Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by czeslaw (administrator) on CZESLAW-CZESLAW on 07-09-2013 18:54:14
Running from D:\LOL
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Huawei Technologies Co., Ltd.) C:\Users\czeslaw\AppData\Roaming\blueconnect\ouc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\blueconnect\DataCardMonitor.exe
(France Telecom SA) C:\Program Files (x86)\CardDetector\ICON225\CardDetector.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\blueconnect\blueconnect.exe
(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
(Google Inc.) C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [HW_OPENEYE_OUC_blueconnect] - C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\blueconnect\DataCardMonitor.exe [253952 2013-07-31] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [CardDetectorICON225] - C:\Program Files (x86)\CardDetector\ICON225\CardDetector.exe [278528 2007-11-14] (France Telecom SA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5C1D3A12-997D-4A5C-BE3B-5D3B3D764F69}: [NameServer]213.158.199.1 213.158.199.5

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\czeslaw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\czeslaw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\czeslaw\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: "hxxp://www.google.pl/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Unity Player) - C:\Users\czeslaw\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\czeslaw\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\czeslaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR StartMenuInternet: Google Chrome - C:\Users\czeslaw\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-04] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-04] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-07 18:46 - 2013-09-07 18:50 - 00000000 ____D C:\AdwCleaner
2013-09-07 18:41 - 2013-09-07 18:41 - 01037278 _____ C:\Users\czeslaw\Downloads\AdwCleaner.exe
2013-09-07 18:34 - 2013-09-07 18:35 - 00003795 _____ C:\Users\czeslaw\Desktop\fixlist.txt.txt
2013-09-05 22:47 - 2013-09-05 22:48 - 00446768 _____ C:\Windows\Minidump\090513-36535-01.dmp
2013-09-05 22:47 - 2013-09-05 22:47 - 619310743 _____ C:\Windows\MEMORY.DMP
2013-09-05 20:53 - 2013-09-05 20:53 - 00377856 _____ C:\Users\czeslaw\Downloads\pyy80dqv.exe
2013-09-05 20:52 - 2013-09-05 20:52 - 00000000 ____D C:\FRST
2013-09-05 20:51 - 2013-09-05 20:51 - 01947160 _____ (Farbar) C:\Users\czeslaw\Downloads\FRST64.exe
2013-09-05 20:51 - 2013-09-05 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\czeslaw\Downloads\OTL (1).exe
2013-09-02 21:53 - 2013-09-02 21:53 - 00023226 _____ C:\ComboFix.txt
2013-09-02 21:44 - 2013-09-07 18:51 - 00003258 _____ C:\Windows\setupact.log
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 21:43 - 2013-09-02 21:43 - 00004608 _____ C:\Windows\PFRO.log
2013-09-02 21:25 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-02 21:25 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-02 21:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-02 21:25 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-02 21:24 - 2013-09-02 21:53 - 00000000 ____D C:\Qoobox
2013-09-02 21:22 - 2013-09-02 21:48 - 00000000 ____D C:\Windows\erdnt
2013-09-02 00:00 - 2010-04-09 15:24 - 00079360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-09-02 00:00 - 2010-04-09 15:24 - 00076288 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-02 00:00 - 2010-04-09 15:24 - 00049664 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-09-02 00:00 - 2010-04-09 15:24 - 00027136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-09-02 00:00 - 2010-04-07 17:05 - 00250368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-02 00:00 - 2010-03-25 10:08 - 00120704 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-02 00:00 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-02 00:00 - 2010-03-20 11:56 - 00114560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-02 00:00 - 2010-03-17 14:34 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-09-02 00:00 - 2010-01-18 18:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-08-14 23:59 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:59 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:59 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:59 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:59 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:59 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:59 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:59 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:59 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:59 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:59 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:59 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:59 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:59 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 23:58 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:49 - 2013-08-14 23:51 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:21 - 2013-08-14 23:21 - 00004544 _____ C:\Users\czeslaw\Desktop\Nowy dokument dziennika.jnt
2013-08-14 22:54 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 22:54 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 22:54 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 22:54 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 22:54 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 22:54 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 22:54 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 22:54 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 22:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 22:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 22:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 22:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 22:52 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 22:52 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 22:52 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 22:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 22:52 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 22:52 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 22:52 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 22:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 22:52 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 22:52 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 22:52 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 22:52 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 22:52 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 22:52 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 22:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 19:31 - 2013-08-11 19:45 - 00000000 ____D C:\Users\czeslaw\AppData\Local\Adobe
2013-08-09 18:06 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-09 18:06 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-09 18:06 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-09 18:05 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-09 18:05 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2013-09-07 18:54 - 2012-04-15 14:19 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F375A207-D2D2-4097-A38F-402D8720D5B2}
2013-09-07 18:54 - 2011-10-16 19:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632740816-278780761-606621841-1000UA.job
2013-09-07 18:54 - 2011-10-13 22:27 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 18:51 - 2013-09-02 21:44 - 00003258 _____ C:\Windows\setupact.log
2013-09-07 18:51 - 2011-10-13 22:27 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 18:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 18:50 - 2013-09-07 18:46 - 00000000 ____D C:\AdwCleaner
2013-09-07 18:50 - 2013-05-26 07:09 - 01410727 _____ C:\Windows\WindowsUpdate.log
2013-09-07 18:50 - 2013-03-10 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-07 18:41 - 2013-09-07 18:41 - 01037278 _____ C:\Users\czeslaw\Downloads\AdwCleaner.exe
2013-09-07 18:40 - 2011-10-05 16:45 - 00000000 ____D C:\Users\czeslaw
2013-09-07 18:39 - 2009-10-25 05:01 - 00698146 _____ C:\Windows\system32\perfh015.dat
2013-09-07 18:39 - 2009-10-25 05:01 - 00135224 _____ C:\Windows\system32\perfc015.dat
2013-09-07 18:39 - 2009-07-14 07:13 - 01549932 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-07 18:39 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 18:39 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 18:35 - 2013-09-07 18:34 - 00003795 _____ C:\Users\czeslaw\Desktop\fixlist.txt.txt
2013-09-06 23:01 - 2012-08-18 10:48 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 22:48 - 2013-09-05 22:47 - 00446768 _____ C:\Windows\Minidump\090513-36535-01.dmp
2013-09-05 22:47 - 2013-09-05 22:47 - 619310743 _____ C:\Windows\MEMORY.DMP
2013-09-05 22:47 - 2011-12-11 10:06 - 00000000 ____D C:\Windows\Minidump
2013-09-05 20:58 - 2013-04-02 09:39 - 00002381 _____ C:\Users\czeslaw\Desktop\Google Chrome.lnk
2013-09-05 20:54 - 2011-10-16 19:04 - 00001014 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632740816-278780761-606621841-1000Core.job
2013-09-05 20:53 - 2013-09-05 20:53 - 00377856 _____ C:\Users\czeslaw\Downloads\pyy80dqv.exe
2013-09-05 20:52 - 2013-09-05 20:52 - 00000000 ____D C:\FRST
2013-09-05 20:51 - 2013-09-05 20:51 - 01947160 _____ (Farbar) C:\Users\czeslaw\Downloads\FRST64.exe
2013-09-05 20:51 - 2013-09-05 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\czeslaw\Downloads\OTL (1).exe
2013-09-05 18:11 - 2013-07-03 22:47 - 00000000 ____D C:\Program Files (x86)\CardDetector
2013-09-02 21:53 - 2013-09-02 21:53 - 00023226 _____ C:\ComboFix.txt
2013-09-02 21:53 - 2013-09-02 21:24 - 00000000 ____D C:\Qoobox
2013-09-02 21:48 - 2013-09-02 21:22 - 00000000 ____D C:\Windows\erdnt
2013-09-02 21:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 21:43 - 2013-09-02 21:43 - 00004608 _____ C:\Windows\PFRO.log
2013-09-02 21:43 - 2009-07-14 04:34 - 55836672 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-02 21:43 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-02 16:32 - 2013-04-01 21:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 22:19 - 2011-10-05 09:29 - 00000000 ____D C:\Windows\Panther
2013-09-01 22:02 - 2012-07-10 13:22 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-08-30 19:05 - 2012-07-11 19:00 - 00006276 _____ C:\Windows\SysWOW64\AppLog.log
2013-08-23 17:01 - 2012-08-18 10:48 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-23 17:00 - 2012-08-18 10:48 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 17:00 - 2011-10-13 22:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 11:09 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 23:51 - 2013-08-14 23:49 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:49 - 2011-11-06 12:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 23:21 - 2013-08-14 23:21 - 00004544 _____ C:\Users\czeslaw\Desktop\Nowy dokument dziennika.jnt
2013-08-11 19:45 - 2013-08-11 19:31 - 00000000 ____D C:\Users\czeslaw\AppData\Local\Adobe
2013-08-11 19:24 - 2011-10-13 22:27 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 19:24 - 2009-07-14 06:45 - 00276200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 19:22 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-11 19:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-11 19:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

Files to move or delete:
====================
C:\Users\czeslaw\AppData\Local\Temp\Quarantine.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT7915.tmp\ModemDeviceSetup.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT7915.tmp\Splash\Splash.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT1BE8.tmp\ModemDeviceSetup.exe
C:\Users\czeslaw\AppData\Local\Temp\KIT1BE8.tmp\Splash\Splash.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-20 18:34

==================== End Of Log ============================