Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by Rodzice (ATTENTION: The logged in user is not administrator) on DONIO-KOMPUTER on 04-11-2013 21:38:44 Running from C:\Users\Rodzice\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Users\Rodzice\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKCU\...\Run: [Steam] - D:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation) HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKCU\...\Run: [FLV Player] - C:\Users\Rodzice\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] () HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) AppInit_DLLs-x32: c:\progra~3\browse~2\261519~1.190\{c16c1~1\browse~1.dll [ ] () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=3220&bs=true&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=3220&bs=true&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=3220&bs=true&q= URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 SearchScopes: HKCU - {1D3018DB-1296-4466-AEAE-BB8AEA29FAEC} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=0FD70E88-D92C-4AF2-8EC0-57919316BC15&apn_sauid=C2CD65D7-2513-401A-90D7-D424ED6F2D98 SearchScopes: HKCU - {A0557002-C60D-4A91-BF2C-727C03BB9E54} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=0FD70E88-D92C-4AF2-8EC0-57919316BC15&apn_sauid=C2CD65D7-2513-401A-90D7-D424ED6F2D98 SearchScopes: HKCU - {EB397B5B-FB59-4419-81FE-8952FE3301B2} URL = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=b8bdd4ad000000000000001bb1d0dd02&q={searchTerms}&r=747 BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Blekko Search Bar Helper Object - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll (Montera Technologeis LTD) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Blekko Search Bar Toolbar - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll (Montera Technologeis LTD) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Ask.com) - http://dts.search.ask.com/sr?src=crb&gct=ds&appid=102&systemid=473&v=n9397-124&apn_uid=4444574522754435&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} CHR DefaultSuggestURL: (Ask.com) - "suggest_url": "", CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (BrowserProtect) - C:\Users\Rodzice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Wallet) - C:\Users\Rodzice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Donio\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Donio\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Donio\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM-x32\...\Chrome\Extension: [ofaekbahncacnjgelnfjcjoelcglkhkj] - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\spamfreesearch.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [126904 2010-05-23] (Symantec Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-04 21:38 - 2013-11-04 21:38 - 00000000 ____D C:\FRST 2013-11-04 21:37 - 2013-11-04 21:38 - 01957098 _____ (Farbar) C:\Users\Rodzice\Downloads\FRST64.exe 2013-11-04 21:36 - 2013-11-04 21:36 - 01089445 _____ (Farbar) C:\Users\Rodzice\Downloads\FRST.exe 2013-11-04 21:29 - 2013-11-04 21:30 - 00000000 ____D C:\AdwCleaner 2013-11-04 21:28 - 2013-11-04 21:28 - 00093802 _____ C:\Users\Rodzice\Downloads\OTL.Txt 2013-11-04 21:12 - 2013-11-04 21:12 - 01073258 _____ C:\Users\Rodzice\Downloads\adwcleaner.exe 2013-11-04 21:07 - 2013-11-04 21:07 - 00000000 ____D C:\_OTL 2013-10-31 12:28 - 2013-10-31 12:28 - 00000149 _____ C:\Users\Rodzice\Desktop\aa.txt 2013-10-31 12:09 - 2013-10-31 12:14 - 00000038 _____ C:\Users\Rodzice\Desktop\st.txt 2013-10-30 15:55 - 2013-10-30 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\Rodzice\Downloads\OTL.exe 2013-10-28 19:04 - 2013-10-29 07:26 - 00001421 _____ C:\Users\Donio\Desktop\asiasa.txt 2013-10-28 16:22 - 2013-10-28 16:22 - 00002141 _____ C:\Users\Donio\Desktop\FLV Player.lnk 2013-10-28 16:22 - 2013-10-28 16:22 - 00002112 _____ C:\Users\Donio\Desktop\AppsHat.lnk 2013-10-28 16:22 - 2013-10-28 16:22 - 00000000 ____D C:\Program Files (x86)\Minibar 2013-10-23 19:55 - 2013-10-23 20:01 - 00002228 _____ C:\Users\Donio\Desktop\blablabla.txt 2013-10-13 18:38 - 2013-11-04 21:31 - 00004200 _____ C:\Windows\setupact.log 2013-10-13 18:38 - 2013-10-14 08:32 - 00032052 _____ C:\Windows\PFRO.log 2013-10-13 18:30 - 2013-10-13 18:39 - 00012504 _____ C:\Windows\wininit.ini 2013-10-13 17:20 - 2013-10-13 17:21 - 00000000 ____D C:\Users\Donio\Desktop\notatniki 2013-10-09 15:31 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 15:31 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 15:31 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 15:31 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 15:31 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 15:31 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 15:31 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 15:31 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 15:31 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 15:31 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 15:31 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 15:31 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 14:35 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 14:35 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 14:35 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 14:35 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 14:35 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 14:35 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 14:35 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 14:35 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 14:35 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 14:35 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 14:35 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 14:35 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 14:30 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 14:30 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 14:30 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 14:30 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 14:30 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 14:30 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 14:30 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 14:30 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 14:30 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 14:30 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 14:30 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 14:30 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 14:30 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 14:30 - 2013-08-29 02:50 - 00078848 _____ C:\Users\Donio\AppData\Roaming\Other.res 2013-10-09 14:30 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 14:30 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 14:30 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 14:30 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 14:30 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 14:30 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 14:30 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 14:30 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-09 14:30 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-09 14:30 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 14:30 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 14:30 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 14:30 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 14:30 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 14:30 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-09 14:30 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 14:30 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 14:29 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 14:29 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 14:29 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 14:29 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 14:29 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 14:29 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-09 14:29 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 14:29 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 14:29 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 14:29 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 14:29 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ==================== One Month Modified Files and Folders ======= 2013-11-04 21:39 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-04 21:39 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-04 21:38 - 2013-11-04 21:38 - 00000000 ____D C:\FRST 2013-11-04 21:38 - 2013-11-04 21:37 - 01957098 _____ (Farbar) C:\Users\Rodzice\Downloads\FRST64.exe 2013-11-04 21:36 - 2013-11-04 21:36 - 01089445 _____ (Farbar) C:\Users\Rodzice\Downloads\FRST.exe 2013-11-04 21:35 - 2010-08-27 16:06 - 01097219 _____ C:\Windows\WindowsUpdate.log 2013-11-04 21:32 - 2012-12-28 15:09 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-04 21:31 - 2013-10-13 18:38 - 00004200 _____ C:\Windows\setupact.log 2013-11-04 21:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-04 21:30 - 2013-11-04 21:29 - 00000000 ____D C:\AdwCleaner 2013-11-04 21:28 - 2013-11-04 21:28 - 00093802 _____ C:\Users\Rodzice\Downloads\OTL.Txt 2013-11-04 21:12 - 2013-11-04 21:12 - 01073258 _____ C:\Users\Rodzice\Downloads\adwcleaner.exe 2013-11-04 21:07 - 2013-11-04 21:07 - 00000000 ____D C:\_OTL 2013-11-04 21:07 - 2013-01-28 17:51 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-04 21:07 - 2012-12-28 15:09 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-04 19:54 - 2012-12-28 14:44 - 00000000 ____D C:\ProgramData\MFAData 2013-10-31 12:28 - 2013-10-31 12:28 - 00000149 _____ C:\Users\Rodzice\Desktop\aa.txt 2013-10-31 12:14 - 2013-10-31 12:09 - 00000038 _____ C:\Users\Rodzice\Desktop\st.txt 2013-10-30 15:55 - 2013-10-30 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\Rodzice\Downloads\OTL.exe 2013-10-29 15:21 - 2010-08-27 05:19 - 00698598 _____ C:\Windows\system32\perfh015.dat 2013-10-29 15:21 - 2010-08-27 05:19 - 00135418 _____ C:\Windows\system32\perfc015.dat 2013-10-29 15:21 - 2009-07-14 06:13 - 01551484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-29 15:18 - 2012-12-28 18:50 - 00000000 ___RD C:\Users\Donio\Desktop\  2013-10-29 07:26 - 2013-10-28 19:04 - 00001421 _____ C:\Users\Donio\Desktop\asiasa.txt 2013-10-29 07:25 - 2012-12-28 22:33 - 00000000 ____D C:\Users\Donio\AppData\Roaming\Skype 2013-10-28 16:22 - 2013-10-28 16:22 - 00002141 _____ C:\Users\Donio\Desktop\FLV Player.lnk 2013-10-28 16:22 - 2013-10-28 16:22 - 00002112 _____ C:\Users\Donio\Desktop\AppsHat.lnk 2013-10-28 16:22 - 2013-10-28 16:22 - 00000000 ____D C:\Program Files (x86)\Minibar 2013-10-27 08:52 - 2013-03-27 21:43 - 00002037 _____ C:\Users\Donio\Desktop\sts.txt 2013-10-26 07:01 - 2013-09-01 18:29 - 00000000 ____D C:\Users\Rodzice\AppData\Local\WebPlayer 2013-10-23 20:01 - 2013-10-23 19:55 - 00002228 _____ C:\Users\Donio\Desktop\blablabla.txt 2013-10-23 12:15 - 2012-12-28 15:02 - 00000995 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-10-21 08:36 - 2013-01-03 20:12 - 00000000 ____D C:\Users\Donio\AppData\Roaming\SoftGrid Client 2013-10-20 10:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-20 08:38 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-14 08:32 - 2013-10-13 18:38 - 00032052 _____ C:\Windows\PFRO.log 2013-10-13 18:39 - 2013-10-13 18:30 - 00012504 _____ C:\Windows\wininit.ini 2013-10-13 17:34 - 2013-01-21 10:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-10-13 17:21 - 2013-10-13 17:20 - 00000000 ____D C:\Users\Donio\Desktop\notatniki 2013-10-13 17:21 - 2013-06-05 13:37 - 00000000 ____D C:\Users\Donio\Desktop\word 2013-10-13 17:21 - 2012-12-29 22:49 - 00000000 ____D C:\Users\Donio\Desktop\Muzyka 2013-10-09 20:19 - 2009-07-14 05:45 - 00277624 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 20:14 - 2013-03-13 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 20:14 - 2013-03-13 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 15:24 - 2013-08-14 23:24 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 15:22 - 2013-02-09 00:38 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-08 18:11 - 2013-01-28 17:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 18:11 - 2013-01-28 17:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Donio\AppData\Local\Temp\appshat-distribution.exe C:\Users\Donio\AppData\Local\Temp\FLVPlayerSetup.exe C:\Users\Donio\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Donio\AppData\Local\Temp\ugoOrrf.exe C:\Users\Donio\AppData\Local\Temp\ugoOrrf0.exe C:\Users\Rodzice\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================