Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by PC (administrator) on PC-KOMPUTER on 16-02-2014 13:14:26 Running from C:\Users\PC\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe () C:\Windows\system32\LF2GRPOW.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe () C:\Program Files\Xerox Companion Suite\MFFSUM.exe () C:\Program Files\Xerox Companion Suite\MFPrintServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (SmartCom) C:\Program Files\Nokia\Nokia Internet Modem\Wellphone2.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE () C:\Program Files\Xerox Companion Suite\MFServices.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe () C:\Windows\system32\FUSServices.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [MFFSum_Pro_LL2] - C:\Program Files\Xerox Companion Suite\MFFSUM.exe [24576 2010-02-11] () HKLM\...\Run: [MFPrintServer_Pro_LL2] - C:\Program Files\Xerox Companion Suite\MFPrintServer.exe [73728 2010-02-11] () HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [QLBController] - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-10] () HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKU\S-1-5-21-2651684462-118563411-3218343359-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\PC\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-2651684462-118563411-3218343359-1000\...\Run: [Nokia Internet Modem] - C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe [1962648 2009-12-17] (SmartCom) HKU\S-1-5-21-2651684462-118563411-3218343359-1000\...\MountPoints2: {1887e4ed-7c69-11e3-aff7-70f395d7878a} - F:\application\Setup.exe Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1391374155&from=slbnew&uid=HitachiXHTS545032B9A300_101008PBN301GTDT9PJRX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1391374155&from=slbnew&uid=HitachiXHTS545032B9A300_101008PBN301GTDT9PJRX&q={searchTerms} SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\PC\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (PDFConverter) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adiaegkmooohhhmimihafeccofkhbgpa [2014-02-01] CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-01] CHR Extension: (Dysk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-01] CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-01] CHR Extension: (Szukaj w Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-01] CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-19] CHR Extension: (saver boX) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc [2014-01-25] CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01] CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-01] CHR Extension: (topdoeal) - C:\ProgramData\aommikdlfdcfodikahalfbeenlooaaip [2014-01-25] CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\PC\AppData\Local\foxtab_speeddial.crx [2013-11-03] CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\PC\AppData\Local\foxtab_speeddial.crx [2013-11-03] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 FUSServices; C:\Windows\system32\FUSServices.exe [10752 2010-02-11] () R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain S2 Update Cling Clang; "C:\Program Files\Cling Clang\updateClingClang.exe" [X] S2 Update DiVapton; "C:\Program Files\DiVapton\updateDiVapton.exe" [X] S2 Update GrabRez; "C:\Program Files\GrabRez\updateGrabRez.exe" [X] S2 Util DiVapton; "C:\Program Files\DiVapton\bin\utilDiVapton.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-01] (AVG Technologies) S3 FaxLffv2; C:\Windows\System32\Drivers\FaxLffv2.sys [18944 2008-06-18] (OEM) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 nokiacpo; C:\Windows\System32\DRIVERS\nokiacpo.sys [19968 2009-08-05] (Icera Inc.) S3 nokiappo; C:\Windows\System32\DRIVERS\nokiappo.sys [27648 2009-08-05] (Icera Inc.) S3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [33152 2010-01-29] (OEM) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 13:08 - 2014-02-16 13:14 - 00000000 ____D () C:\FRST 2014-02-16 13:08 - 2014-02-16 13:08 - 01141248 _____ (Farbar) C:\Users\PC\Downloads\FRST.exe 2014-02-16 13:04 - 2014-02-16 13:14 - 00022516 _____ () C:\Users\PC\Downloads\Addition.txt 2014-02-16 13:04 - 2014-02-16 13:14 - 00012767 _____ () C:\Users\PC\Downloads\FRST.txt 2014-02-16 12:59 - 2014-02-16 12:59 - 00050246 _____ () C:\Users\PC\Downloads\Extras.Txt 2014-02-16 12:57 - 2014-02-16 12:57 - 00079706 _____ () C:\Users\PC\Downloads\OTL.Txt 2014-02-16 12:47 - 2014-02-16 12:48 - 00602112 _____ (OldTimer Tools) C:\Users\PC\Downloads\OTL.exe 2014-02-16 12:20 - 2014-02-16 12:21 - 01166132 _____ () C:\Users\PC\Downloads\AdwCleaner (1).exe 2014-02-16 11:30 - 2014-02-16 11:30 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-16 11:30 - 2014-02-16 11:30 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Malwarebytes 2014-02-16 11:30 - 2014-02-16 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-16 11:30 - 2014-02-16 11:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-16 11:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-16 11:29 - 2014-02-16 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-16 00:08 - 2014-02-16 00:08 - 00000000 _____ () C:\Users\PC\Desktop\Nowy obraz mapy bitowej.bmp 2014-02-07 16:09 - 2014-02-07 16:09 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Apple Computer 2014-02-07 15:59 - 2014-02-07 16:05 - 00000000 ____D () C:\Program Files\Mobogenie 2014-02-07 15:57 - 2014-02-07 15:58 - 00000598 _____ () C:\Windows\system32\secushr.dat 2014-02-07 15:39 - 2014-02-07 15:56 - 00000000 ____D () C:\Users\PC\AppData\Roaming\BITS 2014-02-07 15:39 - 2014-02-07 15:39 - 00001209 _____ () C:\Users\PC\Desktop\FlashGet3.lnk 2014-02-07 15:39 - 2014-02-07 15:39 - 00000025 _____ () C:\Windows\emcore.INI 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\FlashGetBHO 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\FlashGet 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Program Files\FlashGet Network 2014-02-07 03:40 - 2014-02-07 03:40 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-07 03:39 - 2014-02-07 03:40 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-07 03:39 - 2014-02-07 03:39 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-07 03:38 - 2014-02-07 03:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-07 03:37 - 2014-02-07 03:37 - 00000000 ____D () C:\Users\PC\AppData\Local\Apple 2014-02-07 03:37 - 2014-02-07 03:37 - 00000000 ____D () C:\ProgramData\Apple 2014-02-07 03:37 - 2014-02-07 03:37 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-07 03:35 - 2014-02-07 03:36 - 41404760 _____ (Apple Inc.) C:\Users\PC\Downloads\QuickTimeInstaller.exe 2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\predm 2014-02-02 21:55 - 2014-02-02 22:14 - 00000000 ____D () C:\ProgramData\IePluginService 2014-02-02 21:55 - 2014-02-02 21:55 - 00000000 ____D () C:\Users\PC\AppData\Roaming\iSafe 2014-02-02 21:54 - 2014-02-02 22:11 - 00000000 ____D () C:\ProgramData\WPM 2014-02-02 21:54 - 2014-02-02 22:11 - 00000000 ____D () C:\Program Files\SupTab 2014-02-02 21:50 - 2014-02-02 21:55 - 00000000 ____D () C:\Users\PC\AppData\Roaming\nationzoom 2014-02-02 21:47 - 2014-02-02 21:47 - 00000087 _____ () C:\Users\PC\Desktop\PaperPort Standard.url 2014-02-02 21:28 - 2014-02-02 21:33 - 00000000 ____D () C:\Program Files\ABBYY FineReader 6.0 Sprint 2014-01-31 02:58 - 2014-02-01 12:57 - 00000000 ____D () C:\ProgramData\PDFConverter 2014-01-31 02:58 - 2014-01-31 02:58 - 00002454 __RSH () C:\ProgramData\ntuser.pol 2014-01-31 02:58 - 2014-01-31 02:58 - 00000000 ____D () C:\ProgramData\adiaegkmooohhhmimihafeccofkhbgpa 2014-01-26 17:00 - 2014-01-26 17:00 - 00000669 _____ () C:\Users\PC\Downloads\list-2a08d4-3.bin 2014-01-25 00:35 - 2014-01-31 02:58 - 00000000 ____D () C:\ProgramData\bc8653f6fd957a68 2014-01-25 00:35 - 2014-01-27 00:40 - 00000000 ____D () C:\ProgramData\topdoeal 2014-01-25 00:35 - 2014-01-27 00:40 - 00000000 ____D () C:\ProgramData\saver boX 2014-01-25 00:35 - 2014-01-25 00:35 - 00000000 ____D () C:\ProgramData\aommikdlfdcfodikahalfbeenlooaaip 2014-01-19 23:42 - 2014-01-19 23:42 - 00653824 _____ () C:\Users\PC\Downloads\7532.ppt ==================== One Month Modified Files and Folders ======= 2014-02-16 13:14 - 2014-02-16 13:08 - 00000000 ____D () C:\FRST 2014-02-16 13:14 - 2014-02-16 13:04 - 00022516 _____ () C:\Users\PC\Downloads\Addition.txt 2014-02-16 13:14 - 2014-02-16 13:04 - 00012767 _____ () C:\Users\PC\Downloads\FRST.txt 2014-02-16 13:08 - 2014-02-16 13:08 - 01141248 _____ (Farbar) C:\Users\PC\Downloads\FRST.exe 2014-02-16 12:59 - 2014-02-16 12:59 - 00050246 _____ () C:\Users\PC\Downloads\Extras.Txt 2014-02-16 12:58 - 2013-11-01 19:30 - 00001028 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-16 12:57 - 2014-02-16 12:57 - 00079706 _____ () C:\Users\PC\Downloads\OTL.Txt 2014-02-16 12:48 - 2014-02-16 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\PC\Downloads\OTL.exe 2014-02-16 12:36 - 2013-11-01 17:34 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-16 12:36 - 2009-07-14 09:07 - 00697912 _____ () C:\Windows\system32\perfh015.dat 2014-02-16 12:36 - 2009-07-14 09:07 - 00134990 _____ () C:\Windows\system32\perfc015.dat 2014-02-16 12:35 - 2013-11-01 17:27 - 01232828 _____ () C:\Windows\WindowsUpdate.log 2014-02-16 12:33 - 2014-01-02 20:53 - 00000000 ____D () C:\Users\PC\AppData\Roaming\newnext.me 2014-02-16 12:32 - 2013-11-01 19:30 - 00001024 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-16 12:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-16 12:31 - 2009-07-14 05:39 - 00031858 _____ () C:\Windows\setupact.log 2014-02-16 12:30 - 2013-11-19 23:15 - 00000000 ____D () C:\AdwCleaner 2014-02-16 12:21 - 2014-02-16 12:20 - 01166132 _____ () C:\Users\PC\Downloads\AdwCleaner (1).exe 2014-02-16 11:30 - 2014-02-16 11:30 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-16 11:30 - 2014-02-16 11:30 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Malwarebytes 2014-02-16 11:30 - 2014-02-16 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-16 11:30 - 2014-02-16 11:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-16 11:29 - 2014-02-16 11:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-16 11:13 - 2013-11-01 19:26 - 00164164 _____ () C:\Windows\PFRO.log 2014-02-16 11:07 - 2013-11-01 19:28 - 00109208 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-16 11:06 - 2009-07-14 05:33 - 00415688 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-16 10:33 - 2013-11-01 19:46 - 00000000 ____D () C:\ProgramData\MFAData 2014-02-16 00:08 - 2014-02-16 00:08 - 00000000 _____ () C:\Users\PC\Desktop\Nowy obraz mapy bitowej.bmp 2014-02-13 19:26 - 2009-07-14 05:34 - 00009936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-13 19:26 - 2009-07-14 05:34 - 00009936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-07 16:22 - 2014-02-07 16:22 - 00000000 ____D () C:\Users\PC\AppData\Roaming\MAXQDA10 2014-02-07 16:09 - 2014-02-07 16:09 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Apple Computer 2014-02-07 16:05 - 2014-02-07 15:59 - 00000000 ____D () C:\Program Files\Mobogenie 2014-02-07 16:05 - 2014-01-02 20:53 - 00000000 ____D () C:\Users\PC\AppData\Local\Mobogenie 2014-02-07 15:59 - 2014-01-02 20:53 - 00000000 ____D () C:\Users\PC\AppData\Local\genienext 2014-02-07 15:59 - 2014-01-02 20:53 - 00000000 ____D () C:\Users\PC\AppData\Local\cache 2014-02-07 15:58 - 2014-02-07 15:57 - 00000598 _____ () C:\Windows\system32\secushr.dat 2014-02-07 15:56 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\BITS 2014-02-07 15:39 - 2014-02-07 15:39 - 00001209 _____ () C:\Users\PC\Desktop\FlashGet3.lnk 2014-02-07 15:39 - 2014-02-07 15:39 - 00000025 _____ () C:\Windows\emcore.INI 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\FlashGetBHO 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Users\PC\AppData\Roaming\FlashGet 2014-02-07 15:39 - 2014-02-07 15:39 - 00000000 ____D () C:\Program Files\FlashGet Network 2014-02-07 03:40 - 2014-02-07 03:40 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-02-07 03:40 - 2014-02-07 03:39 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-07 03:39 - 2014-02-07 03:39 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-07 03:38 - 2014-02-07 03:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-07 03:37 - 2014-02-07 03:37 - 00000000 ____D () C:\Users\PC\AppData\Local\Apple 2014-02-07 03:37 - 2014-02-07 03:37 - 00000000 ____D () C:\ProgramData\Apple 2014-02-07 03:37 - 2014-02-07 03:37 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-07 03:36 - 2014-02-07 03:35 - 41404760 _____ (Apple Inc.) C:\Users\PC\Downloads\QuickTimeInstaller.exe 2014-02-02 22:14 - 2014-02-02 21:55 - 00000000 ____D () C:\ProgramData\IePluginService 2014-02-02 22:11 - 2014-02-02 21:54 - 00000000 ____D () C:\ProgramData\WPM 2014-02-02 22:11 - 2014-02-02 21:54 - 00000000 ____D () C:\Program Files\SupTab 2014-02-02 22:01 - 2014-02-02 22:01 - 00000000 ____D () C:\Program Files\predm 2014-02-02 21:55 - 2014-02-02 21:55 - 00000000 ____D () C:\Users\PC\AppData\Roaming\iSafe 2014-02-02 21:55 - 2014-02-02 21:50 - 00000000 ____D () C:\Users\PC\AppData\Roaming\nationzoom 2014-02-02 21:55 - 2013-11-01 19:33 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-02 21:55 - 2013-11-01 17:31 - 00001421 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-02 21:47 - 2014-02-02 21:47 - 00000087 _____ () C:\Users\PC\Desktop\PaperPort Standard.url 2014-02-02 21:33 - 2014-02-02 21:28 - 00000000 ____D () C:\Program Files\ABBYY FineReader 6.0 Sprint 2014-02-02 20:53 - 2013-11-02 00:47 - 00000000 ____D () C:\Users\PC\AppData\Local\Xerox Companion Suite 2014-02-02 17:39 - 2014-01-02 20:55 - 00000000 ____D () C:\Users\PC\AppData\Roaming\vlc 2014-02-01 13:19 - 2013-11-01 19:48 - 00000000 ____D () C:\ProgramData\AVG2014 2014-02-01 12:57 - 2014-01-31 02:58 - 00000000 ____D () C:\ProgramData\PDFConverter 2014-01-31 02:58 - 2014-01-31 02:58 - 00002454 __RSH () C:\ProgramData\ntuser.pol 2014-01-31 02:58 - 2014-01-31 02:58 - 00000000 ____D () C:\ProgramData\adiaegkmooohhhmimihafeccofkhbgpa 2014-01-31 02:58 - 2014-01-25 00:35 - 00000000 ____D () C:\ProgramData\bc8653f6fd957a68 2014-01-31 02:58 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-01-27 08:54 - 2014-01-26 16:45 - 06945528 _____ () C:\Users\PC\Desktop\Orenstein1.tif 2014-01-27 00:40 - 2014-01-25 00:35 - 00000000 ____D () C:\ProgramData\topdoeal 2014-01-27 00:40 - 2014-01-25 00:35 - 00000000 ____D () C:\ProgramData\saver boX 2014-01-26 17:00 - 2014-01-26 17:00 - 00000669 _____ () C:\Users\PC\Downloads\list-2a08d4-3.bin 2014-01-25 00:35 - 2014-01-25 00:35 - 00000000 ____D () C:\ProgramData\aommikdlfdcfodikahalfbeenlooaaip 2014-01-19 23:42 - 2014-01-19 23:42 - 00653824 _____ () C:\Users\PC\Downloads\7532.ppt Some content of TEMP: ==================== C:\Users\PC\AppData\Local\Temp\appshat-distribution.exe C:\Users\PC\AppData\Local\Temp\bitool.dll C:\Users\PC\AppData\Local\Temp\DiVapton_sm.exe C:\Users\PC\AppData\Local\Temp\dmcr.exe C:\Users\PC\AppData\Local\Temp\gtapi_signed.dll C:\Users\PC\AppData\Local\Temp\oi_{FFFCB11A-89B2-4DA1-AFC6-6596FEB57FC9}.exe C:\Users\PC\AppData\Local\Temp\OptimizerPro.exe C:\Users\PC\AppData\Local\Temp\ose00000.exe C:\Users\PC\AppData\Local\Temp\playnowradio.exe C:\Users\PC\AppData\Local\Temp\Quarantine.exe C:\Users\PC\AppData\Local\Temp\setup_80.exe C:\Users\PC\AppData\Local\Temp\Update.exe C:\Users\PC\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\PC\AppData\Local\Temp\UpdateX.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-10 11:12 ==================== End Of Log ============================