Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Howoj (administrator) on HOWOJ-PC on 16-06-2015 14:59:41 Running from C:\Users\Howoj\Downloads Loaded Profiles: Howoj (Available Profiles: Howoj) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-636647274-2273593247-2775318690-1000\...\MountPoints2: {748d7f40-7740-11e4-8288-806e6f6e6963} - K:\Autorun.exe HKU\S-1-5-21-636647274-2273593247-2775318690-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> IFEO\backitup.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe" CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-636647274-2273593247-2775318690-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-636647274-2273593247-2775318690-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={4DDC5D35-4936-4EBA-9BEF-0EF243548D54}&mid=fe6555b85a7d47d28917d16d5b3e8c4c-e9f299f3bd5269855f764b398d83d496d36d3c62&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-07 15:30:03&v=4.1.0.411&pid=wtu&sg=&sap=hp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-636647274-2273593247-2775318690-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={4DDC5D35-4936-4EBA-9BEF-0EF243548D54}&mid=fe6555b85a7d47d28917d16d5b3e8c4c-e9f299f3bd5269855f764b398d83d496d36d3c62&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2015-05-07 15:30:03&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-06-10] (AVG) BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\StaBHO.dll [2014-11-10] (StatSoft, Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Howoj\AppData\Roaming\Mozilla\Firefox\Profiles\45447akl.default-1429600003903 FF SelectedSearchEngine: AVG Secure Search FF Homepage: https://mysearch.avg.com?pid=wtu&sg=&cid=%7Bcb38873c-7d40-4991-87c5-d906118b7551%7D&mid=fe6555b85a7d47d28917d16d5b3e8c4c-e9f299f3bd5269855f764b398d83d496d36d3c62&cmpid=0615tb&ds=AVG&v=4.1.0.411&lang=pl&pr=fr&d=2015-05-07%2015%3A30%3A03&sap=hp FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-28] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Howoj\AppData\Roaming\Mozilla\Firefox\Profiles\45447akl.default-1429600003903\searchplugins\avg-secure-search.xml [2015-06-10] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-10] FF Extension: AVG Web TuneUp - C:\Users\Howoj\AppData\Roaming\Mozilla\Firefox\Profiles\45447akl.default-1429600003903\Extensions\avg@toolbar [2015-06-10] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtAtDyE0FtByC0EyD0AtAzztD0B0AtN0D0Tzu0StCtByCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEzytAzztA0AyEtDtGtA0E0B0AtG0ByEzy0CtGyEyDzzzytGtDyBzz0FyEyEtCyB0AyB0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyEzzyByC0A0F0AtGtD0F0BtDtGyEyDtB0BtG0AyB0EyDtGtCtAtAtA0ByEyBtDyBtBtDyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1085758685%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Ultimate" CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1430497516&from=wpc&uid=ST3500418AS_5VM2XMD2XXXX5VM2XMD2&q={searchTerms} CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-04] CHR Extension: (Google Docs) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-04] CHR Extension: (Google Drive) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-04] CHR Extension: (YouTube) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-04] CHR Extension: (Google Search) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-04] CHR Extension: (Google Sheets) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-04] CHR Extension: (avast! Online Security) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04] CHR Extension: (IM Bar) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncanolnhggkhpbklpmhidohpgaepae [2015-05-01] CHR Extension: (Google Wallet) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-04] CHR Extension: (Gmail) - C:\Users\Howoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.) S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S4 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed] S4 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed] S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.) S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S4 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [232960 2009-06-10] (NVIDIA Corporation) [File not signed] S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2445112 2015-05-15] (AVG Technologies) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36664 2015-05-15] (AVG Technologies) S4 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-07] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-06-10] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation) S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-12-18] () R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH) [File not signed] R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-27] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.) S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] () R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-11-28] (Duplex Secure Ltd.) R2 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) S3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2014-09-09] (TuneUp Software) U3 ak4p5w25; C:\Windows\system32\Drivers\ak4p5w25.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S2 ASPI32; No ImagePath S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 15:02 - 2015-06-16 15:02 - 00380416 _____ C:\Users\Howoj\Downloads\k4fcrcyk.exe 2015-06-16 14:59 - 2015-06-16 15:01 - 00015339 _____ C:\Users\Howoj\Downloads\FRST.txt 2015-06-16 14:38 - 2015-06-16 14:59 - 00000000 ____D C:\FRST 2015-06-16 14:37 - 2015-06-16 14:37 - 01148416 _____ (Farbar) C:\Users\Howoj\Downloads\FRST.exe 2015-06-16 14:23 - 2015-06-16 14:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-16 14:22 - 2015-06-16 14:22 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-16 14:22 - 2015-06-16 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-16 14:22 - 2015-06-16 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-16 14:22 - 2015-06-16 14:22 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-16 14:22 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-16 14:22 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-16 14:22 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-16 14:12 - 2015-06-16 14:12 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Howoj\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-16 13:43 - 2015-06-16 13:48 - 00000000 ____D C:\Windows\pss 2015-06-16 12:52 - 2015-06-16 12:52 - 00196319 _____ C:\Users\Howoj\Desktop\Kronika 14 VI 2015, godz. 18.30 - TVP Kraków - Telewizja Pol.mp4 2015-06-16 12:52 - 2015-06-16 12:52 - 00000000 ____D C:\Users\Howoj\dwhelper 2015-06-16 12:33 - 2015-06-16 12:33 - 00000000 ____D C:\Users\Howoj\AppData\Local\Chromium 2015-06-13 14:10 - 2015-06-16 23:23 - 00000000 ____D C:\Users\Howoj\Desktop\Nowy folder 2015-06-13 11:22 - 2015-06-13 11:22 - 00000000 ____D C:\Program Files\Common Files\AV 2015-06-12 21:32 - 2015-06-12 21:46 - 00000000 ____D C:\Users\Howoj\Desktop\Kielce - 11.06.2015r 2015-06-10 06:35 - 2015-06-10 06:35 - 00000000 ____D C:\Users\Howoj\AppData\Local\StatSoft 2015-06-10 05:47 - 2015-06-10 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STATISTICA 12 2015-06-10 05:47 - 2015-06-10 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7 2015-06-10 05:47 - 2015-06-10 05:45 - 00001816 _____ C:\Users\Public\Desktop\STATISTICA.lnk 2015-06-10 05:47 - 2013-02-13 14:20 - 00027456 _____ (Softland) C:\Windows\system32\novamnk7.dll 2015-06-10 05:47 - 2013-02-13 14:19 - 00021824 _____ (Softland) C:\Windows\system32\novamik7.dll 2015-06-10 05:47 - 2011-11-22 16:03 - 00007549 _____ C:\Windows\system32\novak7.ctm 2015-06-10 05:46 - 2015-06-10 05:46 - 00000000 ____D C:\Program Files\Common Files\StatSoft 2015-06-10 05:45 - 2015-06-10 05:45 - 00000000 ____D C:\Program Files\StatSoft 2015-06-09 22:14 - 2015-06-09 22:14 - 00000742 _____ C:\Windows\KB893803v2.log 2015-06-08 22:20 - 2015-06-08 22:20 - 00002000 _____ C:\Users\Public\Desktop\Panorama Maker 6.lnk 2015-06-08 22:20 - 2015-06-08 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6 2015-06-08 22:20 - 2015-06-08 22:20 - 00000000 ____D C:\Program Files\Common Files\ArcSoft 2015-06-08 22:20 - 2015-06-08 22:20 - 00000000 ____D C:\Program Files\ArcSoft 2015-06-08 22:16 - 2015-06-08 22:17 - 46159978 _____ C:\Users\Howoj\Desktop\Panorama Maker 6.0.0.rar 2015-06-07 15:43 - 2015-06-07 15:43 - 03503616 _____ C:\Users\Howoj\Downloads\Fotowall%200.9%20WinXP%20Vista%207.exe 2015-06-07 15:26 - 2015-06-07 15:34 - 00000000 ____D C:\Users\Howoj\Desktop\Darek kolaż 2015-06-07 15:10 - 2015-06-07 15:10 - 00000000 ____D C:\Users\Howoj\AppData\Local\M-Photo_Ltd 2015-06-07 14:54 - 2015-06-07 14:54 - 00000000 ____D C:\ProgramData\M-Photo 2015-06-07 14:53 - 2015-06-07 14:53 - 28618591 _____ C:\Windows\system32\D3Studio [nfoto.com.pl]_nfotokreator_uninstaller.exe 2015-06-07 14:53 - 2015-06-07 14:53 - 00000000 ____D C:\nfoto_Albums 2015-06-07 14:48 - 2015-06-07 14:52 - 302376983 _____ C:\Users\Howoj\Downloads\nfotokreator_setup.exe 2015-06-04 22:42 - 2015-06-16 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 5.6 2015-06-04 22:42 - 2015-06-16 23:23 - 00000000 ____D C:\Program Files\AOMEI Partition Assistant Standard Edition 5.6 2015-06-04 22:42 - 2015-06-04 23:02 - 00001024 ____H C:\AMTAG.BIN 2015-06-04 22:42 - 2015-06-04 22:42 - 00001243 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Standard Edition 5.6.lnk 2015-06-04 22:42 - 2015-01-02 15:18 - 01576560 _____ C:\Windows\ampa.exe 2015-06-04 22:42 - 2013-12-18 11:33 - 00014448 _____ C:\Windows\system32\ampa.sys 2015-06-04 22:41 - 2015-06-04 22:41 - 08644488 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Howoj\Downloads\PAssist_Std.exe 2015-06-04 20:31 - 2015-06-04 20:31 - 00000000 _____ C:\Windows\setuperr.log 2015-06-02 20:23 - 2015-06-02 20:23 - 00000000 ____D C:\Users\Howoj\AppData\Local\GWX 2015-05-31 09:36 - 2015-06-07 14:12 - 00000000 ____D C:\Users\Howoj\Desktop\Darek do kalendarza IX.2015 - VIII.2016 2015-05-28 14:10 - 2015-05-28 14:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Howoj\Downloads\flashplayer17au_ha_install.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 23:23 - 2015-05-07 15:29 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2015-06-16 23:23 - 2015-04-05 10:30 - 00000000 ____D C:\Windows\system32\GWX 2015-06-16 23:23 - 2014-12-11 17:58 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-16 23:23 - 2014-11-10 20:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-16 23:23 - 2014-11-04 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-06-16 23:23 - 2014-10-06 16:41 - 00000000 ____D C:\Users\Howoj\AppData\Local\Microsoft Help 2015-06-16 23:23 - 2014-10-05 12:51 - 00000000 ____D C:\Users\Howoj\AppData\Roaming\Winamp 2015-06-16 23:23 - 2014-10-04 18:15 - 00000000 ____D C:\Windows\system32\CompatTel 2015-06-16 23:23 - 2014-10-04 14:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-16 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2015-06-16 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL 2015-06-16 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2015-06-16 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2015-06-16 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-06-16 23:22 - 2014-10-05 00:26 - 00000000 ____D C:\Users\Howoj\AppData\Roaming\Nero 2015-06-16 14:51 - 2014-10-04 14:32 - 01796836 _____ C:\Windows\WindowsUpdate.log 2015-06-16 14:51 - 2009-07-14 06:34 - 00026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-16 14:51 - 2009-07-14 06:34 - 00026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-16 14:50 - 2014-10-05 17:38 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-16 14:48 - 2014-10-04 19:47 - 00743026 _____ C:\Windows\system32\perfh015.dat 2015-06-16 14:48 - 2014-10-04 19:47 - 00156508 _____ C:\Windows\system32\perfc015.dat 2015-06-16 14:48 - 2010-11-20 23:01 - 01676910 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-16 14:43 - 2014-11-11 14:11 - 00053295 _____ C:\Windows\setupact.log 2015-06-16 14:43 - 2014-11-11 14:11 - 00015088 _____ C:\Windows\PFRO.log 2015-06-16 14:43 - 2014-10-04 15:52 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-16 14:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-16 14:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Speech 2015-06-16 14:20 - 2014-10-04 15:52 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-16 13:49 - 2014-10-05 15:58 - 00000000 ____D C:\ProgramData\NVIDIA 2015-06-16 13:37 - 2014-11-04 23:08 - 00000000 ____D C:\ProgramData\MFAData 2015-06-16 13:24 - 2014-10-04 14:32 - 00000000 ____D C:\Users\Howoj 2015-06-15 19:56 - 2014-10-05 15:32 - 00000000 ____D C:\Users\Howoj\Desktop\Ze skanera 2015-06-15 17:51 - 2014-10-05 18:58 - 00000000 ____D C:\Users\Howoj\Documents\FotoSender 2015-06-15 10:19 - 2014-10-05 17:37 - 00000000 ____D C:\Users\Howoj\AppData\Local\Adobe 2015-06-11 08:16 - 2014-10-04 16:56 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 14:58 - 2015-05-07 15:29 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-06-09 22:06 - 2014-11-28 22:58 - 00000631 _____ C:\Users\Howoj\Documents\ax_files.xml 2015-06-09 20:42 - 2014-11-25 19:15 - 00000000 ____D C:\Users\Howoj\AppData\Roaming\StatSoft 2015-06-08 22:20 - 2015-05-01 15:36 - 00000000 ____D C:\ProgramData\ArcSoft 2015-06-08 22:20 - 2014-10-04 21:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-06-07 14:18 - 2015-05-01 15:48 - 00000000 ____D C:\Users\Howoj\AppData\Roaming\MAGIX 2015-05-28 14:11 - 2014-10-05 17:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-28 14:11 - 2014-10-05 17:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-22 11:30 - 2015-01-31 11:45 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-05-22 11:29 - 2014-11-11 13:51 - 00000000 ____D C:\Users\Howoj\AppData\Local\Avg ==================== Files in the root of some directories ======= 2014-10-05 19:46 - 2014-10-05 19:48 - 82291509 _____ () C:\Program Files\AdbeRdr11000_pl_PL.dmg 2014-10-05 18:44 - 2014-10-05 18:44 - 0072008 _____ (Azureus Software, Inc.) C:\Program Files\VuzeBittorrentClientInstaller.exe 2015-01-05 21:34 - 2015-01-26 20:48 - 0000158 _____ () C:\Users\Howoj\AppData\Roaming\default.rss 2015-01-25 18:31 - 2015-01-25 18:31 - 0000132 _____ () C:\Users\Howoj\AppData\Roaming\Preferencje Adobe CS5 dla formatu BMP 2014-10-17 14:19 - 2014-12-13 20:15 - 0004608 _____ () C:\Users\Howoj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-01 16:50 - 2015-05-01 16:50 - 0000218 _____ () C:\Users\Howoj\AppData\Local\recently-used.xbel ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 11:44 ==================== End of log ============================