Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02 Ran by KASIA (administrator) on 22-08-2013 17:03:41 Running from C:\Users\KASIA\Desktop\frst Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe ( ) C:\Windows\system32\lxdncoms.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Windows\system32\igfxext.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [Power Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" [x] HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-14] () HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162408 2011-09-13] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162408 2011-09-13] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\KASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={37D89D27-AAD7-406A-85FF-B5DB1A21EDB8}&mid=10d4083c002347d0968d0d47e7f559f9-0ed67e27373fd3949d24b44eea5e46a1e6185b0f&lang=pl&ds=xn011&pr=sa&d=2012-10-04 14:41:17&v=13.0.0.7&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={37D89D27-AAD7-406A-85FF-B5DB1A21EDB8}&mid=10d4083c002347d0968d0d47e7f559f9-0ed67e27373fd3949d24b44eea5e46a1e6185b0f&lang=pl&ds=xn011&pr=sa&d=2012-10-04 14:41:17&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_nocpc_3812_6&babsrc=SP_ss&mntrId=8047541c00000000000074de2bb13b5b SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={37D89D27-AAD7-406A-85FF-B5DB1A21EDB8}&mid=10d4083c002347d0968d0d47e7f559f9-0ed67e27373fd3949d24b44eea5e46a1e6185b0f&lang=pl&ds=xn011&pr=sa&d=2012-10-04 14:41:17&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default FF user.js: detected! => C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default\user.js FF NewTab: hxxp://search.babylon.com/?affID=110823&tt=120912_nocpc_3812_6&babsrc=NT_ss&mntrId=8047541c00000000000074de2bb13b5b FF SelectedSearchEngine: Google FF Homepage: hxxp://isearch.avg.com/?cid={37D89D27-AAD7-406A-85FF-B5DB1A21EDB8}&mid=10d4083c002347d0968d0d47e7f559f9-0ed67e27373fd3949d24b44eea5e46a1e6185b0f&lang=pl&ds=xn011&pr=sa&d=2012-10-04 14:41:17&v=15.3.0.11&pid=avg&sg=0&sap=hp FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default\searchplugins\avg-secure-search.xml FF Extension: Babylon - C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default\Extensions\ffxtlbr@babylon.com FF Extension: uTorrentControl2 Community Toolbar - C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} FF Extension: IplextoALL - C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default\Extensions\IplextoALL@ALLPlayer.org.xpi FF Extension: testpilot - C:\Users\KASIA\AppData\Roaming\Mozilla\Firefox\Profiles\fh5x7br6.default\Extensions\testpilot@labs.mozilla.com.xpi FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\KASIA\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated) R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( ) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG) S0 Tcpip; System32\drivers\tcpip.sys [x] S3 TCPIP6; system32\DRIVERS\tcpip.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-22 16:50 - 2013-08-22 16:50 - 00000000 ____D C:\Users\KASIA\Desktop\frst 2013-08-22 16:44 - 2013-08-22 17:01 - 00000000 ____D C:\Users\KASIA\Desktop\fss 2013-08-21 00:21 - 2013-08-21 00:21 - 00119096 _____ C:\Users\KASIA\Desktop\Extras.Txt 2013-08-21 00:20 - 2013-08-21 00:20 - 00091732 _____ C:\Users\KASIA\Desktop\OTL.Txt 2013-08-21 00:10 - 2013-08-21 00:06 - 00602112 _____ (OldTimer Tools) C:\Users\KASIA\Desktop\OTL.exe 2013-08-20 23:54 - 2013-08-20 23:55 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-20 23:54 - 2013-08-20 23:52 - 04009167 _____ C:\Users\KASIA\Desktop\ServicesRepair.exe 2013-08-20 22:56 - 2012-09-10 22:23 - 00559528 _____ (Helge Klein) C:\Windows\SetACL.exe 2013-08-17 03:25 - 2013-08-17 03:25 - 00003352 ____N C:\bootsqm.dat 2013-08-17 03:02 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-17 03:02 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-17 03:02 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-17 03:02 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-17 03:02 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-17 03:02 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-17 03:02 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-17 03:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-17 03:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-17 03:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-17 03:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-17 03:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-17 03:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-17 03:02 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-17 03:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-17 03:01 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-17 03:01 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-17 03:01 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-17 03:01 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-17 03:01 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-17 03:01 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-17 03:01 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-17 03:01 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-17 03:01 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-17 03:01 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-17 03:01 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-17 03:01 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-17 03:01 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-17 03:01 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-17 03:01 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-17 03:01 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-16 14:09 - 2013-08-16 14:09 - 00000000 ____D C:\Program Files (x86)\Aurora 2013-08-14 13:09 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 13:09 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 13:09 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 13:09 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 13:09 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 13:09 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 13:09 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 13:09 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 13:08 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 13:08 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 13:08 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 13:08 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 13:08 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 13:08 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 13:08 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 13:08 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 13:08 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 13:08 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 13:08 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 13:08 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 13:08 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 13:08 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 13:08 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 13:08 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 13:08 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-13 19:12 - 2013-08-13 19:14 - 00000000 ____D C:\Users\KASIA\Desktop\Nowy folder (3) 2013-08-06 02:14 - 2013-08-06 02:22 - 49180547 _____ C:\Users\KASIA\Desktop\Mel B 10 minutowy trening brzucha.flv 2013-08-06 01:40 - 2013-08-06 01:43 - 27681507 _____ C:\Users\KASIA\Desktop\Mel B - Rozgrzewka 5 min.flv 2013-08-06 00:34 - 2013-08-06 00:42 - 82238487 _____ C:\Users\KASIA\Desktop\10 min Booty Shaking Waist Workout- Lose inches off your waist by shaking your hips!.flv 2013-07-30 17:49 - 2013-07-30 17:49 - 00000000 ____D C:\Users\KASIA\AppData\Local\Nero_AG 2013-07-25 12:52 - 2013-07-26 16:16 - 00000000 ____D C:\Users\KASIA\Desktop\allegro 2013-07-24 23:00 - 2013-07-24 23:00 - 84155665 _____ C:\Users\KASIA\Downloads\Fwd__Fwd__WARIATKI_p.zip ==================== One Month Modified Files and Folders ======= 2013-08-22 17:02 - 2013-08-22 17:02 - 00000000 ____D C:\FRST 2013-08-22 17:01 - 2013-08-22 16:44 - 00000000 ____D C:\Users\KASIA\Desktop\fss 2013-08-22 16:50 - 2013-08-22 16:50 - 00000000 ____D C:\Users\KASIA\Desktop\frst 2013-08-22 16:49 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-22 16:49 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-22 16:44 - 2011-11-12 09:56 - 01328444 _____ C:\Windows\WindowsUpdate.log 2013-08-22 16:40 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-22 16:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-22 16:40 - 2009-07-14 06:51 - 00081051 _____ C:\Windows\setupact.log 2013-08-21 00:21 - 2013-08-21 00:21 - 00119096 _____ C:\Users\KASIA\Desktop\Extras.Txt 2013-08-21 00:20 - 2013-08-21 00:20 - 00091732 _____ C:\Users\KASIA\Desktop\OTL.Txt 2013-08-21 00:06 - 2013-08-21 00:10 - 00602112 _____ (OldTimer Tools) C:\Users\KASIA\Desktop\OTL.exe 2013-08-20 23:55 - 2013-08-20 23:54 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-20 23:52 - 2013-08-20 23:54 - 04009167 _____ C:\Users\KASIA\Desktop\ServicesRepair.exe 2013-08-20 22:55 - 2011-11-12 18:48 - 00698146 _____ C:\Windows\system32\perfh015.dat 2013-08-20 22:55 - 2011-11-12 18:48 - 00135224 _____ C:\Windows\system32\perfc015.dat 2013-08-20 22:55 - 2009-07-14 07:13 - 01549932 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-20 20:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-20 19:20 - 2011-10-11 14:21 - 00000000 ____D C:\ProgramData\Norton 2013-08-20 19:20 - 2010-11-21 05:47 - 00482842 _____ C:\Windows\PFRO.log 2013-08-18 22:27 - 2012-11-23 19:12 - 00000000 ____D C:\Users\KASIA\AppData\Roaming\Winamp 2013-08-18 22:25 - 2012-10-04 22:51 - 00000000 ____D C:\Users\KASIA\AppData\Roaming\vlc 2013-08-18 22:02 - 2013-06-04 21:23 - 00000000 ____D C:\Users\KASIA\Desktop\PRACA MAGISTERSKA 2013-08-17 16:33 - 2012-04-17 00:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-17 03:25 - 2013-08-17 03:25 - 00003352 ____N C:\bootsqm.dat 2013-08-17 03:10 - 2012-04-17 01:33 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-16 14:09 - 2013-08-16 14:09 - 00000000 ____D C:\Program Files (x86)\Aurora 2013-08-15 11:47 - 2013-06-08 01:35 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-08-15 11:47 - 2013-06-03 19:30 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-15 11:22 - 2013-02-07 15:35 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 19:21 - 2012-10-04 14:41 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-08-14 19:21 - 2012-10-04 14:41 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-08-13 19:14 - 2013-08-13 19:12 - 00000000 ____D C:\Users\KASIA\Desktop\Nowy folder (3) 2013-08-09 11:48 - 2012-08-26 22:17 - 01597952 ___SH C:\Users\KASIA\Desktop\Thumbs.db 2013-08-06 02:22 - 2013-08-06 02:14 - 49180547 _____ C:\Users\KASIA\Desktop\Mel B 10 minutowy trening brzucha.flv 2013-08-06 01:43 - 2013-08-06 01:40 - 27681507 _____ C:\Users\KASIA\Desktop\Mel B - Rozgrzewka 5 min.flv 2013-08-06 00:42 - 2013-08-06 00:34 - 82238487 _____ C:\Users\KASIA\Desktop\10 min Booty Shaking Waist Workout- Lose inches off your waist by shaking your hips!.flv 2013-07-31 23:21 - 2012-11-07 15:01 - 00000000 ___HD C:\Users\KASIA\Desktop\.picasaoriginals 2013-07-30 17:49 - 2013-07-30 17:49 - 00000000 ____D C:\Users\KASIA\AppData\Local\Nero_AG 2013-07-26 16:16 - 2013-07-25 12:52 - 00000000 ____D C:\Users\KASIA\Desktop\allegro 2013-07-26 15:34 - 2012-08-05 20:24 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-07-26 07:13 - 2013-08-17 03:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 07:13 - 2013-08-17 03:01 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 07:13 - 2013-08-17 03:01 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 07:12 - 2013-08-17 03:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 07:12 - 2013-08-17 03:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 07:12 - 2013-08-17 03:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 07:12 - 2013-08-17 03:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 07:12 - 2013-08-17 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-26 07:12 - 2013-08-17 03:01 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 07:12 - 2013-08-17 03:01 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 07:12 - 2013-08-17 03:01 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 07:12 - 2013-08-17 03:01 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 07:12 - 2013-08-17 03:01 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 07:12 - 2013-08-17 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 05:35 - 2013-08-17 03:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-26 05:13 - 2013-08-17 03:01 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-26 05:13 - 2013-08-17 03:01 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-26 05:12 - 2013-08-17 03:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-26 05:12 - 2013-08-17 03:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-26 05:12 - 2013-08-17 03:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-26 05:12 - 2013-08-17 03:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-26 05:12 - 2013-08-17 03:01 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-26 05:12 - 2013-08-17 03:01 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-26 05:12 - 2013-08-17 03:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-26 05:12 - 2013-08-17 03:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-26 05:12 - 2013-08-17 03:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-26 05:11 - 2013-08-17 03:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-26 05:11 - 2013-08-17 03:01 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-26 04:49 - 2013-08-17 03:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-26 04:39 - 2013-08-17 03:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-26 03:59 - 2013-08-17 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 11:25 - 2013-08-14 13:08 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 10:57 - 2013-08-14 13:08 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-24 23:00 - 2013-07-24 23:00 - 84155665 _____ C:\Users\KASIA\Downloads\Fwd__Fwd__WARIATKI_p.zip ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-16 17:03 ==================== End Of Log ============================