Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by czeslaw (administrator) on CZESLAW-CZESLAW on 05-09-2013 20:52:18
Running from C:\Users\czeslaw\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Huawei Technologies Co., Ltd.) C:\Users\czeslaw\AppData\Roaming\blueconnect\ouc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\blueconnect\DataCardMonitor.exe
(France Telecom SA) C:\Program Files (x86)\CardDetector\ICON225\CardDetector.exe
() C:\Program Files (x86)\blueconnect\blueconnect.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [HW_OPENEYE_OUC_blueconnect] - C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\blueconnect\DataCardMonitor.exe [253952 2013-07-31] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [CardDetectorICON225] - C:\Program Files (x86)\CardDetector\ICON225\CardDetector.exe [278528 2007-11-14] (France Telecom SA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3165470
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3165470
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=f24f50bf000000000000000000000000
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3165470
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEfAv2Fu&i=26
SearchScopes: HKCU - {FFAD278E-9B25-4ED8-BFEC-119F86328A21} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=ECAD12BB-3092-48BA-9591-469F1240C97A&apn_sauid=BDB6C465-56C9-463E-93E9-98084B7D2387
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - !{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} -  No File
Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5C1D3A12-997D-4A5C-BE3B-5D3B3D764F69}: [NameServer]213.158.199.1 213.158.199.5

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\czeslaw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\czeslaw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\czeslaw\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox

Chrome: 
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: "hxxp://www.google.pl/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (CTB Dynamic Link Library) - C:\Users\czeslaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbgdmijgopggjaelphhajpjldacbnba\1.0_0\ctb.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\czeslaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\npbrowserext.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Users\czeslaw\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Unity Player) - C:\Users\czeslaw\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\czeslaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ihaodecdfeodbhdnhenaaamgpkfemdno] - C:\Users\czeslaw\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\czeslaw\AppData\Local\Temp\ccex.crx
CHR StartMenuInternet: Google Chrome - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-04] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-04] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 20:52 - 2013-09-05 20:52 - 00000000 ____D C:\FRST
2013-09-05 20:51 - 2013-09-05 20:51 - 01947160 _____ (Farbar) C:\Users\czeslaw\Downloads\FRST64.exe
2013-09-05 20:51 - 2013-09-05 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\czeslaw\Downloads\OTL (1).exe
2013-09-02 21:53 - 2013-09-02 21:53 - 00023226 _____ C:\ComboFix.txt
2013-09-02 21:44 - 2013-09-05 18:08 - 00002922 _____ C:\Windows\setupact.log
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 21:43 - 2013-09-02 21:43 - 00004608 _____ C:\Windows\PFRO.log
2013-09-02 21:25 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-02 21:25 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-02 21:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-02 21:24 - 2013-09-02 21:53 - 00000000 ____D C:\Qoobox
2013-09-02 21:22 - 2013-09-02 21:48 - 00000000 ____D C:\Windows\erdnt
2013-09-02 20:59 - 2013-09-02 20:59 - 00046112 _____ C:\Users\czeslaw\Downloads\Extras.Txt
2013-09-02 20:57 - 2013-09-02 21:21 - 00095848 _____ C:\Users\czeslaw\Downloads\OTL.Txt
2013-09-02 20:42 - 2013-09-02 20:43 - 05119472 ____R (Swearware) C:\Users\czeslaw\Downloads\ComboFix.exe
2013-09-02 20:40 - 2013-09-02 20:40 - 00602112 _____ (OldTimer Tools) C:\Users\czeslaw\Downloads\OTL.exe
2013-09-02 00:00 - 2010-04-09 15:24 - 00079360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-09-02 00:00 - 2010-04-09 15:24 - 00076288 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-02 00:00 - 2010-04-09 15:24 - 00049664 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-09-02 00:00 - 2010-04-09 15:24 - 00027136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-09-02 00:00 - 2010-04-07 17:05 - 00250368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-02 00:00 - 2010-03-25 10:08 - 00120704 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-02 00:00 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-02 00:00 - 2010-03-20 11:56 - 00114560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-02 00:00 - 2010-03-17 14:34 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-09-02 00:00 - 2010-01-18 18:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-08-14 23:59 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:59 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:59 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:59 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:59 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:59 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:59 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:59 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:59 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:59 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:59 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:59 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 23:58 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:49 - 2013-08-14 23:51 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:21 - 2013-08-14 23:21 - 00004544 _____ C:\Users\czeslaw\Desktop\Nowy dokument dziennika.jnt
2013-08-14 22:54 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 22:54 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 22:54 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 22:54 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 22:54 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 22:54 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 22:54 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 22:54 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 22:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 22:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 22:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 22:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 22:52 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 22:52 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 22:52 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 22:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 22:52 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 22:52 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 22:52 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 22:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 22:52 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 22:52 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 22:52 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 22:52 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 22:52 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 22:52 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 22:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 19:34 - 2013-08-11 19:34 - 00000000 ____D C:\ProgramData\McAfee
2013-08-11 19:31 - 2013-08-11 19:45 - 00000000 ____D C:\Users\czeslaw\AppData\Local\Adobe
2013-08-09 18:06 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-09 18:06 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-09 18:06 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-09 18:05 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-09 18:05 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2013-09-05 20:52 - 2013-09-05 20:52 - 00000000 ____D C:\FRST
2013-09-05 20:51 - 2013-09-05 20:51 - 01947160 _____ (Farbar) C:\Users\czeslaw\Downloads\FRST64.exe
2013-09-05 20:51 - 2013-09-05 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\czeslaw\Downloads\OTL (1).exe
2013-09-05 20:49 - 2012-04-15 14:19 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F375A207-D2D2-4097-A38F-402D8720D5B2}
2013-09-05 20:15 - 2013-05-26 07:09 - 01340916 _____ C:\Windows\WindowsUpdate.log
2013-09-05 20:15 - 2011-10-16 19:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632740816-278780761-606621841-1000UA.job
2013-09-05 20:15 - 2011-10-13 22:27 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 20:09 - 2012-08-18 10:48 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 19:54 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 19:54 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 18:11 - 2013-07-03 22:47 - 00000000 ____D C:\Program Files (x86)\CardDetector
2013-09-05 18:08 - 2013-09-02 21:44 - 00002922 _____ C:\Windows\setupact.log
2013-09-05 18:08 - 2011-10-13 22:27 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 18:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 22:10 - 2009-10-25 05:01 - 00698146 _____ C:\Windows\system32\perfh015.dat
2013-09-02 22:10 - 2009-10-25 05:01 - 00135224 _____ C:\Windows\system32\perfc015.dat
2013-09-02 22:10 - 2009-07-14 07:13 - 01549932 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 21:53 - 2013-09-02 21:53 - 00023226 _____ C:\ComboFix.txt
2013-09-02 21:53 - 2013-09-02 21:24 - 00000000 ____D C:\Qoobox
2013-09-02 21:48 - 2013-09-02 21:22 - 00000000 ____D C:\Windows\erdnt
2013-09-02 21:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 21:43 - 2013-09-02 21:43 - 00004608 _____ C:\Windows\PFRO.log
2013-09-02 21:43 - 2009-07-14 04:34 - 55836672 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-02 21:21 - 2013-09-02 20:57 - 00095848 _____ C:\Users\czeslaw\Downloads\OTL.Txt
2013-09-02 20:59 - 2013-09-02 20:59 - 00046112 _____ C:\Users\czeslaw\Downloads\Extras.Txt
2013-09-02 20:54 - 2011-10-16 19:04 - 00001014 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632740816-278780761-606621841-1000Core.job
2013-09-02 20:43 - 2013-09-02 20:42 - 05119472 ____R (Swearware) C:\Users\czeslaw\Downloads\ComboFix.exe
2013-09-02 20:40 - 2013-09-02 20:40 - 00602112 _____ (OldTimer Tools) C:\Users\czeslaw\Downloads\OTL.exe
2013-09-02 19:54 - 2012-02-01 00:05 - 00000000 ____D C:\Program Files (x86)\BearShare Applications
2013-09-02 19:40 - 2012-01-31 23:49 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-09-02 19:37 - 2012-02-01 16:12 - 00000000 ____D C:\Users\czeslaw\AppData\Local\Conduit
2013-09-02 16:32 - 2013-04-01 21:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 22:19 - 2011-10-05 09:29 - 00000000 ____D C:\Windows\Panther
2013-09-01 22:02 - 2012-07-10 13:22 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-08-30 19:21 - 2013-04-02 09:39 - 00002381 _____ C:\Users\czeslaw\Desktop\Google Chrome.lnk
2013-08-30 19:05 - 2012-07-11 19:00 - 00006276 _____ C:\Windows\SysWOW64\AppLog.log
2013-08-23 17:01 - 2012-08-18 10:48 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-23 17:00 - 2012-08-18 10:48 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 17:00 - 2011-10-13 22:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 11:09 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 23:51 - 2013-08-14 23:49 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:49 - 2011-11-06 12:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 23:21 - 2013-08-14 23:21 - 00004544 _____ C:\Users\czeslaw\Desktop\Nowy dokument dziennika.jnt
2013-08-11 19:45 - 2013-08-11 19:31 - 00000000 ____D C:\Users\czeslaw\AppData\Local\Adobe
2013-08-11 19:34 - 2013-08-11 19:34 - 00000000 ____D C:\ProgramData\McAfee
2013-08-11 19:24 - 2011-10-13 22:27 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 19:24 - 2009-07-14 06:45 - 00276200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 19:22 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-11 19:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-11 19:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

Files to move or delete:
====================
C:\Users\czeslaw\AppData\Local\Temp\KIT7915.tmp\ModemDeviceSetup.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT7915.tmp\Splash\Splash.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT1BE8.tmp\ModemDeviceSetup.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT1BE8.tmp\Splash\Splash.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-20 18:34

==================== End Of Log ============================