Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by Piotr (administrator) on PIOTR-KOMPUTER on 03-12-2013 23:31:20
Running from F:\01_POBIERANIE
Windows 7 Professional (X64) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Agito d.o.o.) C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
( ) E:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Debugging Tools for Windows (x86)\windbg.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
() C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] - "C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe"
HKCU\...\Policies\Explorer: [] 
MountPoints2: H - H:\AutoRun.exe
MountPoints2: I - I:\AutoRun.exe
MountPoints2: {3b0a6e33-865d-11e2-892b-806e6f6e6963} - I:\AutoRun.exe
MountPoints2: {4fc70afe-dcf9-11e2-a6e2-b2d9785bb1d2} - H:\AutoRun.exe
MountPoints2: {953c223b-f9a8-11e2-8b64-e1b36ece9653} - J:\LGAutoRun.exe
MountPoints2: {97bd2cd5-8898-11e2-bfd7-5cf9dd3fcc30} - G:\setup.exe
MountPoints2: {9e86a2dd-8641-11e2-8791-d7d7d123d8a3} - G:\AutoRun.exe
MountPoints2: {c25bf220-f35a-11e2-b1ca-954de4b393cd} - H:\AutoRun.exe
MountPoints2: {cdd8711f-9a3e-11e2-8ddd-8f5c28c958d2} - H:\AutoRun.exe
MountPoints2: {d0a18ee3-85c0-11e2-8de9-cc0e730322a0} - G:\AutoRun.exe
MountPoints2: {d0a18ef3-85c0-11e2-8de9-cc0e730322a0} - G:\AutoRun.exe
HKLM-x32\...\Run: [avast] - E:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [20131121] - E:\Program Files\AVAST Software\Avast\Setup\emupdate\e905337d-6d95-44b6-834d-48f9a2074f9b.exe [180184 2013-11-23] (AVAST Software)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-03] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-03] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2AF9685D4351C9E8&affID=119357&tt=040713_xmlful&tsp=4937
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - E:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - E:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1243734E-9281-4859-87AB-77498772F13C}: [NameServer]89.108.202.21 89.108.195.21
Tcpip\..\Interfaces\{3162C9A4-8205-43A0-A5DB-30E575EA53AF}: [NameServer]89.108.202.21 89.108.195.21
Tcpip\..\Interfaces\{35126161-FCCE-4AA1-ACCC-CD16C6081FCD}: [NameServer]89.108.195.20 89.108.202.20
Tcpip\..\Interfaces\{719FF1A6-03C9-4F5F-AFB6-096A07146B00}: [NameServer]89.108.195.21 89.108.202.21
Tcpip\..\Interfaces\{7D88FF76-B3B7-442F-9CCD-9CFEBAFA1DAD}: [NameServer]89.108.202.21 89.108.195.21
Tcpip\..\Interfaces\{DF413058-ACD9-4DF5-87F9-A7D9F2B160E8}: [NameServer]89.108.195.21 89.108.202.21

FireFox:
========
FF ProfilePath: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\509fltml.default
FF user.js: detected! => C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\509fltml.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - E:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Piotr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\509fltml.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\509fltml.default\searchplugins\delta.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 Hilti PROFIS AutoUpdate Service; C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [209920 2010-03-25] (Agito d.o.o.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mitsijm2013; E:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-30] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-22] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259040 2011-09-22] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-22] (SafeNet, Inc.)
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-29] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-29] ()
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [80896 2012-05-21] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)
S3 cleanhlp; F:\01_POBIERANIE\Nowy folder\Run\cleanhlp64.sys [57024 2013-12-02] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-09] (DT Soft Ltd)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [845560 2013-03-06] (Duplex Secure Ltd.)
S3 nmwcd; system32\drivers\ccdcmbx64.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 23:30 - 2013-12-03 23:30 - 00000000 ____D C:\FRST
2013-12-03 23:26 - 2013-12-03 23:26 - 00100102 _____ C:\Users\Piotr\Desktop\OTL.Txt
2013-12-03 23:26 - 2013-12-03 23:26 - 00079916 _____ C:\Users\Piotr\Desktop\Extras.Txt
2013-12-03 23:21 - 2013-12-02 23:43 - 00602112 _____ (OldTimer Tools) C:\Users\Piotr\Desktop\OTL_[www.programosy.pl].exe
2013-12-03 22:57 - 2013-12-03 22:49 - 00282464 _____ C:\Users\Piotr\Desktop\120313-24445-01.dmp
2013-12-03 22:48 - 2013-12-03 22:49 - 00282464 _____ C:\Windows\Minidump\120313-24445-01.dmp
2013-12-03 12:14 - 2013-12-03 12:14 - 00000684 _____ C:\Users\Piotr\Desktop\Emsisoft Emergency Kit.lnk
2013-12-03 10:37 - 2013-12-03 12:04 - 00000984 _____ C:\Windows\PFRO.log
2013-12-03 10:28 - 2013-12-03 22:48 - 958754311 _____ C:\Windows\MEMORY.DMP
2013-12-03 10:28 - 2013-12-03 10:28 - 00287312 _____ C:\Windows\Minidump\120313-26457-01.dmp
2013-12-03 09:51 - 2013-12-03 22:48 - 00001066 _____ C:\Windows\setupact.log
2013-12-03 09:51 - 2013-12-03 09:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-02 22:57 - 2013-12-02 23:47 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-02 22:57 - 2013-12-02 23:34 - 00000000 ____D C:\Users\Piotr\AppData\Local\Mobogenie
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 ____D C:\Users\wangzhisong
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 ____D C:\Users\Piotr\Documents\Mobogenie
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 _____ C:\Users\Piotr\daemonprocess.txt
2013-12-02 22:37 - 2013-12-02 22:38 - 00000000 ____D C:\Program Files (x86)\Debugging Tools for Windows (x86)
2013-12-01 12:11 - 2013-12-01 12:24 - 00000000 ____D C:\Users\Piotr\.Soldis
2013-11-23 13:40 - 2013-11-23 13:40 - 00000000 ____D C:\Users\Piotr\AppData\Local\BridgeProject
2013-11-23 13:40 - 2013-11-23 13:40 - 00000000 ____D C:\ProgramData\Steam

==================== One Month Modified Files and Folders =======

2013-12-03 23:30 - 2013-12-03 23:30 - 00000000 ____D C:\FRST
2013-12-03 23:26 - 2013-12-03 23:26 - 00100102 _____ C:\Users\Piotr\Desktop\OTL.Txt
2013-12-03 23:26 - 2013-12-03 23:26 - 00079916 _____ C:\Users\Piotr\Desktop\Extras.Txt
2013-12-03 23:02 - 2013-03-05 19:28 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 22:58 - 2013-03-09 19:36 - 00000000 ____D C:\Users\Piotr\Documents\Pliki programu Outlook
2013-12-03 22:58 - 2013-03-05 18:14 - 01684715 _____ C:\Windows\WindowsUpdate.log
2013-12-03 22:56 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 22:56 - 2009-07-14 05:45 - 00022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 22:54 - 2009-07-14 18:55 - 00742516 _____ C:\Windows\system32\perfh015.dat
2013-12-03 22:54 - 2009-07-14 18:55 - 00156626 _____ C:\Windows\system32\perfc015.dat
2013-12-03 22:54 - 2009-07-14 06:13 - 01671648 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 22:51 - 2010-01-01 10:52 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-03 22:49 - 2013-12-03 22:57 - 00282464 _____ C:\Users\Piotr\Desktop\120313-24445-01.dmp
2013-12-03 22:49 - 2013-12-03 22:48 - 00282464 _____ C:\Windows\Minidump\120313-24445-01.dmp
2013-12-03 22:49 - 2013-04-12 12:54 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 22:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 22:48 - 2013-12-03 10:28 - 958754311 _____ C:\Windows\MEMORY.DMP
2013-12-03 22:48 - 2013-12-03 09:51 - 00001066 _____ C:\Windows\setupact.log
2013-12-03 22:48 - 2013-04-23 12:14 - 00000000 ____D C:\Windows\Minidump
2013-12-03 22:45 - 2013-04-12 12:54 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 22:16 - 2013-03-28 19:11 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930338542-1951702256-2557884434-1000UA.job
2013-12-03 20:40 - 2013-04-12 12:54 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 20:40 - 2013-04-12 12:54 - 00003790 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 19:16 - 2013-03-28 19:11 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930338542-1951702256-2557884434-1000Core.job
2013-12-03 16:21 - 2013-03-05 18:19 - 00000000 ____D C:\Users\Piotr\AppData\Local\VirtualStore
2013-12-03 12:14 - 2013-12-03 12:14 - 00000684 _____ C:\Users\Piotr\Desktop\Emsisoft Emergency Kit.lnk
2013-12-03 12:07 - 2013-03-06 16:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-03 12:05 - 2013-04-04 11:41 - 00000000 ____D C:\Windows\AutoKMS
2013-12-03 12:04 - 2013-12-03 10:37 - 00000984 _____ C:\Windows\PFRO.log
2013-12-03 10:29 - 2013-03-06 14:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-03 10:28 - 2013-12-03 10:28 - 00287312 _____ C:\Windows\Minidump\120313-26457-01.dmp
2013-12-03 09:51 - 2013-12-03 09:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-03 09:51 - 2013-03-06 14:09 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-03 09:51 - 2013-03-06 14:09 - 00000000 ____D C:\Windows\system32\NV
2013-12-02 23:47 - 2013-12-02 22:57 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-02 23:43 - 2013-12-03 23:21 - 00602112 _____ (OldTimer Tools) C:\Users\Piotr\Desktop\OTL_[www.programosy.pl].exe
2013-12-02 23:34 - 2013-12-02 22:57 - 00000000 ____D C:\Users\Piotr\AppData\Local\Mobogenie
2013-12-02 23:34 - 2013-03-22 22:47 - 00000000 ____D C:\Users\Piotr\AppData\Local\cache
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 ____D C:\Users\wangzhisong
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 ____D C:\Users\Piotr\Documents\Mobogenie
2013-12-02 22:57 - 2013-12-02 22:57 - 00000000 _____ C:\Users\Piotr\daemonprocess.txt
2013-12-02 22:57 - 2013-03-05 18:18 - 00000000 ____D C:\Users\Piotr
2013-12-02 22:38 - 2013-12-02 22:37 - 00000000 ____D C:\Program Files (x86)\Debugging Tools for Windows (x86)
2013-12-01 12:24 - 2013-12-01 12:11 - 00000000 ____D C:\Users\Piotr\.Soldis
2013-11-30 23:29 - 2013-08-17 01:04 - 00000000 ___RD C:\Users\Piotr\Virtual Machines
2013-11-30 23:29 - 2013-03-06 16:05 - 00000053 _____ C:\Windows\SysWOW64\config.nt
2013-11-30 23:20 - 2013-03-06 19:45 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\DAEMON Tools Lite
2013-11-30 23:15 - 2013-03-22 00:41 - 00007606 _____ C:\Users\Piotr\AppData\Local\Resmon.ResmonCfg
2013-11-30 23:03 - 2013-07-08 23:37 - 00665600 _____ (Aladdin Knowledge Systems) C:\Windows\SysWOW64\Drivers\hardlock.sys
2013-11-30 15:52 - 2013-03-06 17:01 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Skype
2013-11-28 18:02 - 2013-03-06 17:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-27 17:20 - 2013-09-19 16:28 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\GG
2013-11-27 17:19 - 2013-09-19 16:28 - 00000000 ____D C:\Users\Piotr\AppData\Local\GG
2013-11-23 19:12 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-23 13:40 - 2013-11-23 13:40 - 00000000 ____D C:\Users\Piotr\AppData\Local\BridgeProject
2013-11-23 13:40 - 2013-11-23 13:40 - 00000000 ____D C:\ProgramData\Steam
2013-11-15 14:24 - 2013-05-28 17:39 - 00000000 ____D C:\Users\Piotr\Desktop\Piotrek_pulpit

Some content of TEMP:
====================
C:\Users\Piotr\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-14 00:38] - [2009-07-14 02:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2013-03-05 18:47] - [2013-03-05 18:47] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 00:26

==================== End Of Log ============================