Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Wiesia (administrator) on WIESIA-KOMPUTER on 02-05-2014 10:58:13 Running from D:\Inne\frst Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\DataCardService\HWDeviceService64.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell) C:\Users\Wiesia\AppData\Local\Apps\2.0\9BT995MT.6WH\W02P8VLX.7ZQ\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803496 2011-06-24] (Synaptics Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1574016 2011-08-02] (Conexant Systems, Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-11] (Dell Inc.) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-01-01] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462991 2010-06-18] (Creative Technology Ltd) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-12] (AVAST Software) HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1364496 2013-06-28] (ABBYY Production LLC) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\Run: [DellSystemDetect] => C:\Users\Wiesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\MountPoints2: {0f07217f-2408-11e2-a542-4ceb4269241c} - E:\autorun.exe HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\MountPoints2: {0f666366-de4a-11e1-a828-4ceb4269241c} - G:\LaunchU3.exe -a HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\MountPoints2: {52f9e592-4b72-11e2-bf14-4ceb4269241c} - G:\Setup.exe HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\MountPoints2: {755b1d0f-d29d-11e2-a304-4ceb4269241c} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2530808019-808847502-1623858649-1000\...\MountPoints2: {f82fb092-4ba8-11e2-83c8-4ceb4269241c} - G:\Setup.exe ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{788C22B4-FE12-4123-B77B-32004D7F4175}: [NameServer]0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Wiesia\AppData\Roaming\Mozilla\Firefox\Profiles\ldv6wuxr.default-1399019456293 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-21] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-12] (AVAST Software) R3 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-08-12] (Conexant Systems, Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.) S3 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2012-07-25] () R2 MSSQL$AQRATO; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$RESET2; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-12] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-12] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-12] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-12] () R3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [32344 2010-12-09] (Creative Technology Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-01] (Duplex Secure Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-05-10] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 10:42 - 2014-05-02 10:42 - 01310621 _____ () C:\Users\Wiesia\Downloads\AdwCleaner.exe 2014-05-02 10:31 - 2014-05-02 10:31 - 00000000 ____D () C:\Users\Wiesia\Desktop\Stare dane programu Firefox 2014-05-01 14:18 - 2014-05-01 17:54 - 00000000 ____D () C:\Users\Wiesia\Desktop\diagnostyka 2014-05-01 14:03 - 2014-05-02 10:58 - 00000000 ____D () C:\FRST 2014-05-01 13:14 - 2014-05-01 13:14 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2014-05-01 13:04 - 2014-05-01 13:04 - 617879493 _____ () C:\Windows\MEMORY.DMP 2014-05-01 13:04 - 2014-05-01 13:04 - 00262144 _____ () C:\Windows\Minidump\050114-26551-01.dmp 2014-05-01 13:04 - 2014-05-01 13:04 - 00000000 ____D () C:\Windows\Minidump 2014-05-01 11:27 - 2014-05-02 10:46 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-01 11:27 - 2014-05-02 10:32 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-01 11:27 - 2014-05-01 11:27 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-01 11:27 - 2014-05-01 11:27 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-01 11:05 - 2014-05-01 11:06 - 00000000 ____D () C:\ProgramData\simplitec 2014-05-01 11:05 - 2013-08-23 12:19 - 00120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll 2014-04-30 18:24 - 2014-04-30 18:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-29 20:52 - 2014-04-29 20:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-29 20:52 - 2014-04-29 20:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-29 20:52 - 2014-04-29 20:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-29 20:52 - 2014-04-29 20:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-29 20:52 - 2014-04-29 20:52 - 00000000 ____D () C:\Program Files\Java 2014-04-28 18:38 - 2014-04-28 18:38 - 25013552 _____ (DVDVideoSoft Ltd. ) C:\Users\Wiesia\Downloads\FreeVideoDub_(dobreprogramy.pl).exe 2014-04-28 18:31 - 2014-04-28 18:31 - 20470500 _____ () C:\Users\Wiesia\Downloads\setup_photofilmstrip-2.0.0.exe 2014-04-28 18:16 - 2014-04-28 18:17 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\{751B30EF-DD9E-4281-8735-93D1114FDD2D} 2014-04-25 15:58 - 2014-04-25 15:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-25 15:57 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-25 15:57 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-22 08:16 - 2014-04-24 09:54 - 00017135 _____ () C:\Users\Wiesia\Desktop\OPL 9 OKNA.odt 2014-04-20 22:34 - 2014-04-20 22:33 - 16409960 _____ (Safer Networking Limited ) C:\Users\Wiesia\Downloads\Spybot - Search & Destroy 1.6.2.exe 2014-04-12 10:13 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-12 10:13 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-12 10:13 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-12 10:13 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-12 10:13 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-12 10:13 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-12 00:45 - 2014-04-12 00:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-10 19:38 - 2014-04-10 19:38 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\Blizzard Entertainment 2014-04-10 19:04 - 2014-04-10 23:41 - 00000000 ____D () C:\Users\Wiesia\Documents\StarCraft II 2014-04-10 19:04 - 2014-04-10 19:08 - 00000764 _____ () C:\Users\Public\Desktop\StarCraft II.lnk 2014-04-10 19:04 - 2014-04-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-04-10 19:04 - 2014-04-10 19:07 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-04-10 19:02 - 2014-04-10 19:02 - 00000000 ____D () C:\ProgramData\Battle.net 2014-04-09 08:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 08:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 08:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 08:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 08:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 08:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 08:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 08:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 08:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 08:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 08:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-08 20:25 - 2014-04-08 20:25 - 00707504 _____ () C:\Users\Wiesia\AppData\Local\unins000.exe 2014-04-08 20:25 - 2014-04-08 20:25 - 00011761 _____ () C:\Users\Wiesia\AppData\Local\unins000.msg 2014-04-08 20:25 - 2014-04-08 20:25 - 00003187 _____ () C:\Users\Wiesia\AppData\Local\unins000.dat ==================== One Month Modified Files and Folders ======= 2014-05-02 10:58 - 2014-05-01 14:03 - 00000000 ____D () C:\FRST 2014-05-02 10:54 - 2009-07-14 06:45 - 00025008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-02 10:54 - 2009-07-14 06:45 - 00025008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-02 10:47 - 2013-02-24 15:07 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\Deployment 2014-05-02 10:47 - 2012-11-01 12:32 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\LogMeIn Hamachi 2014-05-02 10:47 - 2012-07-21 10:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-02 10:47 - 2012-04-13 16:06 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-05-02 10:47 - 2012-04-13 16:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-05-02 10:47 - 2012-04-13 16:02 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-05-02 10:46 - 2014-05-01 11:27 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-02 10:46 - 2014-03-23 11:39 - 00198302 _____ () C:\Windows\PFRO.log 2014-05-02 10:46 - 2014-03-23 11:39 - 00006832 _____ () C:\Windows\setupact.log 2014-05-02 10:46 - 2013-10-24 15:47 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 10:45 - 2012-04-13 08:19 - 01195881 _____ () C:\Windows\WindowsUpdate.log 2014-05-02 10:44 - 2014-01-05 01:02 - 00000000 ____D () C:\AdwCleaner 2014-05-02 10:44 - 2012-06-21 19:59 - 00000000 ____D () C:\Users\Wiesia 2014-05-02 10:42 - 2014-05-02 10:42 - 01310621 _____ () C:\Users\Wiesia\Downloads\AdwCleaner.exe 2014-05-02 10:32 - 2014-05-01 11:27 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-02 10:31 - 2014-05-02 10:31 - 00000000 ____D () C:\Users\Wiesia\Desktop\Stare dane programu Firefox 2014-05-02 10:25 - 2014-03-29 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-02 10:25 - 2012-06-21 22:36 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\Google 2014-05-02 10:07 - 2013-11-23 21:58 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-01 17:54 - 2014-05-01 14:18 - 00000000 ____D () C:\Users\Wiesia\Desktop\diagnostyka 2014-05-01 13:14 - 2014-05-01 13:14 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2014-05-01 13:12 - 2012-11-01 15:41 - 00000000 ____D () C:\Users\Wiesia\Documents\My Games 2014-05-01 13:12 - 2012-04-13 15:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-01 13:04 - 2014-05-01 13:04 - 617879493 _____ () C:\Windows\MEMORY.DMP 2014-05-01 13:04 - 2014-05-01 13:04 - 00262144 _____ () C:\Windows\Minidump\050114-26551-01.dmp 2014-05-01 13:04 - 2014-05-01 13:04 - 00000000 ____D () C:\Windows\Minidump 2014-05-01 11:27 - 2014-05-01 11:27 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-01 11:27 - 2014-05-01 11:27 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-01 11:06 - 2014-05-01 11:05 - 00000000 ____D () C:\ProgramData\simplitec 2014-05-01 09:50 - 2013-03-08 22:25 - 00000000 ____D () C:\Users\Wiesia\Desktop\Programy 2014-04-30 22:07 - 2010-11-21 14:53 - 00835800 _____ () C:\Windows\system32\perfh015.dat 2014-04-30 22:07 - 2010-11-21 14:53 - 00192472 _____ () C:\Windows\system32\perfc015.dat 2014-04-30 22:07 - 2009-07-14 07:13 - 01939050 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-30 19:52 - 2012-06-21 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-30 18:25 - 2014-04-30 18:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 10:06 - 2013-11-23 21:58 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-30 10:06 - 2012-07-19 22:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-30 10:06 - 2012-07-19 21:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 20:52 - 2014-04-29 20:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-29 20:52 - 2014-04-29 20:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-29 20:52 - 2014-04-29 20:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-29 20:52 - 2014-04-29 20:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-29 20:52 - 2014-04-29 20:52 - 00000000 ____D () C:\Program Files\Java 2014-04-29 20:14 - 2012-06-21 22:11 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-29 20:14 - 2012-06-21 22:11 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-28 18:38 - 2014-04-28 18:38 - 25013552 _____ (DVDVideoSoft Ltd. ) C:\Users\Wiesia\Downloads\FreeVideoDub_(dobreprogramy.pl).exe 2014-04-28 18:31 - 2014-04-28 18:31 - 20470500 _____ () C:\Users\Wiesia\Downloads\setup_photofilmstrip-2.0.0.exe 2014-04-28 18:22 - 2012-04-13 16:24 - 00000000 ____D () C:\ProgramData\Sonic 2014-04-28 18:17 - 2014-04-28 18:16 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\{751B30EF-DD9E-4281-8735-93D1114FDD2D} 2014-04-28 18:15 - 2013-11-05 15:36 - 00000000 ____D () C:\Users\Wiesia\Desktop\Eksport z programu Picasa 2014-04-28 18:11 - 2012-06-21 23:27 - 00007680 _____ () C:\Users\Wiesia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-28 09:02 - 2012-04-13 16:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-04-27 11:33 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-25 15:58 - 2014-04-25 15:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-25 13:04 - 2012-10-07 17:05 - 00000000 ____D () C:\Users\Wiesia\Desktop\Strona aqrato 2014-04-24 09:54 - 2014-04-22 08:16 - 00017135 _____ () C:\Users\Wiesia\Desktop\OPL 9 OKNA.odt 2014-04-20 22:33 - 2014-04-20 22:34 - 16409960 _____ (Safer Networking Limited ) C:\Users\Wiesia\Downloads\Spybot - Search & Destroy 1.6.2.exe 2014-04-16 13:24 - 2013-10-03 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-04-16 13:24 - 2013-10-03 08:49 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-04-14 04:24 - 2014-04-25 15:57 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-04-25 15:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-13 20:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 00:46 - 2013-10-22 15:55 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-12 00:45 - 2014-04-12 00:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-12 00:45 - 2014-02-16 22:17 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-12 00:45 - 2013-03-09 15:57 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-12 00:45 - 2013-03-09 15:57 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-12 00:45 - 2012-07-21 10:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-12 00:45 - 2012-07-21 10:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-04-12 00:45 - 2012-07-21 10:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-12 00:45 - 2012-07-21 10:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-12 00:45 - 2012-07-21 10:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-10 23:41 - 2014-04-10 19:04 - 00000000 ____D () C:\Users\Wiesia\Documents\StarCraft II 2014-04-10 19:38 - 2014-04-10 19:38 - 00000000 ____D () C:\Users\Wiesia\AppData\Local\Blizzard Entertainment 2014-04-10 19:08 - 2014-04-10 19:04 - 00000764 _____ () C:\Users\Public\Desktop\StarCraft II.lnk 2014-04-10 19:07 - 2014-04-10 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-04-10 19:07 - 2014-04-10 19:04 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-04-10 19:02 - 2014-04-10 19:02 - 00000000 ____D () C:\ProgramData\Battle.net 2014-04-09 08:51 - 2013-07-13 12:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 08:49 - 2012-06-21 23:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 20:34 - 2013-04-22 18:40 - 00000885 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk 2014-04-08 20:34 - 2013-04-22 18:40 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje 2014-04-08 20:25 - 2014-04-08 20:25 - 00707504 _____ () C:\Users\Wiesia\AppData\Local\unins000.exe 2014-04-08 20:25 - 2014-04-08 20:25 - 00011761 _____ () C:\Users\Wiesia\AppData\Local\unins000.msg 2014-04-08 20:25 - 2014-04-08 20:25 - 00003187 _____ () C:\Users\Wiesia\AppData\Local\unins000.dat 2014-04-04 19:24 - 2011-02-15 11:58 - 01911656 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI Some content of TEMP: ==================== C:\Users\Wiesia\AppData\Local\Temp\Quarantine.exe C:\Users\Wiesia\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 23:34 ==================== End Of Log ============================