Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-08-2015 02 Ran by User (administrator) on REMIGIUSZ (12-08-2015 12:10:42) Running from C:\Documents and Settings\User\Pulpit Loaded Profiles: User (Available Profiles: User & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Language: Polski Internet Explorer Version 6 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-1229272821-152049171-1177238915-1003\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [493776 2012-05-13] (Gadwin Systems, Inc) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1229272821-152049171-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-1229272821-152049171-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1229272821-152049171-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKU\S-1-5-21-1229272821-152049171-1177238915-1003 -> DefaultScope {193ADD3C-2E62-4BD9-9C68-3AF344F2B5D4} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7PRFB_plPL498 SearchScopes: HKU\S-1-5-21-1229272821-152049171-1177238915-1003 -> {193ADD3C-2E62-4BD9-9C68-3AF344F2B5D4} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7PRFB_plPL498 SearchScopes: HKU\S-1-5-21-1229272821-152049171-1177238915-1003 -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360056390718 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{4FA24950-FA66-4227-9C4F-69BFCF88ADF3}: [NameServer] 176.115.0.18,195.150.77.18 FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\5gmmoaeu.default FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-22] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1229272821-152049171-1177238915-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin HKU\S-1-5-21-1229272821-152049171-1177238915-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmapv32.dll [2004-04-07] (Autodesk, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-04] Chrome: ======= CHR Profile: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] StartMenuInternet: chrome.exe - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.) S4 HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [81920 2005-05-03] (Hewlett-Packard Company) [File not signed] S4 HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [73728 2004-06-10] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed] S2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-05-19] (Microsoft) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed] R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2009-10-07] (Dell Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [238000 2015-07-28] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.) S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2009-10-07] (Broadcom Corporation) S3 eapihdrv; C:\Documents and Settings\User\Ustawienia lokalne\temp\ehdrv.sys [135760 2015-08-11] (ESET) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R1 NvtSp50; C:\WINDOWS\System32\DRIVERS\NvtSp50.sys [22016 2008-06-10] (Printing Novatel Wireless Inc.) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) U2 CertPropSvc; no ImagePath S4 IntelIde; no ImagePath S1 MpKsl2c9465b6; \??\C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{2122BF6A-6941-48F1-AD52-C4635AF37B3F}\MpKsl2c9465b6.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 USBAAPL; System32\Drivers\usbaapl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 08:19 - 2015-08-12 12:13 - 00012212 _____ C:\Documents and Settings\User\Pulpit\FRST.txt 2015-08-12 08:18 - 2015-08-12 08:18 - 00000000 ____D C:\Documents and Settings\User\Pulpit\FRST-OlderVersion 2015-08-11 15:30 - 2015-08-11 15:30 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\AVG2015 2015-08-11 15:20 - 2015-08-11 15:20 - 00047242 _____ C:\Documents and Settings\Administrator\Pulpit\Shortcut.txt 2015-08-11 15:12 - 2015-08-11 15:20 - 00028543 _____ C:\Documents and Settings\Administrator\Pulpit\Addition.txt 2015-08-11 15:08 - 2015-08-11 15:20 - 00019903 _____ C:\Documents and Settings\Administrator\Pulpit\FRST.txt 2015-08-11 15:07 - 2015-08-12 12:10 - 00000000 ____D C:\FRST 2015-08-11 15:07 - 2015-08-11 10:51 - 01674752 _____ (Farbar) C:\Documents and Settings\Administrator\Pulpit\FRST.exe 2015-08-11 15:06 - 2015-08-11 15:06 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Avg2015 2015-08-11 15:03 - 2015-08-11 15:30 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-08-11 15:03 - 2015-08-11 15:20 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\temp 2015-08-11 15:03 - 2015-08-11 15:20 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2015-08-11 15:03 - 2015-08-11 15:06 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2015-08-11 15:03 - 2015-08-11 15:03 - 00000000 ____D C:\Documents and Settings\Administrator 2015-08-11 15:03 - 2015-06-11 08:16 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2015-08-11 15:03 - 2015-03-17 11:46 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2015-08-11 15:03 - 2014-08-18 15:49 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft Help 2015-08-11 15:03 - 2012-07-06 13:14 - 00000000 __SHD C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2015-08-11 15:03 - 2012-07-06 13:14 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2015-08-11 15:03 - 2012-07-06 13:14 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2015-08-11 15:03 - 2012-07-06 13:14 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start 2015-08-11 15:03 - 2012-07-06 13:14 - 00000000 ____D C:\Documents and Settings\Administrator\Ulubione 2015-08-11 15:03 - 2012-07-06 13:14 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty 2015-08-11 15:03 - 2012-07-06 11:36 - 00001599 _____ C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2015-08-11 15:03 - 2012-07-06 11:36 - 00000792 _____ C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2015-08-11 15:03 - 2012-07-06 11:36 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2015-08-11 15:03 - 2012-07-06 11:36 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy 2015-08-11 15:03 - 2012-07-06 11:30 - 00000000 ___HD C:\Documents and Settings\Administrator\Szablony 2015-08-11 15:02 - 2015-08-11 15:03 - 00000000 ____D C:\WINDOWS\CSC 2015-08-11 12:18 - 2015-08-11 12:18 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2015-08-11 12:03 - 2015-08-11 12:03 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\AVG2015 2015-08-11 11:58 - 2015-08-11 11:58 - 00000732 _____ C:\Documents and Settings\All Users\Pulpit\AVG 2015.lnk 2015-08-11 11:58 - 2015-08-11 11:58 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\TuneUp Software 2015-08-11 11:58 - 2015-08-11 11:58 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2015-08-11 11:57 - 2015-08-12 08:18 - 01676288 _____ (Farbar) C:\Documents and Settings\User\Pulpit\FRST.exe 2015-08-11 11:46 - 2015-08-11 12:01 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVG2015 2015-08-11 11:46 - 2015-08-11 11:46 - 00000000 ___HD C:\$AVG 2015-08-11 11:31 - 2015-08-11 15:06 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-11 11:30 - 2015-08-11 11:30 - 00000000 ____D C:\Program Files\AVG 2015-08-11 11:27 - 2015-08-11 11:27 - 00000777 _____ C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2015-08-11 11:27 - 2015-08-11 11:27 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2015-08-11 11:26 - 2015-08-11 11:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-11 11:26 - 2015-08-11 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2015-08-11 11:26 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-11 11:26 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-08-11 11:18 - 2015-08-12 08:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2015-08-11 11:18 - 2015-08-11 15:48 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Avg2015 2015-08-11 11:18 - 2015-08-11 11:18 - 00000000 ____D C:\Program Files\ESET 2015-08-11 11:18 - 2015-08-11 11:18 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\MFAData 2015-08-07 15:32 - 2015-08-07 15:34 - 00004990 _____ C:\Documents and Settings\User\Pulpit\Rkill.txt 2015-08-07 13:36 - 2015-08-07 13:38 - 00000000 ____D C:\Program Files\trend micro 2015-08-07 13:05 - 2015-08-07 13:05 - 00001580 _____ C:\Documents and Settings\All Users\Pulpit\Defraggler.lnk 2015-08-07 13:05 - 2015-08-07 13:05 - 00000000 ____D C:\Program Files\Defraggler 2015-08-07 13:04 - 2015-08-07 13:05 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-07 12:49 - 2015-08-07 12:49 - 00000000 ____D C:\Program Files\Odkurzacz 2015-08-07 12:49 - 2015-08-07 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz 2015-07-28 11:02 - 2015-07-28 11:02 - 00238000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys 2015-07-28 11:02 - 2015-07-28 11:02 - 00186800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys 2015-07-23 16:44 - 2015-07-23 16:44 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 12:13 - 2015-03-17 11:46 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\temp 2015-08-12 12:12 - 2012-07-06 11:34 - 01751232 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-12 12:07 - 2004-08-04 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-12 12:05 - 2012-07-09 16:50 - 00115276 _____ C:\WINDOWS\system32\nvModes.001 2015-08-12 12:04 - 2012-08-20 11:01 - 00000157 _____ C:\WINDOWS\wiadebug.log 2015-08-12 12:04 - 2012-08-20 11:01 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-08-12 12:01 - 2012-07-06 11:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-12 11:51 - 2012-07-06 11:41 - 00032486 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-12 11:50 - 2012-07-10 12:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2015-08-12 11:32 - 2013-11-07 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-12 11:10 - 2013-04-11 16:23 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-12 10:53 - 2012-07-06 11:43 - 00000188 ___SH C:\Documents and Settings\User\ntuser.ini 2015-08-12 08:19 - 2012-07-06 11:43 - 00000000 ____D C:\Documents and Settings\User\Pulpit 2015-08-12 08:17 - 2012-07-09 16:50 - 00115276 _____ C:\WINDOWS\system32\nvModes.dat 2015-08-11 14:44 - 2012-07-06 11:32 - 00000000 ____D C:\WINDOWS\srchasst 2015-08-11 14:03 - 2012-09-07 12:04 - 00000000 ____D C:\Documents and Settings\User\Pulpit\REmigiusz 2015-08-11 12:18 - 2012-07-06 11:41 - 00000000 __SHD C:\Documents and Settings\LocalService 2015-08-11 12:03 - 2012-07-06 11:43 - 00000000 __RHD C:\Documents and Settings\User\Dane aplikacji 2015-08-11 11:58 - 2012-07-06 13:14 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-08-11 11:58 - 2012-07-06 13:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2015-08-11 11:56 - 2015-06-05 10:45 - 00042084 _____ C:\WINDOWS\setupapi.log 2015-08-11 11:46 - 2012-07-06 13:13 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-08-11 11:24 - 2014-09-02 11:25 - 00000000 ____D C:\Documents and Settings\User\Moje dokumenty\Pobrane 2015-08-11 11:18 - 2012-07-06 11:43 - 00000000 ___HD C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji 2015-08-11 11:04 - 2012-07-06 13:15 - 01318700 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-11 11:04 - 2004-08-04 13:00 - 00588574 _____ C:\WINDOWS\system32\perfh015.dat 2015-08-11 11:04 - 2004-08-04 13:00 - 00120214 _____ C:\WINDOWS\system32\perfc015.dat 2015-08-10 11:31 - 2012-07-10 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2015-08-07 14:17 - 2015-05-28 15:07 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-07 13:31 - 2015-03-11 10:42 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-08-07 13:31 - 2015-03-11 10:34 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-08-07 13:28 - 2012-09-10 11:16 - 00000000 ____D C:\Program Files\Java 2015-08-07 12:56 - 2013-04-04 15:45 - 00000000 ____D C:\WINDOWS\ie8updates 2015-08-07 12:56 - 2013-02-05 12:03 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2015-08-07 08:25 - 2013-02-27 09:36 - 00000000 ____D C:\Program Files\WinRAR 2015-08-07 08:25 - 2013-02-27 09:36 - 00000000 ____D C:\Documents and Settings\User\Menu Start\Programy\WinRAR 2015-08-07 08:25 - 2013-02-27 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR 2015-07-17 16:33 - 2012-07-10 12:54 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt ==================== Files in the root of some directories ======= 2014-07-28 15:11 - 2008-07-07 13:22 - 0000014 ____C () C:\Documents and Settings\User\Dane aplikacji\options.ini 2014-07-28 15:11 - 2012-07-07 13:04 - 0000003 ____C () C:\Documents and Settings\User\Dane aplikacji\options_pdfcombine.ini 2014-07-28 15:11 - 2013-02-23 12:15 - 0000003 ____C () C:\Documents and Settings\User\Dane aplikacji\options_pdfrotator.ini 2014-07-28 15:11 - 2014-06-27 21:07 - 0000701 ____C () C:\Documents and Settings\User\Dane aplikacji\pdfsound.dll 2014-07-28 15:11 - 2013-06-09 09:38 - 0000053 ____C () C:\Documents and Settings\User\Dane aplikacji\setting.ini 2014-07-28 15:11 - 2014-07-28 15:12 - 0000030 ____C () C:\Documents and Settings\User\Dane aplikacji\setup.ini 2014-07-28 15:11 - 2013-06-09 09:30 - 0000043 ____C () C:\Documents and Settings\User\Dane aplikacji\setup_pdfcombine.ini 2014-07-28 15:11 - 2013-06-09 10:34 - 0000043 ____C () C:\Documents and Settings\User\Dane aplikacji\setup_pdfrotator.ini 2012-08-30 09:56 - 2013-03-18 10:07 - 0019456 ____C () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-02 08:08 - 2013-08-02 08:08 - 0000129 ____C () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2012-08-13 12:30 - 2012-08-13 12:29 - 0384835 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\speeddial.crx Some files in TEMP: ==================== C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp\mpam-3a86cfa1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================