Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 Ran by Jurek (administrator) on JUREK-PC on 30-10-2014 16:38:31 Running from C:\Users\Jurek\Desktop Loaded Profile: Jurek (Available profiles: Jurek & Administrator) Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\ScreenShooter\screenshooter.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\PING.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.) HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited) HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [273544 2011-05-24] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\Run: [screenshooter] => C:\Program Files\ScreenShooter\screenshooter.exe [606208 2010-09-03] () HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {08c11594-f480-11de-99c7-001fe2e3b6f6} - F:\AutoRun.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {15dadd81-22e3-11e3-b921-a57a10cbc9af} - G:\LaunchU3.exe -a HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {1797409d-d4dd-11dd-9448-001fe2e3b6f6} - E:\AutoRun.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {179740ad-d4dd-11dd-9448-001fe2e3b6f6} - E:\AutoRun.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {179740ae-d4dd-11dd-9448-001fe2e3b6f6} - E:\AutoRun.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {1909ff6a-6f16-11dd-9a99-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {6dc42757-6f63-11dd-bb53-00221574f2a2} - S:\LenovoSDrive.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {a1dd49f7-2edd-11df-a084-806e6f6e6963} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {e7ca034a-ac2f-11df-81f2-001fe2e3b6f6} - G:\USBNB.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {e9719cf9-10a3-11de-ae29-001fe2e3b6f6} - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe HKU\S-1-5-21-1326293613-815195847-3214297108-1003\...\MountPoints2: {ef505b4f-c183-11dd-b712-001fe2e3b6f6} - E:\setupSNK.exe Lsa: [Notification Packages] scecli psqlpwd ACGina Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Jurek\AppData\Roaming\Mozilla\Firefox\Profiles\qiriiqqp.default-1414087241846 FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-05] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR Profile: C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16] CHR Extension: (Dysk Google) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16] CHR Extension: (YouTube) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16] CHR Extension: (Szukaj w Google) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16] CHR Extension: (Google Wallet) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16] CHR Extension: (Gmail) - C:\Users\Jurek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16] CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files\Google\Chrome\User Data\Default\Extensions\serach.crx [] CHR HKLM\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] () [File not signed] S4 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed] R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [65536 2008-06-20] (France Telecom SA) [File not signed] S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [378416 2013-02-05] (Samsung Electronics Co., Ltd.) R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed] R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed] R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed] S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-24] (Lenovo Group Limited) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 adipfusb; C:\Windows\System32\DRIVERS\adipfusb.sys [28182 2005-05-12] (Analog Devices Inc.) S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-29] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100) S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12560 2008-06-24] (UPEK Inc.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [9632128 2007-10-01] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-05-14] (Duplex Secure Ltd.) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed] R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-07-28] () R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2008-08-21] (Lenovo) [File not signed] S1 bcazqvnc; \??\C:\Windows\system32\drivers\bcazqvnc.sys [X] S2 eamonm; system32\DRIVERS\eamonm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 MSICDSetup; \??\D:\CDriver.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 16:38 - 2014-10-30 16:39 - 00015666 _____ () C:\Users\Jurek\Desktop\FRST.txt 2014-10-30 16:38 - 2014-10-30 16:38 - 00000000 ____D () C:\FRST 2014-10-30 16:37 - 2014-10-30 12:18 - 01105408 _____ (Farbar) C:\Users\Jurek\Desktop\FRST.exe 2014-10-30 00:45 - 2014-10-30 00:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-10-30 00:45 - 2014-10-30 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-30 00:45 - 2014-10-30 00:45 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-30 00:42 - 2014-10-30 00:42 - 00638888 _____ (Oracle Corporation) C:\Users\Jurek\Downloads\chromeinstall-8u25.exe 2014-10-30 00:40 - 2014-10-30 00:40 - 00305664 _____ (Secure By Design Inc.) C:\Users\Jurek\Downloads\Ninite Java 8 Installer.exe 2014-10-30 00:38 - 2014-10-30 00:38 - 00001710 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-10-30 00:38 - 2014-10-30 00:38 - 00001654 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-10-30 00:38 - 2014-10-30 00:38 - 00000000 ____D () C:\Users\Jurek\AppData\Roaming\Canneverbe Limited 2014-10-30 00:38 - 2014-10-30 00:38 - 00000000 ____D () C:\Program Files\CDBurnerXP 2014-10-30 00:37 - 2014-10-30 00:38 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3 2014-10-30 00:37 - 2014-10-30 00:37 - 00000935 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk 2014-10-30 00:35 - 2014-10-30 00:37 - 00000000 ____D () C:\Program Files\LibreOffice 4 2014-10-30 00:13 - 2014-10-30 00:13 - 00305664 _____ (Secure By Design Inc.) C:\Users\Jurek\Downloads\Ninite CDBurnerXP Java 8 LibreOffice Installer.exe 2014-10-29 23:30 - 2014-10-29 23:30 - 00000314 _____ () C:\Windows\PFRO.log 2014-10-29 23:26 - 2014-10-29 23:42 - 00000000 ____D () C:\AdwCleaner 2014-10-29 23:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-10-29 23:24 - 2014-10-29 23:24 - 00000787 _____ () C:\Windows\setupact.log 2014-10-29 23:24 - 2014-10-29 23:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-29 21:04 - 2014-10-29 21:04 - 00000000 ____D () C:\Intel 2014-10-29 07:11 - 2014-10-29 07:23 - 00000000 ____D () C:\Users\Jurek\Desktop\GUMTREE DANTEGO 2014-10-28 15:19 - 2014-10-29 07:12 - 00000000 ____D () C:\Users\Jurek\Desktop\Dantego 2014-10-28 06:49 - 2014-10-28 12:15 - 00000000 ____D () C:\Users\Jurek\Desktop\Bolkowska 2014-10-27 13:34 - 2014-10-27 15:02 - 00000000 ____D () C:\Users\Jurek\Desktop\al. Wyścigowa 2014-10-26 12:53 - 2014-10-26 12:53 - 00000000 ____D () C:\Users\Jurek\AppData\Roaming\DropboxMaster 2014-10-26 12:52 - 2014-10-26 12:53 - 00000000 ____D () C:\Users\Jurek\AppData\Roaming\Dropbox 2014-10-26 12:52 - 2014-10-26 12:52 - 00000000 ____D () C:\Users\Jurek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-10-26 12:26 - 2014-10-26 12:27 - 04975992 _____ (AVAST Software) C:\Users\Jurek\Downloads\avast_pro_antivirus_setup_online (1).exe 2014-10-26 11:36 - 2014-10-26 16:12 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-10-26 11:35 - 2014-10-26 11:35 - 04975992 _____ (AVAST Software) C:\Users\Jurek\Downloads\avast_pro_antivirus_setup_online.exe 2014-10-25 06:04 - 2014-10-25 06:05 - 00000000 ____D () C:\Users\Jurek\Desktop\Malawskiego 2014-10-23 19:23 - 2014-10-23 19:23 - 00868296 _____ (Opera Software) C:\Users\Jurek\Downloads\Opera_NI_stable (3).exe 2014-10-23 19:22 - 2014-10-23 19:22 - 00868296 _____ (Opera Software) C:\Users\Jurek\Downloads\Opera_NI_stable (2).exe 2014-10-23 19:15 - 2014-10-23 19:15 - 00868296 _____ (Opera Software) C:\Users\Jurek\Downloads\Opera_NI_stable (1).exe 2014-10-23 19:11 - 2014-10-23 19:11 - 00868296 _____ (Opera Software) C:\Users\Jurek\Downloads\Opera_NI_stable.exe 2014-10-23 18:54 - 2014-10-23 18:55 - 00244368 _____ () C:\Users\Jurek\Downloads\Firefox Setup Stub 33.0.exe 2014-10-20 06:29 - 2014-10-20 06:31 - 00000000 ____D () C:\Users\Jurek\Desktop\al. Wilanowska ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 16:35 - 2014-05-16 12:47 - 01379954 _____ () C:\Windows\WindowsUpdate.log 2014-10-30 16:30 - 2014-05-16 12:51 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-30 16:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-30 16:30 - 2006-11-02 13:47 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-30 16:30 - 2006-11-02 13:47 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-30 16:29 - 2008-08-21 01:20 - 00009268 _____ () C:\Windows\bthservsdp.dat 2014-10-30 16:29 - 2006-11-02 14:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-30 16:25 - 2009-06-24 19:53 - 00000000 ____D () C:\Users\Jurek\AppData\Roaming\Mozilla 2014-10-30 16:22 - 2008-11-28 17:50 - 00116840 _____ () C:\Users\Jurek\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-30 16:21 - 2014-05-16 12:51 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-30 16:21 - 2006-11-02 13:47 - 00440712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-30 00:44 - 2013-10-11 17:51 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-30 00:44 - 2008-08-21 01:45 - 00000000 ____D () C:\Program Files\Java 2014-10-30 00:41 - 2008-08-21 01:34 - 00605120 _____ () C:\Windows\system32\TPAPSLOG.LOG 2014-10-30 00:33 - 2010-04-20 12:15 - 00000416 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job 2014-10-30 00:20 - 2014-09-03 14:07 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-30 00:05 - 2009-08-24 09:24 - 00000000 ____D () C:\Program Files\OpenOffice.org 3 2014-10-29 23:26 - 2008-04-18 22:01 - 01734852 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-29 23:26 - 2008-04-18 22:00 - 00755954 _____ () C:\Windows\system32\perfh015.dat 2014-10-29 23:26 - 2008-04-18 22:00 - 00173148 _____ () C:\Windows\system32\perfc015.dat 2014-10-29 22:32 - 2008-11-28 17:51 - 00000254 _____ () C:\Windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job 2014-10-29 21:54 - 2014-05-16 11:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 21:41 - 2008-08-21 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkVantage 2014-10-29 21:41 - 2008-08-21 01:24 - 00000000 ____D () C:\Program Files\Lenovo 2014-10-29 20:37 - 2008-11-30 15:27 - 00000393 _____ () C:\Users\Public\Documents\BluetoothLog.html 2014-10-29 20:08 - 2008-08-21 01:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-29 20:02 - 2008-08-21 01:43 - 00000000 ____D () C:\Program Files\ThinkVantage 2014-10-29 18:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help 2014-10-29 18:00 - 2010-04-20 12:16 - 00000442 _____ () C:\Windows\Tasks\ParetoLogic Registration.job 2014-10-29 17:44 - 2014-05-16 12:53 - 00001947 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-29 17:43 - 2013-07-31 14:29 - 00000266 _____ () C:\Windows\Tasks\DriverDoc_UPDATES.job 2014-10-28 12:27 - 2012-08-16 20:42 - 00000000 ____D () C:\Users\Public\Documents\ICU 2014-10-26 16:02 - 2012-09-25 16:25 - 00000000 ____D () C:\Users\Jurek\AppData\Local\Thunderbird 2014-10-26 15:58 - 2012-05-09 19:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-26 13:02 - 2014-04-30 09:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-10-26 13:02 - 2014-02-25 19:07 - 00001772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-10-26 13:02 - 2014-02-25 19:07 - 00001760 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-10-24 09:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Globalization 2014-10-24 08:48 - 2014-05-16 11:32 - 00000869 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 08:48 - 2014-05-16 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-24 08:48 - 2014-05-16 11:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-24 06:43 - 2011-10-15 17:29 - 00000000 ____D () C:\Program Files\Opera 2014-10-23 19:46 - 2009-02-03 22:17 - 00000000 _____ () C:\Users\Public\Documents\AcSvc.dmp 2014-10-23 19:13 - 2013-08-05 23:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-21 09:05 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-20 15:14 - 2013-07-29 06:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-20 14:58 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-10-01 10:11 - 2014-05-16 11:32 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 10:11 - 2014-05-16 11:32 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-01 10:11 - 2014-05-16 11:32 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-30 16:37 ==================== End Of Log ============================