Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by Kabeks (administrator) on KABEKS-TOSH on 11-08-2014 21:21:14 Running from C:\Users\Kabeks\Desktop\fix Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-11] (Microsoft Corporation) HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {30fdc143-730d-11e3-9d67-e0cb4e4b1ede} - H:\AutoRun.exe HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {30fdc155-730d-11e3-9d67-e0cb4e4b1ede} - F:\AutoRun.exe HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {328bfa2e-080a-11e2-a1ea-e0cb4e4b1ede} - F:\AutoRun.exe HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {328bfa3d-080a-11e2-a1ea-e0cb4e4b1ede} - F:\AutoRun.exe HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {4ee04d8e-c82c-11e1-a0e4-e0cb4e4b1ede} - F:\MotoCastSetup.exe -a HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {526f966d-8905-11e2-92ee-e0cb4e4b1ede} - F:\AutoRun.exe HKU\S-1-5-21-3400790737-348815391-1457645043-1000\...\MountPoints2: {bdd66318-35a3-11e2-948c-e0cb4e4b1ede} - G:\MotoCastSetup.exe -a AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File Not Found Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) SearchScopes: HKCU - DefaultScope {217C1776-3A2C-4017-A88B-B29EF8F0C5E6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ssbtis1&mntrId=E2DF582C80139263 SearchScopes: HKCU - {17242E28-816D-47E6-B33C-D05FBAD87968} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms} SearchScopes: HKCU - {217C1776-3A2C-4017-A88B-B29EF8F0C5E6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8QNm9CnW&i=26 SearchScopes: HKCU - {D5EB6E67-DB89-4473-8F2F-29BB4E9BEC05} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{10A0EF2B-F981-4021-8AC3-D025436409C4}: [NameServer]194.204.159.1 194.204.152.34 Tcpip\..\Interfaces\{31E0C19D-A4ED-4052-9B5A-AEDDD8FC2EED}: [NameServer]194.204.159.1 194.204.152.34 FireFox: ======== FF ProfilePath: C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default FF DefaultSearchEngine: Delta Search FF SelectedSearchEngine: Delta Search FF Homepage: hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=E2DF582C80139263 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF user.js: detected! => C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\searchplugins\utorrentcontrolv2-customized-web-search.xml FF Extension: Delta Toolbar - C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\Extensions\ffxtlbr@delta.com [2013-05-08] FF Extension: ALLYouTubeDownloader - C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2013-01-24] FF Extension: Firebug Autocompleter - C:\Users\Kabeks\AppData\Roaming\Mozilla\Firefox\Profiles\y6dgsjd9.default\Extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi [2012-12-26] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor Chrome: ======= CHR Extension: (uTorrentControl_v2) - C:\Users\Kabeks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-04-20] CHR Extension: (New tab for Chrome™) - C:\Users\Kabeks\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2013-04-20] CHR Extension: (IncrediBar for Chrome™) - C:\Users\Kabeks\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca [2013-04-20] CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-04-20] CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Kabeks\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19] CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-11-19] CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Kabeks\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19] CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2013-01-09] CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2013-01-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-05-27] (Adobe Systems) [File not signed] S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S2 CDROM_Detect; C:\Program Files\HSDPA USB Modem\WCDMA_Eject.exe [325632 2012-02-05] () [File not signed] S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [161592 2009-10-22] () S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] () S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2014-01-02] () S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.) S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2014-01-02] (Huawei Technologies Co., Ltd.) S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [63520 2009-09-18] (Siano) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 motmodem; system32\DRIVERS\motmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 21:19 - 2014-08-11 21:21 - 00000000 ____D () C:\FRST 2014-08-11 20:58 - 2014-08-11 21:21 - 00000000 ____D () C:\Users\Kabeks\Desktop\fix 2014-08-10 16:25 - 2014-08-10 16:25 - 00007572 _____ () C:\Users\Kabeks\Documents\cc_20140810_162524.reg 2014-08-10 15:09 - 2014-08-10 15:09 - 00000000 ____D () C:\Users\Kabeks\AppData\Roaming\ChemTable Software 2014-08-10 15:08 - 2014-08-10 15:10 - 00000000 ____D () C:\Users\Kabeks\AppData\Local\ChemTable Software 2014-08-10 15:08 - 2014-08-10 15:08 - 00001113 _____ () C:\Users\Kabeks\Desktop\Registry Life.lnk 2014-08-10 15:08 - 2014-08-10 15:08 - 00001107 _____ () C:\Users\Kabeks\Desktop\Soft Organizer - a tool for fully uninstalling and updating applications.lnk 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft Organizer 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\Program Files (x86)\Soft Organizer 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\Program Files (x86)\Registry Life 2014-08-10 11:20 - 2014-08-10 11:20 - 00001136 _____ () C:\Users\Kabeks\Desktop\Auslogics DiskDefrag.lnk 2014-08-10 11:20 - 2014-08-10 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2014-08-10 11:20 - 2014-08-10 11:20 - 00000000 ____D () C:\ProgramData\Auslogics 2014-08-10 11:20 - 2014-08-10 11:20 - 00000000 ____D () C:\Program Files (x86)\Auslogics 2014-08-10 11:15 - 2014-08-10 11:15 - 00000017 _____ () C:\Users\Kabeks\AppData\Local\resmon.resmoncfg 2014-08-10 11:11 - 2014-08-10 11:11 - 00000488 _____ () C:\Windows\WindowsUpdate.log 2014-08-10 11:10 - 2014-08-10 23:29 - 00000448 _____ () C:\Windows\setupact.log 2014-08-10 11:10 - 2014-08-10 11:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-10 10:55 - 2014-08-10 10:55 - 00048912 _____ () C:\Users\Kabeks\Documents\cc_20140810_105540.reg 2014-08-10 01:31 - 2014-08-10 16:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-10 01:31 - 2014-08-10 01:31 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-10 01:31 - 2014-08-10 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-10 01:31 - 2014-08-10 01:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-10 01:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-10 01:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-10 01:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-07 17:58 - 2014-08-07 17:59 - 28739896 _____ (AVG) C:\Users\Konferencja Lean\Downloads\avg_tuht_stf_pl_2014_519_bmarket2.exe 2014-08-07 17:58 - 2014-08-07 17:58 - 04814696 _____ (Piriform Ltd) C:\Users\Konferencja Lean\Downloads\ccsetup416pro.exe 2014-08-05 21:48 - 2014-08-05 21:48 - 00086823 _____ () C:\Users\Konferencja Lean\Downloads\2014-07-10_niklas.xls 2014-08-03 11:10 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-03 11:10 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-03 11:10 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-03 11:10 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-03 11:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-03 11:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-03 11:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-03 11:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-02 20:08 - 2014-08-02 20:09 - 00018644 _____ () C:\Users\Konferencja Lean\Downloads\2014-08-02_rsform.xls 2014-07-31 20:17 - 2014-07-31 20:17 - 00013406 _____ () C:\Users\Konferencja Lean\Downloads\Baza adresów - LM gr 2.xlsx 2014-07-31 20:10 - 2014-07-31 20:10 - 00012837 _____ () C:\Users\Konferencja Lean\Downloads\warsztaty III dzien.xlsx 2014-07-15 23:06 - 2014-07-15 23:07 - 00207546 _____ () C:\Users\Konferencja Lean\Desktop\Sobieszewo_ubezp_firlik.xlsx 2014-07-15 22:55 - 2014-07-15 22:55 - 00016384 _____ () C:\Users\Konferencja Lean\Downloads\Porcjunkula - wpłaty na sylwestra 2013 2014 (3).xls 2014-07-15 22:43 - 2014-07-15 23:03 - 00019543 _____ () C:\Users\Konferencja Lean\Desktop\Sobieszewo_ubezp.xlsx 2014-07-15 22:39 - 2014-07-15 22:39 - 00020872 _____ () C:\Users\Konferencja Lean\Downloads\Sobieszewo_ubezp.ods 2014-07-12 21:33 - 2014-07-12 21:33 - 00080323 _____ () C:\Users\Konferencja Lean\Downloads\rsform_backup_2014-07-12_215229.zip 2014-07-12 13:24 - 2014-07-12 13:24 - 03440821 _____ () C:\Users\Konferencja Lean\Downloads\jf_calla-exteriors-unzip_first.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 21:21 - 2014-08-11 21:19 - 00000000 ____D () C:\FRST 2014-08-11 21:21 - 2014-08-11 20:58 - 00000000 ____D () C:\Users\Kabeks\Desktop\fix 2014-08-11 20:44 - 2012-05-04 12:40 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-11 20:34 - 2013-12-09 22:07 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400790737-348815391-1457645043-1001UA.job 2014-08-11 20:34 - 2013-12-09 22:07 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400790737-348815391-1457645043-1001Core.job 2014-08-11 20:34 - 2012-06-10 19:56 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-11 20:34 - 2012-06-10 19:56 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-10 23:29 - 2014-08-10 11:10 - 00000448 _____ () C:\Windows\setupact.log 2014-08-10 23:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-10 16:25 - 2014-08-10 16:25 - 00007572 _____ () C:\Users\Kabeks\Documents\cc_20140810_162524.reg 2014-08-10 16:24 - 2014-08-10 01:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-10 16:21 - 2013-11-11 12:42 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-08-10 15:24 - 2012-04-05 00:04 - 00000000 ____D () C:\Users\Kabeks 2014-08-10 15:10 - 2014-08-10 15:08 - 00000000 ____D () C:\Users\Kabeks\AppData\Local\ChemTable Software 2014-08-10 15:09 - 2014-08-10 15:09 - 00000000 ____D () C:\Users\Kabeks\AppData\Roaming\ChemTable Software 2014-08-10 15:08 - 2014-08-10 15:08 - 00001113 _____ () C:\Users\Kabeks\Desktop\Registry Life.lnk 2014-08-10 15:08 - 2014-08-10 15:08 - 00001107 _____ () C:\Users\Kabeks\Desktop\Soft Organizer - a tool for fully uninstalling and updating applications.lnk 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft Organizer 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\Program Files (x86)\Soft Organizer 2014-08-10 15:08 - 2014-08-10 15:08 - 00000000 ____D () C:\Program Files (x86)\Registry Life 2014-08-10 11:20 - 2014-08-10 11:20 - 00001136 _____ () C:\Users\Kabeks\Desktop\Auslogics DiskDefrag.lnk 2014-08-10 11:20 - 2014-08-10 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2014-08-10 11:20 - 2014-08-10 11:20 - 00000000 ____D () C:\ProgramData\Auslogics 2014-08-10 11:20 - 2014-08-10 11:20 - 00000000 ____D () C:\Program Files (x86)\Auslogics 2014-08-10 11:15 - 2014-08-10 11:15 - 00000017 _____ () C:\Users\Kabeks\AppData\Local\resmon.resmoncfg 2014-08-10 11:11 - 2014-08-10 11:11 - 00000488 _____ () C:\Windows\WindowsUpdate.log 2014-08-10 11:10 - 2014-08-10 11:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-10 10:57 - 2009-07-14 19:55 - 00698146 _____ () C:\Windows\system32\perfh015.dat 2014-08-10 10:57 - 2009-07-14 19:55 - 00135224 _____ () C:\Windows\system32\perfc015.dat 2014-08-10 10:57 - 2009-07-14 07:13 - 01549932 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-10 10:55 - 2014-08-10 10:55 - 00048912 _____ () C:\Users\Kabeks\Documents\cc_20140810_105540.reg 2014-08-10 10:54 - 2013-12-25 23:19 - 00000000 ____D () C:\Users\Kabeks\AppData\Roaming\Winamp 2014-08-10 10:54 - 2012-09-18 20:39 - 00000000 ____D () C:\Users\Kabeks\AppData\Roaming\FileZilla 2014-08-10 10:53 - 2012-08-23 22:41 - 00000000 ____D () C:\Windows\Minidump 2014-08-10 10:53 - 2009-12-14 14:53 - 00000000 ____D () C:\Windows\Panther 2014-08-10 10:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration 2014-08-10 03:08 - 2014-02-16 15:23 - 00000000 ____D () C:\Users\Konferencja Lean\AppData\Roaming\Systweak 2014-08-10 01:31 - 2014-08-10 01:31 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-10 01:31 - 2014-08-10 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-10 01:31 - 2014-08-10 01:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-10 01:31 - 2013-11-10 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-09 14:44 - 2013-01-16 12:34 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-09 03:48 - 2013-04-11 22:41 - 00000000 ____D () C:\Users\Konferencja Lean\AppData\Roaming\FileZilla 2014-08-09 00:54 - 2013-05-30 10:42 - 00000000 ____D () C:\Users\Konferencja Lean\AppData\Roaming\ObviousIdea 2014-08-07 17:59 - 2014-08-07 17:58 - 28739896 _____ (AVG) C:\Users\Konferencja Lean\Downloads\avg_tuht_stf_pl_2014_519_bmarket2.exe 2014-08-07 17:58 - 2014-08-07 17:58 - 04814696 _____ (Piriform Ltd) C:\Users\Konferencja Lean\Downloads\ccsetup416pro.exe 2014-08-07 16:26 - 2013-12-22 01:08 - 00081133 _____ () C:\Users\Konferencja Lean\daemonprocess.txt 2014-08-06 16:12 - 2009-07-14 06:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-06 16:12 - 2009-07-14 06:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-06 16:01 - 2014-05-29 00:49 - 00000000 ____D () C:\Temp 2014-08-05 21:48 - 2014-08-05 21:48 - 00086823 _____ () C:\Users\Konferencja Lean\Downloads\2014-07-10_niklas.xls 2014-08-05 21:09 - 2013-08-09 21:03 - 00000000 ____D () C:\Users\Konferencja Lean\Desktop\Perfectus 2014-08-02 20:09 - 2014-08-02 20:08 - 00018644 _____ () C:\Users\Konferencja Lean\Downloads\2014-08-02_rsform.xls 2014-07-31 20:17 - 2014-07-31 20:17 - 00013406 _____ () C:\Users\Konferencja Lean\Downloads\Baza adresów - LM gr 2.xlsx 2014-07-31 20:10 - 2014-07-31 20:10 - 00012837 _____ () C:\Users\Konferencja Lean\Downloads\warsztaty III dzien.xlsx 2014-07-28 22:31 - 2012-05-15 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-21 23:00 - 2013-05-25 15:15 - 00000000 ____D () C:\Users\Konferencja Lean\AppData\Local\Paint.NET 2014-07-17 22:07 - 2013-04-20 23:12 - 00002156 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-15 23:07 - 2014-07-15 23:06 - 00207546 _____ () C:\Users\Konferencja Lean\Desktop\Sobieszewo_ubezp_firlik.xlsx 2014-07-15 23:03 - 2014-07-15 22:43 - 00019543 _____ () C:\Users\Konferencja Lean\Desktop\Sobieszewo_ubezp.xlsx 2014-07-15 22:55 - 2014-07-15 22:55 - 00016384 _____ () C:\Users\Konferencja Lean\Downloads\Porcjunkula - wpłaty na sylwestra 2013 2014 (3).xls 2014-07-15 22:39 - 2014-07-15 22:39 - 00020872 _____ () C:\Users\Konferencja Lean\Downloads\Sobieszewo_ubezp.ods 2014-07-14 21:19 - 2014-03-30 03:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-13 20:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-12 21:33 - 2014-07-12 21:33 - 00080323 _____ () C:\Users\Konferencja Lean\Downloads\rsform_backup_2014-07-12_215229.zip 2014-07-12 13:24 - 2014-07-12 13:24 - 03440821 _____ () C:\Users\Konferencja Lean\Downloads\jf_calla-exteriors-unzip_first.zip 2014-07-12 10:52 - 2013-04-08 23:55 - 00000000 ____D () C:\Users\Konferencja Lean Some content of TEMP: ==================== C:\Users\Konferencja Lean\AppData\Local\Temp\COMAP.EXE C:\Users\Konferencja Lean\AppData\Local\Temp\GURCCEA.exe C:\Users\Konferencja Lean\AppData\Local\Temp\MotoCast_Installer_2.0031.exe C:\Users\Konferencja Lean\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-05-24 01:44 ==================== End Of Log ============================