Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Czarek (administrator) on CZAREK-KOMPUTER on 02-09-2013 17:06:55
Running from C:\Users\Czarek\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Macrovision Europe Ltd.) C:\Users\Czarek\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Users\Czarek\AppData\Local\Temp\Task Scheduler Engine\Task Scheduler Engine.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Users\Czarek\AppData\Local\Temp\AppLunch\Task Scheduler Engine.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\Czarek\Downloads\OTL.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [XFastUsb] - C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2012-05-22] (FNet Co., Ltd.)
HKLM\...\Run: [CTSyncService] - C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [14848 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit)
HKCU\...\Run: [ASRockXTU] -  [x]
HKCU\...\Run: [zASRockInstantBoot] -  [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Czarek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-06] (Google Inc.)
HKCU\...\Run: [Oracle Java] - C:\Windows\system32\javaw.exe [149280 2012-03-10] (Sun Microsystems, Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKCU\...\Run: [Task Scheduler Engine] - C:\Users\Czarek\AppData\Local\Temp\Task Scheduler Engine\Task Scheduler Engine.exe [200192 2013-08-31] (Microsoft Corporation) <===== ATTENTION
HKCU\...\Run: [System Protocol] - C:\Users\Czarek\AppData\Local\Temp\AppLunch\Task Scheduler Engine.exe [1169224 2010-11-05] (Microsoft Corporation) <===== ATTENTION
HKCU\...\Policies\system: [EnableLUA] 0
MountPoints2: {491e98fa-1908-11e1-984d-002522cc5546} - H:\autorun.exe
MountPoints2: {508996c0-adac-11e1-bfeb-806e6f6e6963} - F:\Install.exe
MountPoints2: {50899814-adac-11e1-bfeb-002522cc5546} - G:\setup.exe
MountPoints2: {b54e4b12-1049-11e2-8ee6-002522cc5546} - I:\iLinker.exe
Startup: C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

URLSearchHook: (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} -  No File
URLSearchHook: (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://pl.v9.com/?utm_source=b&utm_medium=cor
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKLM - {B039E07F-F802-446a-A9EE-28C3A78897DA} URL = http://startsear.ch/?aff=1&src=sp&cf=1ec1d27e-186b-11e1-8676-002522cc5546&q={searchTerms}
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=34&r=2013/05/26&hid=2797312376&lg=EN&cc=PL&unqvl=16
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F050002522CC5546&affID=121133&tsp=4991
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F050002522CC5546&affID=121133&tsp=4991
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKCU - {B039E07F-F802-446a-A9EE-28C3A78897DA} URL = 
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=34&r=2013/05/26&hid=2797312376&lg=EN&cc=PL&unqvl=16
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks)
BHO: TubeSaver - {8126319b-dc72-4c94-ab85-0ec9985fc040} - C:\Program Files\TubeSaver\131.dll (TubeSaver)
BHO: No Name - {8DD0E67E-4ED8-5575-387E-6528E915638A} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
Toolbar: HKCU -No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKCU -No Name - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} -  No File
Toolbar: HKCU -No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.204.159.1 8.8.8.8

Chrome: 
=======
CHR HomePage: hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=F050002522CC5546&affID=121133&tsp=4991
CHR RestoreOnStartup: "hxxp://google.pl/"
CHR DefaultSearchURL: (Google) - http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
CHR DefaultSuggestURL: (Google) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Czarek\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Czarek\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Czarek\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Unity Player) - C:\Users\Czarek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Czarek\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (VshareComplete plugin for chrome) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
CHR Extension: (Select Links App) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjfjcnbocflmiihlkadkdpeakcagfhai\4.3_0
CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\VshareComplete\chrome\VshareCompleteChrome.crx
CHR HKLM\...\Chrome\Extension: [hjfjcnbocflmiihlkadkdpeakcagfhai] - C:\Program Files\OApps\chrome-sl.crx
CHR HKLM\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files\TubeSaver\131.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-25] (Creative Labs)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2011-11-03] ()
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-25] (Creative Labs)
S2 AviraUpgradeService; 
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2011-10-26] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-06-03] (DT Soft Ltd)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-11-14] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-25] (FNet Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-11-27] ()
U3 a4ba04l0; C:\Windows\System32\Drivers\a4ba04l0.sys [0 ] (Advanced Micro Devices)
S3 esgiguard; No ImagePath
S3 Maplom; No ImagePath
S3 MaplomL; No ImagePath
S3 PCANDIS4; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 17:05 - 2013-09-02 17:05 - 01085803 _____ (Farbar) C:\Users\Czarek\Downloads\FRST.exe
2013-09-02 17:04 - 2013-09-02 17:04 - 00075490 _____ C:\Users\Czarek\Downloads\Extras.Txt
2013-09-02 17:03 - 2013-09-02 17:03 - 00087706 _____ C:\Users\Czarek\Downloads\OTL.Txt
2013-09-02 16:53 - 2013-09-02 16:53 - 00000000 ____D C:\Users\Czarek\Desktop\szkoła
2013-09-02 16:49 - 2013-09-02 16:49 - 00602112 _____ (OldTimer Tools) C:\Users\Czarek\Downloads\OTL.exe
2013-09-02 08:51 - 2013-09-02 16:43 - 00013580 _____ C:\Windows\PFRO.log
2013-09-01 21:54 - 2013-09-02 16:43 - 00000448 _____ C:\Windows\setupact.log
2013-09-01 21:54 - 2013-09-01 21:54 - 00000000 _____ C:\Windows\setuperr.log
2013-08-31 13:22 - 2013-08-31 13:22 - 00000000 __SHD C:\Users\Czarek\AppData\Roaming\msgr
2013-08-31 12:41 - 2013-08-31 12:45 - 00000000 ____D C:\Program Files\MyPC Backup
2013-08-31 12:41 - 2013-08-31 12:41 - 00000000 ____D C:\Users\Czarek\AppData\Local\avgchrome
2013-08-31 12:41 - 2013-08-31 12:41 - 00000000 ____D C:\Program Files\AppFiles
2013-08-31 12:40 - 2013-09-02 16:43 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-31 12:40 - 2013-09-02 16:42 - 00000000 ____D C:\ProgramData\DSearchLink
2013-08-31 12:40 - 2013-09-02 16:42 - 00000000 ____D C:\Program Files\TubeSaver
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-30 01:45 - 2013-08-30 01:45 - 00000000 ____D C:\Users\Czarek\AppData\Local\Apple Computer
2013-08-30 01:40 - 2013-08-30 01:43 - 735064064 _____ C:\Users\Czarek\Downloads\The.Hitcher.1986.PL.DVDRip.XviD.avi
2013-08-29 22:06 - 2013-08-29 22:08 - 64835670 _____ C:\Users\Czarek\Downloads\Kuba.Knap.Bez.Nerwow.Bez.Zludzen.PL.2013.EMPiK.rar
2013-08-25 22:15 - 2013-08-25 22:18 - 00000000 ____D C:\Users\Czarek\Desktop\zdj
2013-08-19 23:55 - 2013-08-20 00:12 - 1467985920 _____ C:\Users\Czarek\Downloads\Lost.Highway.1997.PL.AC3.DVDRip.XviD-OldStarS.avi
2013-08-14 09:00 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:00 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:00 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:00 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:00 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:00 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:00 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:00 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:00 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 05:31 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 05:31 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 05:31 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 05:31 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 05:31 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 05:31 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 05:31 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 05:31 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 05:31 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 05:31 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 05:31 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 05:30 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-08 02:09 - 2013-08-08 02:09 - 03471387 _____ C:\Users\Czarek\Downloads\VentriloMIX.exe
2013-08-07 23:44 - 2013-08-07 23:44 - 00000841 _____ C:\Users\Public\Desktop\Ventrilo.lnk
2013-08-04 23:40 - 2013-08-30 15:18 - 00000039 _____ C:\Users\Czarek\Desktop\Nowy dokument tekstowy.txt
2013-08-04 23:15 - 2013-09-02 15:44 - 00000000 ____D C:\Program Files\DefaultTab
2013-08-04 23:15 - 2013-08-15 13:27 - 00000892 __RSH C:\Users\Czarek\ntuser.pol

==================== One Month Modified Files and Folders =======

2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:05 - 2013-09-02 17:05 - 01085803 _____ (Farbar) C:\Users\Czarek\Downloads\FRST.exe
2013-09-02 17:04 - 2013-09-02 17:04 - 00075490 _____ C:\Users\Czarek\Downloads\Extras.Txt
2013-09-02 17:03 - 2013-09-02 17:03 - 00087706 _____ C:\Users\Czarek\Downloads\OTL.Txt
2013-09-02 16:53 - 2013-09-02 16:53 - 00000000 ____D C:\Users\Czarek\Desktop\szkoła
2013-09-02 16:52 - 2011-12-11 21:07 - 00000000 ___RD C:\Users\Czarek\Desktop\Programy
2013-09-02 16:52 - 2011-10-25 20:01 - 00000000 ____D C:\Users\Czarek\Downloads\Programy- instalki
2013-09-02 16:50 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 16:50 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 16:49 - 2013-09-02 16:49 - 00602112 _____ (OldTimer Tools) C:\Users\Czarek\Downloads\OTL.exe
2013-09-02 16:47 - 2011-10-25 17:51 - 01526208 _____ C:\Windows\WindowsUpdate.log
2013-09-02 16:43 - 2013-09-02 08:51 - 00013580 _____ C:\Windows\PFRO.log
2013-09-02 16:43 - 2013-09-01 21:54 - 00000448 _____ C:\Windows\setupact.log
2013-09-02 16:43 - 2013-08-31 12:40 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-02 16:43 - 2013-05-26 23:59 - 00000000 ____D C:\Program Files\WebSearch
2013-09-02 16:43 - 2013-05-26 23:58 - 00000000 ____D C:\Program Files\ContinueToSave
2013-09-02 16:43 - 2013-03-11 11:30 - 00000000 ____D C:\Program Files\BrowseToSave
2013-09-02 16:43 - 2012-07-13 13:16 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-02 16:43 - 2009-07-14 10:07 - 00000000 ____D C:\Windows\DigitalLocker
2013-09-02 16:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 16:42 - 2013-08-31 12:40 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-02 16:42 - 2013-08-31 12:40 - 00000000 ____D C:\Program Files\TubeSaver
2013-09-02 16:42 - 2013-05-26 23:58 - 00000000 ____D C:\ProgramData\coNtoinauettoosavE
2013-09-02 16:33 - 2012-12-06 21:08 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938636079-2743700497-1177568648-1000UA.job
2013-09-02 16:19 - 2012-04-27 18:50 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 15:44 - 2013-08-04 23:15 - 00000000 ____D C:\Program Files\DefaultTab
2013-09-01 21:54 - 2013-09-01 21:54 - 00000000 _____ C:\Windows\setuperr.log
2013-09-01 20:33 - 2012-12-06 21:08 - 00001010 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938636079-2743700497-1177568648-1000Core.job
2013-09-01 15:21 - 2011-10-25 20:06 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Media Player Classic
2013-08-31 13:22 - 2013-08-31 13:22 - 00000000 __SHD C:\Users\Czarek\AppData\Roaming\msgr
2013-08-31 13:19 - 2012-06-24 19:01 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Tibia
2013-08-31 13:19 - 2011-10-26 22:26 - 00000000 ____D C:\Users\Czarek\AppData\Local\CrashDumps
2013-08-31 13:03 - 2013-07-22 19:46 - 51163136 _____ C:\Windows\system32\config\SOFTWARE.iobit
2013-08-31 13:03 - 2013-07-22 19:46 - 20135936 _____ C:\Windows\system32\config\SYSTEM.iobit
2013-08-31 13:03 - 2013-07-22 19:46 - 00389120 _____ C:\Windows\system32\config\DEFAULT.iobit
2013-08-31 13:03 - 2013-07-22 19:46 - 00032768 _____ C:\Windows\system32\config\SAM.iobit
2013-08-31 13:03 - 2013-07-22 19:46 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2013-08-31 13:03 - 2012-05-04 12:05 - 32268288 _____ C:\Windows\system32\config\COMPONENTS.iobit
2013-08-31 13:03 - 2011-10-25 17:51 - 00000000 ____D C:\Users\Czarek
2013-08-31 12:45 - 2013-08-31 12:41 - 00000000 ____D C:\Program Files\MyPC Backup
2013-08-31 12:41 - 2013-08-31 12:41 - 00000000 ____D C:\Users\Czarek\AppData\Local\avgchrome
2013-08-31 12:41 - 2013-08-31 12:41 - 00000000 ____D C:\Program Files\AppFiles
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-31 12:40 - 2013-08-31 12:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-30 19:55 - 2011-10-25 17:55 - 01549932 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 19:55 - 2009-07-14 10:07 - 00697896 _____ C:\Windows\system32\perfh015.dat
2013-08-30 19:55 - 2009-07-14 10:07 - 00135006 _____ C:\Windows\system32\perfc015.dat
2013-08-30 15:18 - 2013-08-04 23:40 - 00000039 _____ C:\Users\Czarek\Desktop\Nowy dokument tekstowy.txt
2013-08-30 01:45 - 2013-08-30 01:45 - 00000000 ____D C:\Users\Czarek\AppData\Local\Apple Computer
2013-08-30 01:43 - 2013-08-30 01:40 - 735064064 _____ C:\Users\Czarek\Downloads\The.Hitcher.1986.PL.DVDRip.XviD.avi
2013-08-29 22:08 - 2013-08-29 22:06 - 64835670 _____ C:\Users\Czarek\Downloads\Kuba.Knap.Bez.Nerwow.Bez.Zludzen.PL.2013.EMPiK.rar
2013-08-28 10:11 - 2011-10-25 20:12 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Winamp
2013-08-25 22:18 - 2013-08-25 22:15 - 00000000 ____D C:\Users\Czarek\Desktop\zdj
2013-08-22 13:40 - 2012-12-31 23:22 - 00000000 ____D C:\Users\Czarek\Documents\Fiddler2
2013-08-21 01:31 - 2012-02-11 21:30 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\BitTorrent
2013-08-20 20:19 - 2012-04-27 18:50 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 20:19 - 2011-10-25 18:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 00:12 - 2013-08-19 23:55 - 1467985920 _____ C:\Users\Czarek\Downloads\Lost.Highway.1997.PL.AC3.DVDRip.XviD-OldStarS.avi
2013-08-16 19:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-15 13:27 - 2013-08-04 23:15 - 00000892 __RSH C:\Users\Czarek\ntuser.pol
2013-08-14 15:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 11:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-08-14 09:05 - 2013-07-17 00:56 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:04 - 2011-10-25 19:14 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 17:50 - 2012-01-31 15:14 - 00000000 ____D C:\Program Files\JDownloader
2013-08-08 02:23 - 2013-07-28 13:24 - 00000000 ____D C:\Program Files\ipla
2013-08-08 02:09 - 2013-08-08 02:09 - 03471387 _____ C:\Users\Czarek\Downloads\VentriloMIX.exe
2013-08-07 23:45 - 2011-12-26 18:32 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Ventrilo
2013-08-07 23:44 - 2013-08-07 23:44 - 00000841 _____ C:\Users\Public\Desktop\Ventrilo.lnk
2013-08-07 23:44 - 2011-12-26 18:31 - 00000000 ____D C:\Program Files\Ventrilo
2013-08-07 23:44 - 2011-11-15 23:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-07 23:43 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-07 20:59 - 2013-07-28 13:25 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\ipla
2013-08-04 23:15 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-08-04 23:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources

Files to move or delete:
====================
C:\Users\Czarek\AppData\Local\Temp\Task Scheduler Engine\Task Scheduler Engine.exe
C:\Users\Czarek\AppData\Local\Temp\AppLunch\Task Scheduler Engine.exe
C:\Users\Czarek\DesktopFiddler2Upgrade.exe
C:\Users\Czarek\TWEE_Upgrade.exe
C:\Users\Czarek\AppData\Local\Temp\BackupSetup.exe
C:\Users\Czarek\AppData\Local\Temp\bitool.dll
C:\Users\Czarek\AppData\Local\Temp\uninst1.exe
C:\Users\Czarek\AppData\Local\Temp\nsu6F95.tmp\syshost.exe
C:\Users\Czarek\AppData\Local\Temp\A2B00C4A-BAB0-7891-9B17-A4DA4E31848B\GUninstaller.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 21:48

==================== End Of Log ============================