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Maćko\AppData\Roaming\Mozilla\Firefox\Profiles\4nabr79p.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Maćko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-31]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-24] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-17 19:51 - 2014-01-17 19:53 - 00010821 _____ C:\Users\Maćko\Desktop\FRST.txt
2014-01-17 19:50 - 2014-01-17 19:50 - 00000000 ____D C:\FRST
2014-01-17 19:49 - 2014-01-17 19:49 - 02075648 _____ (Farbar) C:\Users\Maćko\Desktop\FRST64.exe
2014-01-17 14:50 - 2014-01-17 14:50 - 00000000 ____D C:\Users\MaŠko
2014-01-17 08:07 - 2014-01-17 08:07 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\Malwarebytes
2014-01-17 08:06 - 2014-01-17 08:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 08:06 - 2014-01-17 08:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 08:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 17:49 - 2014-01-16 17:49 - 00465200 _____ C:\Users\Maćko\AppData\Local\recently-used.xbel
2014-01-14 17:59 - 2014-01-14 17:59 - 04995688 _____ (ffdshow                                                     ) C:\Users\Maćko\Downloads\ffdshow_rev4527_20131203_clsid_x64.exe
2014-01-14 17:56 - 2014-01-14 17:56 - 02014270 _____ C:\Users\Maćko\Downloads\imagegrab_50en (1).zip
2014-01-14 17:48 - 2014-01-14 18:03 - 00000000 ____D C:\Program Files (x86)\Movavi Core 5.1.0
2014-01-14 17:45 - 2014-01-14 17:47 - 110787120 _____ (Movavi) C:\Users\Maćko\Downloads\MovaviVideoEditorSetup.exe
2014-01-12 10:16 - 2014-01-12 10:16 - 00664210 _____ C:\Users\Maćko\Downloads\Highly Visible Health Bars-40--3.zip
2014-01-12 10:13 - 2014-01-12 10:13 - 04816740 _____ C:\Users\Maćko\Downloads\Recolored Gold-Hemmed Black Set-287-.7z
2014-01-12 10:11 - 2014-01-12 10:11 - 00387050 _____ C:\Users\Maćko\Downloads\Metal Grass Crest Shield-349-0-9.rar
2014-01-12 10:08 - 2014-01-12 10:08 - 00152310 _____ C:\Users\Maćko\Downloads\Flames of Dosh-464-1-0-0.zip
2014-01-11 14:12 - 2014-01-11 14:13 - 06381290 _____ C:\Users\Maćko\Downloads\Dark Souls Flora Overhaul v05 Lower Res-56-.7z
2014-01-11 13:00 - 2014-01-11 13:00 - 00707426 _____ C:\Users\Maćko\Downloads\Prepare to doge edition-507-1-0.zip
2014-01-11 12:53 - 2014-01-11 12:54 - 59207358 _____ C:\Users\Maćko\Downloads\Fire Customization Pack - newest-159-2-1.zip
2014-01-11 12:52 - 2014-01-11 12:52 - 00227451 _____ C:\Users\Maćko\Downloads\Black with handle ornament-155-1-0.zip
2014-01-10 14:02 - 2014-01-10 14:02 - 00008474 _____ C:\Windows\DPINST.LOG
2014-01-04 13:38 - 2014-01-04 13:38 - 00000000 ____D C:\Users\Maćko\Documents\Games for Windows - LIVE Demos
2014-01-04 10:10 - 2014-01-04 10:10 - 02014270 _____ C:\Users\Maćko\Downloads\imagegrab_50en.zip
2014-01-04 10:01 - 2014-01-04 10:03 - 00000000 ____D C:\Program Files (x86)\SubEdit-Player
2014-01-04 10:00 - 2014-01-04 10:01 - 07923239 _____ (Artur Sikora                                                ) C:\Users\Maćko\Downloads\subedit+codecpack_b4072_install.exe
2014-01-04 09:47 - 2014-01-04 09:48 - 32244744 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Maćko\Downloads\FreeYouTubeDownload.exe
2014-01-02 21:58 - 2014-01-02 21:58 - 00360385 _____ C:\Users\Maćko\Downloads\Kafka Franz - Proces (1936).mobi
2014-01-02 21:57 - 2014-01-02 21:57 - 00535729 _____ C:\Users\Maćko\Downloads\Terry Pratchett - Świat Dysku - 22 - Ostatni Kontynent.mobi
2014-01-02 21:57 - 2014-01-02 21:57 - 00226223 _____ C:\Users\Maćko\Downloads\Terry Pratchett - Świat Dysku - 27 - Ostatni bohater.mobi
2014-01-02 21:54 - 2014-01-02 21:54 - 00556505 _____ C:\Users\Maćko\Downloads\Terry Pratchett - Świat Dysku - 17 - Ciekawe czasy.mobi
2014-01-02 21:52 - 2014-01-02 21:52 - 00352714 _____ C:\Users\Maćko\Downloads\Ciekawe czasy - Terry Pratchett.epub
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\AVAST Software
2014-01-01 09:45 - 2014-01-01 12:56 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-29 13:18 - 2013-12-29 13:18 - 00000000 ____D C:\Users\Maćko\AppData\Local\Auto Clicker
2013-12-26 13:04 - 2013-12-26 13:04 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2013-12-25 09:35 - 2014-01-17 19:45 - 00200300 _____ C:\Windows\PFRO.log
2013-12-24 14:52 - 2013-12-24 14:52 - 00004967 _____ C:\ProgramData\uxxadbmu.rlu
2013-12-24 14:52 - 2013-12-24 14:52 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\MOVAVI
2013-12-24 11:54 - 2013-11-14 12:56 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-24 11:54 - 2013-11-14 12:56 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-24 11:54 - 2013-11-14 12:56 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-24 11:53 - 2013-12-24 11:53 - 00000000 ____D C:\NVIDIA
2013-12-24 11:44 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-24 11:44 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-24 09:43 - 2014-01-17 19:46 - 00016035 _____ C:\Windows\setupact.log
2013-12-24 09:43 - 2013-12-24 09:43 - 00000000 _____ C:\Windows\setuperr.log
2013-12-21 14:30 - 2013-12-21 14:31 - 38069411 _____ C:\Users\Maćko\Documents\FrequencyDomain_v0_5_PublicTestBuild_Windows.zip
 
==================== One Month Modified Files and Folders =======
 
2014-01-17 19:53 - 2014-01-17 19:51 - 00010821 _____ C:\Users\Maćko\Desktop\FRST.txt
2014-01-17 19:50 - 2014-01-17 19:50 - 00000000 ____D C:\FRST
2014-01-17 19:50 - 2013-08-30 10:04 - 01641563 _____ C:\Windows\WindowsUpdate.log
2014-01-17 19:49 - 2014-01-17 19:49 - 02075648 _____ (Farbar) C:\Users\Maćko\Desktop\FRST64.exe
2014-01-17 19:47 - 2013-08-30 12:13 - 00000000 ___RD C:\Users\Maćko\Desktop\Maciek
2014-01-17 19:46 - 2013-12-24 09:43 - 00016035 _____ C:\Windows\setupact.log
2014-01-17 19:46 - 2013-08-30 14:03 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 19:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 19:45 - 2013-12-25 09:35 - 00200300 _____ C:\Windows\PFRO.log
2014-01-17 14:50 - 2014-01-17 14:50 - 00000000 ____D C:\Users\MaŠko
2014-01-17 14:49 - 2013-08-31 08:24 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\uTorrent
2014-01-17 14:37 - 2013-08-31 09:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-17 08:29 - 2013-10-12 08:03 - 00000000 ___RD C:\Users\Maćko\Desktop\Programy
2014-01-17 08:29 - 2013-09-15 19:52 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-17 08:07 - 2014-01-17 08:07 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\Malwarebytes
2014-01-17 08:06 - 2014-01-17 08:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 08:06 - 2014-01-17 08:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 21:10 - 2013-08-31 10:48 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\AIMP3
2014-01-16 21:09 - 2013-08-31 11:24 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\TS3Client
2014-01-16 19:34 - 2013-08-31 09:56 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\.minecraft
2014-01-16 18:47 - 2013-10-27 18:01 - 00000000 ____D C:\Users\Maćko\AppData\Local\PMB Files
2014-01-16 18:47 - 2013-10-27 18:01 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-16 17:49 - 2014-01-16 17:49 - 00465200 _____ C:\Users\Maćko\AppData\Local\recently-used.xbel
2014-01-16 17:49 - 2013-10-11 18:43 - 00000000 ____D C:\Users\Maćko\AppData\Local\gtk-2.0
2014-01-16 17:49 - 2013-09-15 21:18 - 00000000 ____D C:\Users\Maćko\.gimp-2.8
2014-01-16 17:25 - 2013-08-30 10:35 - 00000000 ____D C:\Program Files (x86)\Opera Next
2014-01-16 07:22 - 2013-08-31 08:44 - 00740884 _____ C:\Windows\system32\perfh015.dat
2014-01-16 07:22 - 2013-08-31 08:44 - 00155512 _____ C:\Windows\system32\perfc015.dat
2014-01-16 07:22 - 2009-07-14 06:13 - 01671400 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 15:45 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 15:45 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 18:03 - 2014-01-14 17:48 - 00000000 ____D C:\Program Files (x86)\Movavi Core 5.1.0
2014-01-14 17:59 - 2014-01-14 17:59 - 04995688 _____ (ffdshow                                                     ) C:\Users\Maćko\Downloads\ffdshow_rev4527_20131203_clsid_x64.exe
2014-01-14 17:56 - 2014-01-14 17:56 - 02014270 _____ C:\Users\Maćko\Downloads\imagegrab_50en (1).zip
2014-01-14 17:47 - 2014-01-14 17:45 - 110787120 _____ (Movavi) C:\Users\Maćko\Downloads\MovaviVideoEditorSetup.exe
2014-01-12 10:16 - 2014-01-12 10:16 - 00664210 _____ C:\Users\Maćko\Downloads\Highly Visible Health Bars-40--3.zip
2014-01-12 10:13 - 2014-01-12 10:13 - 04816740 _____ C:\Users\Maćko\Downloads\Recolored Gold-Hemmed Black Set-287-.7z
2014-01-12 10:11 - 2014-01-12 10:11 - 00387050 _____ C:\Users\Maćko\Downloads\Metal Grass Crest Shield-349-0-9.rar
2014-01-12 10:08 - 2014-01-12 10:08 - 00152310 _____ C:\Users\Maćko\Downloads\Flames of Dosh-464-1-0-0.zip
2014-01-11 14:13 - 2014-01-11 14:12 - 06381290 _____ C:\Users\Maćko\Downloads\Dark Souls Flora Overhaul v05 Lower Res-56-.7z
2014-01-11 13:00 - 2014-01-11 13:00 - 00707426 _____ C:\Users\Maćko\Downloads\Prepare to doge edition-507-1-0.zip
2014-01-11 12:54 - 2014-01-11 12:53 - 59207358 _____ C:\Users\Maćko\Downloads\Fire Customization Pack - newest-159-2-1.zip
2014-01-11 12:52 - 2014-01-11 12:52 - 00227451 _____ C:\Users\Maćko\Downloads\Black with handle ornament-155-1-0.zip
2014-01-10 14:24 - 2013-09-10 14:09 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\DVDVideoSoft
2014-01-10 14:24 - 2013-09-10 14:09 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-10 14:02 - 2014-01-10 14:02 - 00008474 _____ C:\Windows\DPINST.LOG
2014-01-10 14:02 - 2013-08-31 10:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-04 13:38 - 2014-01-04 13:38 - 00000000 ____D C:\Users\Maćko\Documents\Games for Windows - LIVE Demos
2014-01-04 10:10 - 2014-01-04 10:10 - 02014270 _____ C:\Users\Maćko\Downloads\imagegrab_50en.zip
2014-01-04 10:03 - 2014-01-04 10:01 - 00000000 ____D C:\Program Files (x86)\SubEdit-Player
2014-01-04 10:01 - 2014-01-04 10:00 - 07923239 _____ (Artur Sikora                                                ) C:\Users\Maćko\Downloads\subedit+codecpack_b4072_install.exe
2014-01-04 09:48 - 2014-01-04 09:47 - 32244744 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Maćko\Downloads\FreeYouTubeDownload.exe
2014-01-02 21:58 - 2014-01-02 21:58 - 00360385 _____ C:\Users\Maćko\Downloads\Kafka Franz - Proces (1936).mobi
2014-01-02 21:57 - 2014-01-02 21:57 - 00535729 _____ C:\Users\Maćko\Downloads\Terry Pratchett - Świat Dysku - 22 - Ostatni Kontynent.mobi
2014-01-02 21:57 - 2014-01-02 21:57 - 00226223 _____ C:\Users\Maćko\Downloads\Terry Pratchett - Świat Dysku - 27 - Ostatni bohater.mobi
2014-01-02 21:54 - 2014-01-02 21:54 - 00556505 _____ C:\Users\Maćko\Downloads\Terry Pratchett - Świat Dysku - 17 - Ciekawe czasy.mobi
2014-01-02 21:52 - 2014-01-02 21:52 - 00352714 _____ C:\Users\Maćko\Downloads\Ciekawe czasy - Terry Pratchett.epub
2014-01-01 12:56 - 2014-01-01 09:45 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\AVAST Software
2014-01-01 09:45 - 2013-08-31 09:18 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-01 09:45 - 2013-08-31 09:18 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-01 09:45 - 2013-08-31 09:18 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-01 09:45 - 2013-08-31 09:18 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-01 09:45 - 2013-08-31 09:18 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-01 09:45 - 2013-08-31 09:18 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-01 09:45 - 2013-08-31 09:18 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-01 09:45 - 2013-08-31 08:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-01 09:43 - 2013-08-31 09:18 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-01 09:43 - 2013-08-31 08:28 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-31 16:32 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-29 13:18 - 2013-12-29 13:18 - 00000000 ____D C:\Users\Maćko\AppData\Local\Auto Clicker
2013-12-26 13:04 - 2013-12-26 13:04 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2013-12-26 13:04 - 2013-08-30 12:13 - 00000000 ___RD C:\Users\Maćko\Desktop\Gry
2013-12-25 09:35 - 2009-07-14 05:45 - 00351456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-24 14:52 - 2013-12-24 14:52 - 00004967 _____ C:\ProgramData\uxxadbmu.rlu
2013-12-24 14:52 - 2013-12-24 14:52 - 00000000 ____D C:\Users\Maćko\AppData\Roaming\MOVAVI
2013-12-24 14:50 - 2013-08-30 12:06 - 00085392 _____ C:\Users\Maćko\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 12:00 - 2013-08-30 14:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-24 11:54 - 2013-11-30 14:20 - 00000000 ____D C:\Users\Maćko\Documents\NBGI
2013-12-24 11:53 - 2013-12-24 11:53 - 00000000 ____D C:\NVIDIA
2013-12-24 09:43 - 2013-12-24 09:43 - 00000000 _____ C:\Windows\setuperr.log
2013-12-24 09:26 - 2013-08-30 20:00 - 00000000 ____D C:\Windows\Panther
2013-12-21 14:31 - 2013-12-21 14:30 - 38069411 _____ C:\Users\Maćko\Documents\FrequencyDomain_v0_5_PublicTestBuild_Windows.zip
2013-12-19 14:11 - 2013-08-31 09:18 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
 
Some content of TEMP:
====================
C:\Users\Maćko\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Maćko\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-30 10:01
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 02
Ran by Maćko at 2014-01-17 19:53:43
Running from C:\Users\Maćko\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
2.0 (x32 Version: 2.0 - www.video-gif-converter.com)
7-Zip 9.20 (x32 Version:  - )
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Polish (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AIMP3 (x32 Version: v3.55.1324, 15.11.2013 - AIMP DevTeam)
Airfix Dogfighter (x32 Version:  - )
Aktualizacje NVIDIA 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
Audacity 2.0.4 (x32 Version: 2.0.4 - Audacity Team)
Auto Clicker v1.5 (x32 Version: 1.5 - MurGee.com)
AutoHotkey 1.1.13.01 (Version: 1.1.13.01 - Lexikos)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.1.7 - EA Digital Illusions CE AB)
CCleaner (Version: 4.05 - Piriform)
ConvertHelper 2.2 (x32 Version:  - DownloadHelper)
Dark Souls: Prepare to Die Edition (x32 Version:  - FromSoftware)
DivX Setup (x32 Version: 2.6.1.84 - DivX, LLC)
Europe MapleStory (x32 Version:  - Nexon)
Flashtool (x32 Version: 0.9.11.0 - Androxyde)
Free Video to JPG Converter version 5.0.32.1230 (x32 Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (x32 Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1127 (x32 Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Guitar Hero World Tour (x32 Version: 1.0 - Aspyr)
HandBrake 0.9.9.1 (x32 Version: 0.9.9.1 - )
Hotline Miami (x32 Version: 2.0.0.4 - GOG.com)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Just Cause 2: Multiplayer Mod (x32 Version:  - JC2-MP Team)
LAME v3.99.3 (for Windows) (x32 Version:  - )
League of Legends (x32 Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (x32 Version:  - Valve)
Malwarebytes Anti-Malware wersja 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McPixel version 1.0.7 (x32 Version: 1.0.7 - Sos)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PLK Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PLK Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - Polish/Polski (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office O MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Polish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft1.6.2 (x32 Version:  - )
Minecraft1.7.2 (x32 Version:  - )
Mirror's Edge (x32 Version:  - DICE)
Mozilla Firefox 26.0 (x86 pl) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Oprogramowanie systemu PhysX 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Sterownik 3D Vision 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Opera Next 19.0.1326.34 (x32 Version: 19.0.1326.34 - Opera Software ASA)
Origin (x32 Version: 9.3.2.2730 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.9 - Pando Networks Inc.)
Panel sterowania NVIDIA 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
Papers, Please (x32 Version: 2.0.0.4 - GOG.com)
Path of Exile (x32 Version: 1.0.1.29801 - Grinding Gear Games)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
PowerISO (x32 Version: 5.7 - Power Software Ltd)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Rogue Legacy (x32 Version: 2.0.0.4 - GOG.com)
Sanctum (x32 Version:  - Coffee Stain Studios)
Scribblenauts Unlimited (x32 Version:  - )
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.)
Sony PC Companion 2.10.181 (x32 Version: 2.10.181 - Sony)
System Requirements Lab CYRI (x32 Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Uplay (x32 Version: 3.2 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Warhammer® 40,000™: Dawn of War® II (x32 Version:  - Relic Entertainment)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
07-12-2013 19:31:16 Zainstalowany program DirectX
13-12-2013 07:10:15 Zainstalowany program DirectX
13-12-2013 16:43:52 Zainstalowany program DirectX
17-12-2013 14:34:41 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
17-12-2013 14:35:57 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
24-12-2013 10:46:06 Zainstalowany program DirectX
01-01-2014 08:43:42 avast! antivirus system restore point
04-01-2014 12:31:27 Installed Microsoft Games for Windows - LIVE Redistributable
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2013-11-02 14:21 - 00000795 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {4D9838FB-86A1-404F-8E38-95EA544C1955} - System32\Tasks\{E60FF084-CF36-4AFE-8A33-BAD2FA6539D0} => E:\Program Files\MapleStory\GameLauncher.exe
Task: {BFE241E2-1444-4E11-9CAB-5CF4DA7A744D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {D14BAE46-8951-4D7D-81C3-E391CD47C201} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-01] (AVAST Software)
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 14:02 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-17 14:37 - 2014-01-17 10:49 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011700\algo.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-01-01 09:45 - 2014-01-01 09:45 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standardowy kontroler hosta USB)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2014 07:46:59 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/17/2014 07:46:59 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/17/2014 02:37:03 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/17/2014 02:37:03 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/17/2014 07:54:27 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/17/2014 07:54:27 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/16/2014 06:22:03 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/16/2014 06:22:03 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/16/2014 02:50:26 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/16/2014 02:50:26 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
 
System errors:
=============
Error: (01/08/2014 06:19:31 PM) (Source: BROWSER) (User: )
Description: Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{48D565FA-71B4-4941-9809-C2B2C5287855}.
Przeglądarka zapasowa jest zatrzymywana.
 
Error: (01/08/2014 06:04:24 PM) (Source: bowser) (User: )
Description: Przeglądarka główna odebrała anons serwera z komputera MICHAŁ-LAPTOP1.
Komputer ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{48D565FA-71B4-4941-9809-C2B2C5287855}.
Przeglądarka główna właśnie jest zatrzymywana albo wymuszany jest wybór.
 
Error: (01/07/2014 05:37:05 PM) (Source: BROWSER) (User: )
Description: Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{48D565FA-71B4-4941-9809-C2B2C5287855}.
Przeglądarka zapasowa jest zatrzymywana.
 
Error: (01/07/2014 05:34:52 PM) (Source: bowser) (User: )
Description: Przeglądarka główna odebrała anons serwera z komputera MICHAŁ-LAPTOP1.
Komputer ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{48D565FA-71B4-4941-9809-C2B2C5287855}.
Przeglądarka główna właśnie jest zatrzymywana albo wymuszany jest wybór.
 
Error: (01/07/2014 05:33:56 PM) (Source: NetBT) (User: )
Description: Nie można zarejestrować nazwy „WORKGROUP      :1d” w interfejsie o adresie IP 192.168.0.2.
Komputer o adresie IP 192.168.0.3 nie zezwolił na przejęcie tej nazwy
przez ten komputer.
 
Error: (01/07/2014 03:29:28 PM) (Source: NetBT) (User: )
Description: Nie można zarejestrować nazwy „WORKGROUP      :1d” w interfejsie o adresie IP 192.168.0.2.
Komputer o adresie IP 192.168.0.3 nie zezwolił na przejęcie tej nazwy
przez ten komputer.
 
Error: (01/07/2014 03:05:51 PM) (Source: BROWSER) (User: )
Description: Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{48D565FA-71B4-4941-9809-C2B2C5287855}.
Przeglądarka zapasowa jest zatrzymywana.
 
Error: (01/05/2014 02:12:44 PM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi Windows Search z powodu następującego błędu: 
%%1053
 
Error: (01/05/2014 02:12:44 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/05/2014 02:12:44 PM) (Source: Service Control Manager) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search.
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2014 07:46:59 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/17/2014 07:46:59 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/17/2014 02:37:03 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/17/2014 02:37:03 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/17/2014 07:54:27 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/17/2014 07:54:27 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/16/2014 06:22:03 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/16/2014 06:22:03 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (01/16/2014 02:50:26 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (01/16/2014 02:50:26 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-18 16:49:17.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MAKO~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:49:17.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MAKO~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:49:16.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:49:16.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:47:54.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MAKO~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:47:54.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MAKO~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:47:54.582
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 16:47:54.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 4094.54 MB
Available physical RAM: 2557.48 MB
Total Pagefile: 8187.26 MB
Available Pagefile: 6686.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.31 GB) (Free:86.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:366.22 GB) (Free:43.35 GB) NTFS
Drive e: () (Fixed) (Total:369.99 GB) (Free:323.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 38CDCA39)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=736 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, let me know if any remaining issues or concerns...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

MBAM logs:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Wersja bazy: v2014.01.17.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Maćko :: MÓJKOMPUTEREK [administrator]
 
2014-01-17 15:30:32
mbam-log-2014-01-17 (15-30-32).txt
 
Typ skanowania: Niestandardowe skanowanie (H:\|)
Zaznaczone opcje skanowania: System plików | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | Heurystyka/Dodatkowe | P2P
Przeskanowano obiektów: 57
Upłynęło: 3 sekund(y)
 
Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)
 
Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)
 
Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)
 
Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)
 
Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)
 
wykrytych folderów: 0
(Nie znaleziono zagrożeń)
 
Wykrytych plików: 0
(Nie znaleziono zagrożeń)
 
(zakończone)
 
 
FRST logs:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 02
Ran by Maćko at 2014-01-17 21:24:39 Run:3
Running from C:\Users\Maćko\Desktop\Nowy folder
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\Mac'ko\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mac'ko\AppData\Local\Temp\nvStInst.exe
End
*****************
 
"C:\Users\Mac'ko\AppData\Local\Temp\nvSCPAPI.dll" => File/Directory not found.
"C:\Users\Mac'ko\AppData\Local\Temp\nvStInst.exe" => File/Directory not found.
 
==== End of Fixlog ====
 
adwcleaner log:
 
# AdwCleaner v3.017 - Report created 17/01/2014 at 21:28:13
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Maćko - MÓJKOMPUTEREK
# Running from : C:\Users\Maćko\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\MAKO~1\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\Maćko\AppData\LocalLow\boost_interprocess
File Deleted : C:\END
File Deleted : C:\Users\Maćko\AppData\Roaming\Mozilla\Firefox\Profiles\4nabr79p.default\invalidprefs.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v26.0 (pl)
 
[ File : C:\Users\Maćko\AppData\Roaming\Mozilla\Firefox\Profiles\4nabr79p.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [1439 octets] - [17/01/2014 21:25:43]
AdwCleaner[s0].txt - [1165 octets] - [17/01/2014 21:28:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1225 octets] ##########
Link to post
Share on other sites

We need to clean up first....

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

    [*] Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this. If no issues or concerns can we close out...

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thank you,

 

Kevin

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.