Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01 Ran by Ewelina (administrator) on LENOVO on 10-09-2013 23:09:35 Running from C:\Windows\System32\config\systemprofile\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (HideMyIP) C:\Program Files\Hide My IP\HideMyIpSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (Microsoft Corporation) C:\windows\system32\wuauclt.exe (Google Inc.) C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\windows\system32\config\systemprofile\Downloads\OTL.exe (Google Inc.) C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [251248 2010-08-18] (Alps Electric Co., Ltd.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2314416 2013-08-19] () HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2009-10-14] (Lenovo) HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM\...\Run: [snp2uvc] - C:\windows\vsnp2uvc.exe HKLM\...\Run: [PLFSetL] - C:\windows\PLFSetL.exe HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [mcagent_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4081480 2009-07-15] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520 2009-06-25] (Lenovo (Beijing) Limited) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\RunOnce: [*Restore] - C:\windows\System32\rstrui.exe /runonce [262656 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1242448 2011-08-03] (Valve Corporation) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17706088 2013-02-07] (Skype Technologies S.A.) HKCU\...\Run: [IPLA!] - C:\Program Files\ipla\ipla.exe [17438712 2010-09-17] (Redefine Sp z o.o.) HKCU\...\Run: [Google Update] - C:\Users\Ewelina\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-17] (Google Inc.) HKCU\...\Run: [Gadu-Gadu 10] - C:\Program Files\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT834251 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT834251 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: kz1.pl Toolbar - {72651b27-9647-48d5-b878-8a5a2f280d11} - C:\Program Files\kz1.pl\tbkz1..dll (Conduit Ltd.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Interest recogniser for Moovida (powered by Spointer) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll (Moovida) BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - kz1.pl Toolbar - {72651b27-9647-48d5-b878-8a5a2f280d11} - C:\Program Files\kz1.pl\tbkz1..dll (Conduit Ltd.) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Winsock: Catalog9 01 C:\windows\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.) Winsock: Catalog9 02 C:\windows\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.) Winsock: Catalog9 03 C:\windows\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.) Winsock: Catalog9 04 C:\windows\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.) Winsock: Catalog9 16 C:\windows\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Extension: (Docs) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (Offerbox) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2468.30_0 CHR Extension: (YouTube) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (AVG Secure Search) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0 CHR Extension: (Chrome In-App Payments service) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\windows\system32\config\SYSTEM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [bjeikeheijdjdfjbmknpefojickbkmom] - C:\Program Files\OfferBox\OfferBoxChromeExtension.crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx CHR StartMenuInternet: Google Chrome - C:\Users\Ewelina\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-07-01] (Broadcom Corporation.) R3 HideMyIpSRV; C:\Program Files\Hide My IP\HideMyIpSrv.exe [3039536 2010-07-06] (HideMyIP) R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [414984 2009-07-28] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [472328 2009-07-28] (Lenovo Group Limited) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S3 PSPRSERV; C:\Program Files\ElcomSoft\Proactive System Password Recovery\psprserv.exe [69632 2009-05-19] (ElcomSoft Co. Ltd.) S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) R2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-19] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation) R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-08-19] (AVG Technologies) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2009-10-14] () S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [51872 2009-09-18] (Siano) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] () R1 vmm; C:\windows\system32\Drivers\vmm.sys [230248 2011-07-19] (Microsoft Corporation) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) S3 massfilter; system32\drivers\massfilter.sys [x] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-10 23:09 - 2013-09-10 23:09 - 00000000 ____D C:\FRST 2013-09-10 23:06 - 2013-09-10 23:06 - 00602112 _____ (OldTimer Tools) C:\windows\system32\config\systemprofile\Downloads\OTL.exe 2013-09-10 22:24 - 2013-09-10 22:49 - 00000089 _____ C:\AtmApInit.txt 2013-09-10 22:24 - 2013-09-10 22:24 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2013-09-10 22:22 - 2013-09-10 22:22 - 00004666 _____ C:\windows\system32\config\systemprofile\Desktop\reg.reg 2013-09-10 21:47 - 2013-09-10 21:47 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Local\ArcSoft 2013-09-10 21:46 - 2013-09-10 22:57 - 00000000 ____D C:\windows\system32\cache 2013-09-10 21:46 - 2013-09-10 21:47 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\ArcSoft 2013-09-10 21:46 - 2013-09-10 21:46 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Local\AVG Secure Search 2013-09-10 21:45 - 2013-09-10 21:45 - 00001433 _____ C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-10 21:45 - 2013-09-10 21:45 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-09-10 21:45 - 2013-09-10 21:45 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\Adobe 2013-08-19 19:59 - 2013-08-19 20:01 - 00000000 ____D C:\windows\system32\MRT 2013-08-19 19:51 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-08-19 19:51 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-08-19 19:51 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-08-19 19:51 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-08-19 19:51 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-08-19 19:51 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-08-19 19:51 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-08-19 19:51 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-08-19 19:51 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-08-19 18:51 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2013-08-19 18:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-08-19 18:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2013-08-19 18:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2013-08-19 18:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-08-19 18:50 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-08-19 18:50 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2013-08-19 18:50 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-08-19 18:50 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2013-08-19 18:50 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll 2013-08-19 18:50 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-08-19 18:50 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-09-10 23:09 - 2013-09-10 23:09 - 01082349 _____ (Farbar) C:\windows\system32\config\systemprofile\Downloads\FRST.exe 2013-09-10 23:09 - 2013-09-10 23:09 - 00000000 ____D C:\FRST 2013-09-10 23:06 - 2013-09-10 23:06 - 00602112 _____ (OldTimer Tools) C:\windows\system32\config\systemprofile\Downloads\OTL.exe 2013-09-10 23:06 - 2009-10-14 19:19 - 01204722 _____ C:\windows\WindowsUpdate.log 2013-09-10 23:06 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-10 23:06 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-10 23:00 - 2009-10-14 19:24 - 08489735 _____ C:\FaceProv.log 2013-09-10 22:59 - 2013-06-08 19:40 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-09-10 22:59 - 2013-05-31 20:57 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-09-10 22:59 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-10 22:59 - 2009-07-14 06:39 - 00187042 _____ C:\windows\setupact.log 2013-09-10 22:58 - 2012-09-20 00:07 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2013-09-10 22:58 - 2012-09-20 00:07 - 00000000 ____D C:\Program Files\AVG Secure Search 2013-09-10 22:57 - 2013-09-10 21:46 - 00000000 ____D C:\windows\system32\cache 2013-09-10 22:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\pl-PL 2013-09-10 22:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache 2013-09-10 22:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration 2013-09-10 22:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\AppCompat 2013-09-10 22:57 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-10 22:49 - 2013-09-10 22:24 - 00000089 _____ C:\AtmApInit.txt 2013-09-10 22:45 - 2013-03-05 20:56 - 00000930 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-10 22:37 - 2012-03-12 16:32 - 00000404 _____ C:\windows\BRWMARK.INI 2013-09-10 22:33 - 2011-12-17 19:21 - 00001066 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3285475407-608523840-4195443431-1003UA.job 2013-09-10 22:26 - 2009-09-15 20:15 - 00000270 _____ C:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job 2013-09-10 22:24 - 2013-09-10 22:24 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2013-09-10 22:22 - 2013-09-10 22:22 - 00004666 _____ C:\windows\system32\config\systemprofile\Desktop\reg.reg 2013-09-10 21:52 - 2010-05-28 19:47 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Local\Google 2013-09-10 21:48 - 2011-01-29 17:34 - 00000000 ____D C:\windows\pss 2013-09-10 21:47 - 2013-09-10 21:47 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Local\ArcSoft 2013-09-10 21:47 - 2013-09-10 21:46 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\ArcSoft 2013-09-10 21:46 - 2013-09-10 21:46 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Local\AVG Secure Search 2013-09-10 21:45 - 2013-09-10 21:45 - 00001433 _____ C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-10 21:45 - 2013-09-10 21:45 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-09-10 21:45 - 2013-09-10 21:45 - 00000000 ____D C:\windows\system32\config\systemprofile\AppData\Roaming\Adobe 2013-09-10 21:45 - 2013-03-14 21:45 - 09430408 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2013-09-10 21:45 - 2013-03-05 20:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-09-10 21:45 - 2013-03-05 20:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-07 22:56 - 2009-07-14 06:53 - 00032608 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-08-27 21:33 - 2011-12-17 19:21 - 00001014 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3285475407-608523840-4195443431-1003Core.job 2013-08-25 22:30 - 2009-09-16 03:37 - 00790596 _____ C:\windows\system32\perfh015.dat 2013-08-25 22:30 - 2009-09-16 03:37 - 00175014 _____ C:\windows\system32\perfc015.dat 2013-08-25 22:30 - 2009-09-15 20:04 - 01805870 _____ C:\windows\system32\PerfStringBackup.INI 2013-08-25 21:09 - 2009-07-29 11:27 - 67104768 _____ C:\windows\system32\config\RegBack\SOFTWARE 2013-08-25 21:09 - 2009-07-29 11:27 - 22364160 _____ C:\windows\system32\config\RegBack\SYSTEM 2013-08-25 21:09 - 2009-07-29 11:27 - 01654784 _____ C:\windows\system32\config\RegBack\DEFAULT 2013-08-25 21:09 - 2009-07-29 11:27 - 00036864 _____ C:\windows\system32\config\RegBack\SECURITY 2013-08-25 21:09 - 2009-07-29 11:27 - 00028672 _____ C:\windows\system32\config\RegBack\SAM 2013-08-25 20:34 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-08-22 20:29 - 2009-07-14 04:37 - 00000000 ____D C:\windows\LiveKernelReports 2013-08-19 20:01 - 2013-08-19 19:59 - 00000000 ____D C:\windows\system32\MRT 2013-08-19 19:59 - 2012-02-07 14:27 - 75778376 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-08-19 18:36 - 2012-09-20 00:07 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-25 21:09 ==================== End Of Log ============================