Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Tomek (administrator) on TOMEK-TOSH on 29-05-2014 08:53:47 Running from C:\Users\Tomek\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe (OldTimer Tools) C:\Users\Tomek\Desktop\OTL.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\S-1-5-21-906435108-3439195025-2073306531-1000\...\Run: [svchost] => regsvr32 /s "C:\Temp:026EB853.dat" HKU\S-1-5-21-906435108-3439195025-2073306531-1000\...\MountPoints2: {01767503-12d1-11e3-97ae-68a3c44e539c} - F:\AutoRun.exe HKU\S-1-5-21-906435108-3439195025-2073306531-1000\...\MountPoints2: {01767511-12d1-11e3-97ae-68a3c44e539c} - F:\AutoRun.exe HKU\S-1-5-21-906435108-3439195025-2073306531-1000\...\MountPoints2: {67c4693c-1399-11e3-8ed4-68a3c44e539c} - F:\AutoRun.exe HKU\S-1-5-21-906435108-3439195025-2073306531-1000\...\MountPoints2: {c30ee991-4cc5-11e1-b73c-b870f454d4ed} - F:\Autorun.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {64511A76-362E-4551-8000-BA43A8F82AAF} URL = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=36a0fad500000000000068a3c44e539c SearchScopes: HKCU - {8AB16ACD-E33C-4917-9FFC-3C60333B6BF2} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {B5DF8EE5-D8B8-4C31-8858-311463CDB647} URL = SearchScopes: HKCU - {C31244A0-70AC-4CCA-9FA6-410BB4CFEB1D} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {5C5B9468-D672-4EB7-B52F-B5AFABF28C5B} - No File DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Peggle/Images/stg_drm.ocx DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Peggle/Images/armhelper.ocx Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 213.227.98.131 213.227.98.132 Tcpip\..\Interfaces\{0D43FDDD-A136-4793-A9BA-BA3D8AF9D2AA}: [NameServer]89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{EF597AC0-9518-4ECD-9D28-31A7D40417CC}: [NameServer]89.108.195.20 89.108.202.20 FireFox: ======== FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\mi9fqg4q.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-07] FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox Chrome: ======= CHR HomePage: CHR Extension: (Google Wallet) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-19] (AVAST Software) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-09-01] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG) ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-19] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-19] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-19] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-19] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-05] (Disc Soft Ltd) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2013-09-01] (Huawei Technologies Co., Ltd.) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software) S3 ALSysIO; \??\C:\Users\Tomek\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 08:53 - 2014-05-29 08:54 - 00017635 _____ () C:\Users\Tomek\Desktop\FRST.txt 2014-05-29 08:52 - 2014-05-29 08:53 - 00000000 ____D () C:\FRST 2014-05-29 08:51 - 2014-05-29 08:51 - 02066944 _____ (Farbar) C:\Users\Tomek\Desktop\FRST64.exe 2014-05-29 08:04 - 2014-05-29 08:04 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\AVG2014 2014-05-29 08:03 - 2014-05-29 08:03 - 00000962 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-29 08:03 - 2014-05-29 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-29 08:01 - 2014-05-29 08:03 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-29 08:01 - 2014-05-29 08:01 - 00000000 ___HD () C:\$AVG 2014-05-29 07:58 - 2014-05-29 08:15 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-29 07:58 - 2014-05-29 08:04 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Avg2014 2014-05-29 07:58 - 2014-05-29 07:58 - 00000000 ____D () C:\Users\Tomek\AppData\Local\MFAData 2014-05-29 07:51 - 2014-05-29 07:51 - 00089032 _____ () C:\Users\Tomek\Desktop\Extras.Txt 2014-05-29 07:48 - 2014-05-29 07:48 - 00108766 _____ () C:\Users\Tomek\Desktop\OTL.Txt 2014-05-29 07:46 - 2014-05-29 07:50 - 164819976 _____ (AVG Technologies) C:\Users\Tomek\Desktop\avg_free_x64_all_2014_4592a7484.exe 2014-05-29 07:35 - 2014-05-29 07:35 - 00602112 _____ (OldTimer Tools) C:\Users\Tomek\Desktop\OTL.exe 2014-05-29 00:32 - 2014-05-29 00:32 - 00003544 ____N () C:\bootsqm.dat 2014-05-28 22:29 - 2014-05-28 22:29 - 00002218 _____ () C:\Users\Public\Desktop\AVG Konserwacja 1 kliknięciem.lnk 2014-05-28 22:29 - 2014-05-28 22:29 - 00002188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk 2014-05-28 22:29 - 2014-05-28 22:29 - 00002176 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk 2014-05-28 22:29 - 2014-05-28 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 2014-05-28 22:29 - 2014-04-15 16:23 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe 2014-05-28 22:29 - 2014-04-15 16:23 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll 2014-05-28 22:29 - 2014-04-15 16:23 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll 2014-05-28 22:28 - 2014-05-29 08:01 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-28 22:28 - 2014-05-28 22:28 - 00000000 ____D () C:\Users\Tomek\AppData\Local\AVG 2014-05-28 22:27 - 2014-05-28 22:27 - 70431144 _____ (AVG) C:\Users\Tomek\Downloads\avg_tuht_stf_all_2014_423.exe 2014-05-28 22:25 - 2014-05-28 22:25 - 00702504 _____ () C:\Users\Tomek\Desktop\AVG-PC-TuneUp(21136).exe 2014-05-28 22:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-28 22:12 - 2014-05-28 22:17 - 00000000 ____D () C:\AdwCleaner 2014-05-28 22:11 - 2014-05-28 22:12 - 01327971 _____ () C:\Users\Tomek\Desktop\adwcleaner_3.211.exe 2014-05-28 12:46 - 2014-05-28 12:46 - 00489984 _____ () C:\Users\Tomek\Downloads\5C89.tmp 2014-05-25 17:43 - 2014-05-25 17:43 - 00551819 _____ () C:\Users\Tomek\Desktop\Leki, a Ciąża.pptx 2014-05-25 17:41 - 2014-05-25 17:42 - 00000000 ____D () C:\Users\Tomek\Desktop\Farma pyt egz 2014-05-24 02:31 - 2014-05-24 02:31 - 00000042 _____ () C:\Users\Tomek\Desktop\nuty.txt 2014-05-21 18:14 - 2014-05-23 20:02 - 00000000 ____D () C:\Users\Tomek\Desktop\WCC2014 Australia 2014-05-18 14:47 - 2014-05-18 14:48 - 05547060 _____ () C:\Users\Tomek\Documents\Neonatologia, 2 blok.zip 2014-05-18 14:43 - 2014-05-18 14:43 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-18 14:43 - 2014-05-18 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-18 14:41 - 2014-05-18 14:41 - 00283024 _____ (Mozilla) C:\Users\Tomek\Documents\Firefox Setup Stub 29.0.1.exe 2014-05-18 14:35 - 2014-05-28 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit 2014-05-18 14:35 - 2014-05-19 23:11 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Orbit 2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ProgSense 2014-05-18 14:34 - 2014-05-18 14:34 - 05498816 _____ (www.orbitdownloader.com ) C:\Users\Tomek\Documents\OrbitDownloaderSetup.exe 2014-05-18 09:02 - 2014-05-18 09:02 - 00086016 _____ () C:\Users\Tomek\Downloads\4648.tmp 2014-05-17 20:07 - 2014-05-17 20:07 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Tomek\Documents\WinPcap_4_1_3 (1).exe 2014-05-17 20:06 - 2014-05-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2014-05-17 20:06 - 2014-05-17 20:06 - 00000000 ____D () C:\Program Files (x86)\WinPcap 2014-05-17 20:05 - 2014-05-17 20:06 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Tomek\Documents\WinPcap_4_1_3.exe 2014-05-17 20:00 - 2014-05-17 20:08 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Opera Software 2014-05-17 20:00 - 2014-05-17 20:08 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Opera Software 2014-05-17 20:00 - 2014-05-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2014-05-17 20:00 - 2014-05-17 20:00 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp 2014-05-17 19:58 - 2014-05-17 20:08 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-17 19:58 - 2014-05-17 19:58 - 17282640 _____ (DsNET Corp) C:\Users\Tomek\Downloads\aTube_Catcher.exe 2014-05-17 19:55 - 2014-05-17 19:55 - 00707056 _____ () C:\Users\Tomek\Documents\aTube-Catcher(21622).exe 2014-05-15 23:39 - 2014-05-29 01:20 - 00002222 _____ () C:\Windows\PFRO.log 2014-05-15 19:13 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 19:13 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 19:13 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 19:13 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 19:13 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 19:13 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 08:03 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 08:03 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 08:03 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 08:03 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 08:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 08:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 08:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 08:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 08:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 08:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 08:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 08:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 08:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 08:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 08:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 08:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 08:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 08:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 08:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 08:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 08:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 08:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 08:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 08:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 08:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 08:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 08:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 08:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-06 19:00 - 2014-05-15 19:27 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-29 08:54 - 2014-05-29 08:53 - 00017635 _____ () C:\Users\Tomek\Desktop\FRST.txt 2014-05-29 08:53 - 2014-05-29 08:52 - 00000000 ____D () C:\FRST 2014-05-29 08:51 - 2014-05-29 08:51 - 02066944 _____ (Farbar) C:\Users\Tomek\Desktop\FRST64.exe 2014-05-29 08:47 - 2012-11-12 14:40 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 08:37 - 2013-08-18 09:39 - 01137943 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 08:15 - 2014-05-29 07:58 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-29 08:14 - 2009-07-14 06:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-29 08:14 - 2009-07-14 06:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-29 08:04 - 2014-05-29 08:04 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\AVG2014 2014-05-29 08:04 - 2014-05-29 07:58 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Avg2014 2014-05-29 08:03 - 2014-05-29 08:03 - 00000962 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-29 08:03 - 2014-05-29 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-29 08:03 - 2014-05-29 08:01 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-29 08:01 - 2014-05-29 08:01 - 00000000 ___HD () C:\$AVG 2014-05-29 08:01 - 2014-05-28 22:28 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-29 07:58 - 2014-05-29 07:58 - 00000000 ____D () C:\Users\Tomek\AppData\Local\MFAData 2014-05-29 07:51 - 2014-05-29 07:51 - 00089032 _____ () C:\Users\Tomek\Desktop\Extras.Txt 2014-05-29 07:50 - 2014-05-29 07:46 - 164819976 _____ (AVG Technologies) C:\Users\Tomek\Desktop\avg_free_x64_all_2014_4592a7484.exe 2014-05-29 07:48 - 2014-05-29 07:48 - 00108766 _____ () C:\Users\Tomek\Desktop\OTL.Txt 2014-05-29 07:35 - 2014-05-29 07:35 - 00602112 _____ (OldTimer Tools) C:\Users\Tomek\Desktop\OTL.exe 2014-05-29 07:07 - 2014-04-23 16:52 - 00003506 _____ () C:\Windows\setupact.log 2014-05-29 01:46 - 2012-11-12 14:40 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 01:26 - 2009-07-14 19:55 - 00741140 _____ () C:\Windows\system32\perfh015.dat 2014-05-29 01:26 - 2009-07-14 19:55 - 00156424 _____ () C:\Windows\system32\perfc015.dat 2014-05-29 01:26 - 2009-07-14 07:13 - 01672142 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-29 01:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-29 01:20 - 2014-05-15 23:39 - 00002222 _____ () C:\Windows\PFRO.log 2014-05-29 00:32 - 2014-05-29 00:32 - 00003544 ____N () C:\bootsqm.dat 2014-05-28 22:35 - 2014-05-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit 2014-05-28 22:35 - 2014-04-19 10:06 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Microsoft Help 2014-05-28 22:35 - 2014-01-21 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-05-28 22:35 - 2013-11-17 11:58 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-05-28 22:35 - 2013-01-28 16:58 - 00000000 ___RD () C:\Users\Tomek\Desktop\Pliki Tomek 2014-05-28 22:29 - 2014-05-28 22:29 - 00002218 _____ () C:\Users\Public\Desktop\AVG Konserwacja 1 kliknięciem.lnk 2014-05-28 22:29 - 2014-05-28 22:29 - 00002188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk 2014-05-28 22:29 - 2014-05-28 22:29 - 00002176 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk 2014-05-28 22:29 - 2014-05-28 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 2014-05-28 22:28 - 2014-05-28 22:28 - 00000000 ____D () C:\Users\Tomek\AppData\Local\AVG 2014-05-28 22:27 - 2014-05-28 22:27 - 70431144 _____ (AVG) C:\Users\Tomek\Downloads\avg_tuht_stf_all_2014_423.exe 2014-05-28 22:25 - 2014-05-28 22:25 - 00702504 _____ () C:\Users\Tomek\Desktop\AVG-PC-TuneUp(21136).exe 2014-05-28 22:17 - 2014-05-28 22:12 - 00000000 ____D () C:\AdwCleaner 2014-05-28 22:17 - 2011-09-23 10:18 - 00000000 ____D () C:\Users\Tomek 2014-05-28 22:12 - 2014-05-28 22:11 - 01327971 _____ () C:\Users\Tomek\Desktop\adwcleaner_3.211.exe 2014-05-28 13:09 - 2012-05-13 17:43 - 04294144 ___SH () C:\Users\Tomek\Desktop\Thumbs.db 2014-05-28 12:46 - 2014-05-28 12:46 - 00489984 _____ () C:\Users\Tomek\Downloads\5C89.tmp 2014-05-25 17:43 - 2014-05-25 17:43 - 00551819 _____ () C:\Users\Tomek\Desktop\Leki, a Ciąża.pptx 2014-05-25 17:42 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Tomek\Desktop\Farma pyt egz 2014-05-24 02:31 - 2014-05-24 02:31 - 00000042 _____ () C:\Users\Tomek\Desktop\nuty.txt 2014-05-23 20:02 - 2014-05-21 18:14 - 00000000 ____D () C:\Users\Tomek\Desktop\WCC2014 Australia 2014-05-23 19:57 - 2013-10-19 09:13 - 00000000 ____D () C:\Users\Tomek\Desktop\STN kardio 2014-05-19 23:11 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Orbit 2014-05-18 14:48 - 2014-05-18 14:47 - 05547060 _____ () C:\Users\Tomek\Documents\Neonatologia, 2 blok.zip 2014-05-18 14:43 - 2014-05-18 14:43 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-18 14:43 - 2014-05-18 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-18 14:43 - 2012-10-27 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-18 14:43 - 2011-09-26 16:48 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Mozilla 2014-05-18 14:41 - 2014-05-18 14:41 - 00283024 _____ (Mozilla) C:\Users\Tomek\Documents\Firefox Setup Stub 29.0.1.exe 2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ProgSense 2014-05-18 14:34 - 2014-05-18 14:34 - 05498816 _____ (www.orbitdownloader.com ) C:\Users\Tomek\Documents\OrbitDownloaderSetup.exe 2014-05-18 09:02 - 2014-05-18 09:02 - 00086016 _____ () C:\Users\Tomek\Downloads\4648.tmp 2014-05-17 22:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-17 20:50 - 2012-11-17 09:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-17 20:08 - 2014-05-17 20:00 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Opera Software 2014-05-17 20:08 - 2014-05-17 20:00 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Opera Software 2014-05-17 20:08 - 2014-05-17 19:58 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-17 20:07 - 2014-05-17 20:07 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Tomek\Documents\WinPcap_4_1_3 (1).exe 2014-05-17 20:06 - 2014-05-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2014-05-17 20:06 - 2014-05-17 20:06 - 00000000 ____D () C:\Program Files (x86)\WinPcap 2014-05-17 20:06 - 2014-05-17 20:05 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Tomek\Documents\WinPcap_4_1_3.exe 2014-05-17 20:00 - 2014-05-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2014-05-17 20:00 - 2014-05-17 20:00 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp 2014-05-17 19:58 - 2014-05-17 19:58 - 17282640 _____ (DsNET Corp) C:\Users\Tomek\Downloads\aTube_Catcher.exe 2014-05-17 19:55 - 2014-05-17 19:55 - 00707056 _____ () C:\Users\Tomek\Documents\aTube-Catcher(21622).exe 2014-05-16 09:56 - 2014-01-02 17:19 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-16 09:56 - 2011-10-07 14:41 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-16 09:56 - 2011-10-07 14:41 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-15 23:41 - 2011-09-23 10:21 - 00000000 ___RD () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 23:41 - 2011-09-23 10:18 - 00000000 ___RD () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 19:27 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 19:15 - 2014-04-19 10:05 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 19:09 - 2013-09-01 10:26 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 19:03 - 2013-01-28 00:41 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-10 18:19 - 2014-03-07 18:55 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-05-09 08:14 - 2014-05-15 08:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 08:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 12:42 - 2012-11-12 14:40 - 00004042 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 12:42 - 2012-11-12 14:40 - 00003790 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 06:40 - 2014-05-15 19:13 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 19:13 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 19:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 19:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Tomek\AppData\Local\Temp\libcurl-4.dll C:\Users\Tomek\AppData\Local\Temp\pthreadGC2.dll C:\Users\Tomek\AppData\Local\Temp\Quarantine.exe C:\Users\Tomek\AppData\Local\Temp\zlib1.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-21 18:56 ==================== End Of Log ============================