Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014 Ran by pslaby (administrator) on PSLABY-PC on 12-01-2014 13:55:22 Running from C:\Users\pslaby\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-07-08] (IDT, Inc.) HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPPQVideo] - C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard) HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SpeedTouch USB Diagnostics] - C:\Program Files (x86)\Thomson\SpeedTouch USB\Dragdiag.exe [866816 2004-01-26] (THOMSON Telecom Belgium) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2013-07-08] (cyberlink) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [] - [x] HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\Gość\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKU\Gość\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKU\Gość\...\Policies\system: [DisableLockWorkstation] 0 HKU\Gość\...\Policies\system: [DisableChangePassword] 0 HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKU\UpdatusUser\...\Policies\system: [DisableLockWorkstation] 0 HKU\UpdatusUser\...\Policies\system: [DisableChangePassword] 0 AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-02-02] (NVIDIA Corporation) Startup: C:\Users\pslaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\pslaby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {680B22A2-2794-46B7-9033-EC222D87FD12} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {680B22A2-2794-46B7-9033-EC222D87FD12} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {680B22A2-2794-46B7-9033-EC222D87FD12} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll (Babylon Ltd.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-12] (EasyBits Software Corp.) FireFox: ======== FF ProfilePath: C:\Users\pslaby\AppData\Roaming\Mozilla\Firefox\Profiles\3yql6q75.default-1387564081607 FF Homepage: hxxp://www.stajnia-wygoda.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] ==================== Services (Whitelisted) ================= S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink) S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP) S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation) S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-12] (DT Soft Ltd) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-09] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-09] (Symantec Corporation) R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc) S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140110.001\IDSvia64.sys [521944 2013-12-20] (Symantec Corporation) S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140111.005\ENG64.SYS [126040 2013-12-09] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140111.005\EX64.SYS [2099288 2013-12-09] (Symantec Corporation) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-14] (Synaptics Incorporated) S1 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-10] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) S1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [x] S3 iwdbus; \SystemRoot\system32\drivers\iwdbus.sys [x] S3 PCAMPR4; \??\C:\Windows\system32\PCAMPR4.SYS [x] S3 PCANDIS4; \??\C:\Windows\system32\PCANDIS4.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 13:55 - 2014-01-12 13:55 - 00017238 _____ C:\Users\pslaby\Desktop\FRST.txt 2014-01-12 13:55 - 2014-01-12 13:55 - 00000000 ____D C:\FRST 2014-01-12 13:53 - 2014-01-12 13:53 - 02075136 _____ (Farbar) C:\Users\pslaby\Desktop\FRST64.exe 2014-01-12 13:10 - 2014-01-12 13:10 - 00123348 _____ C:\Users\pslaby\Desktop\OTL.Txt 2014-01-12 13:10 - 2014-01-12 13:10 - 00097204 _____ C:\Users\pslaby\Desktop\Extras.Txt 2014-01-12 13:01 - 2014-01-12 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\pslaby\Desktop\OTL.exe 2014-01-08 20:24 - 2014-01-08 20:25 - 00000000 ____D C:\Users\pslaby\Desktop\zdjecia perfumy 2014-01-06 00:46 - 2014-01-06 00:47 - 00023282 _____ C:\Users\pslaby\AppData\Local\WiDiSetupLog.20140106.004619.wdl 2014-01-05 23:01 - 2014-01-06 00:36 - 00000000 ____D C:\Windows\LastGood.Tmp 2014-01-05 23:01 - 2014-01-05 23:01 - 00000000 ____D C:\ProgramData\Intel.sav 2014-01-05 23:01 - 2014-01-05 23:01 - 00000000 ____D C:\Program Files (x86)\Cisco 2014-01-05 22:59 - 2014-01-05 22:59 - 00000000 ____D C:\ProgramData\Package Cache 2014-01-02 22:51 - 2014-01-03 00:00 - 00000000 ____D C:\Users\pslaby\Desktop\Sylwester Zarządu 2013-12-25 01:24 - 2014-01-09 23:38 - 00000000 ____D C:\Users\pslaby\Documents\FIFA 14 2013-12-24 23:54 - 2013-12-24 23:58 - 00001246 _____ C:\Users\Public\Desktop\FIFA 14.lnk 2013-12-24 23:54 - 2013-12-24 23:58 - 00001246 _____ C:\ProgramData\Desktop\FIFA 14.lnk 2013-12-24 23:54 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2013-12-24 23:54 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2013-12-24 23:54 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-12-24 23:53 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-12-24 23:53 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2013-12-24 23:53 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-12-24 23:53 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-12-24 23:53 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-12-24 23:53 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-12-20 19:28 - 2013-12-20 19:28 - 00000000 ____D C:\Users\pslaby\Desktop\Stare dane programu Firefox 2013-12-20 19:04 - 2013-12-20 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-18 20:53 - 2013-12-18 21:08 - 00000000 ____D C:\Users\pslaby\Desktop\accordion 2013-12-16 12:06 - 2013-12-17 16:59 - 01147363 _____ C:\Users\pslaby\Desktop\rysunek do zamowienia128.jpeg 2013-12-13 17:16 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-13 17:16 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-13 17:16 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-13 17:16 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-13 17:15 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-13 17:15 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-13 17:15 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-13 17:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-13 17:15 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-13 17:15 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-13 17:15 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-13 17:15 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-13 17:15 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-13 17:15 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-13 17:15 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-13 17:15 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-13 17:15 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-13 17:15 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-13 17:15 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-13 17:15 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-13 17:15 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-13 17:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-13 17:15 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-13 17:15 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-13 17:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-13 17:15 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-13 17:15 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-13 17:15 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-13 17:15 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-13 17:15 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-13 17:15 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-13 17:15 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-13 17:15 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-13 17:15 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-13 17:15 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-01-12 13:55 - 2014-01-12 13:55 - 00017238 _____ C:\Users\pslaby\Desktop\FRST.txt 2014-01-12 13:55 - 2014-01-12 13:55 - 00000000 ____D C:\FRST 2014-01-12 13:53 - 2014-01-12 13:53 - 02075136 _____ (Farbar) C:\Users\pslaby\Desktop\FRST64.exe 2014-01-12 13:12 - 2012-02-27 02:38 - 00738182 _____ C:\Windows\system32\perfh015.dat 2014-01-12 13:12 - 2012-02-27 02:38 - 00154612 _____ C:\Windows\system32\perfc015.dat 2014-01-12 13:12 - 2009-07-14 06:13 - 01664108 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-12 13:10 - 2014-01-12 13:10 - 00123348 _____ C:\Users\pslaby\Desktop\OTL.Txt 2014-01-12 13:10 - 2014-01-12 13:10 - 00097204 _____ C:\Users\pslaby\Desktop\Extras.Txt 2014-01-12 12:47 - 2014-01-12 13:01 - 00602112 _____ (OldTimer Tools) C:\Users\pslaby\Desktop\OTL.exe 2014-01-12 12:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-12 12:42 - 2009-07-14 05:51 - 00070354 _____ C:\Windows\setupact.log 2014-01-12 12:41 - 2010-11-21 04:47 - 00735666 _____ C:\Windows\PFRO.log 2014-01-12 12:19 - 2012-02-26 18:06 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-12 12:15 - 2013-08-23 19:08 - 00000000 ____D C:\Users\pslaby\Desktop\zrebaki 2014-01-12 11:40 - 2013-03-07 16:47 - 00000000 ___RD C:\Users\pslaby\Dropbox 2014-01-12 11:40 - 2013-03-07 16:46 - 00000000 ____D C:\Users\pslaby\AppData\Roaming\Dropbox 2014-01-12 11:40 - 2012-10-07 14:11 - 00000000 ____D C:\Users\pslaby\AppData\Local\CrashDumps 2014-01-12 11:40 - 2012-10-06 06:20 - 01151526 _____ C:\Windows\WindowsUpdate.log 2014-01-11 18:40 - 2012-10-06 08:21 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C01DF192-F7A7-4FB9-9944-59B1EC928E42} 2014-01-10 16:56 - 2012-10-13 19:21 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForpslaby 2014-01-10 16:56 - 2012-10-13 19:21 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForpslaby.job 2014-01-09 23:38 - 2013-12-25 01:24 - 00000000 ____D C:\Users\pslaby\Documents\FIFA 14 2014-01-09 19:09 - 2013-02-06 20:56 - 00000000 ____D C:\ProgramData\ipla 2014-01-09 19:07 - 2013-02-06 20:56 - 00000000 ____D C:\Users\pslaby\AppData\Roaming\ipla 2014-01-09 17:42 - 2013-03-07 16:47 - 00001021 _____ C:\Users\pslaby\Desktop\Dropbox.lnk 2014-01-09 17:42 - 2013-03-07 16:46 - 00000000 ____D C:\Users\pslaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-09 17:42 - 2012-10-09 17:48 - 00000977 _____ C:\Windows\wininit.ini 2014-01-09 17:42 - 2012-10-06 08:21 - 00000000 ___RD C:\Users\pslaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-09 16:38 - 2013-11-03 21:28 - 00000000 ____D C:\Program Files (x86)\HP SimplePass 2014-01-09 16:17 - 2012-10-06 09:01 - 00000000 ____D C:\Users\pslaby\AppData\Local\Windows Live 2014-01-08 20:25 - 2014-01-08 20:24 - 00000000 ____D C:\Users\pslaby\Desktop\zdjecia perfumy 2014-01-06 00:47 - 2014-01-06 00:46 - 00023282 _____ C:\Users\pslaby\AppData\Local\WiDiSetupLog.20140106.004619.wdl 2014-01-06 00:47 - 2012-06-12 23:25 - 00000000 ____D C:\ProgramData\Intel 2014-01-06 00:46 - 2011-02-10 20:23 - 00000000 ____D C:\SWSetup 2014-01-06 00:36 - 2014-01-05 23:01 - 00000000 ____D C:\Windows\LastGood.Tmp 2014-01-06 00:36 - 2012-06-12 23:25 - 00000000 ____D C:\Program Files\Intel 2014-01-05 23:01 - 2014-01-05 23:01 - 00000000 ____D C:\ProgramData\Intel.sav 2014-01-05 23:01 - 2014-01-05 23:01 - 00000000 ____D C:\Program Files (x86)\Cisco 2014-01-05 23:01 - 2012-06-12 23:29 - 00070488 _____ C:\Windows\DPINST.LOG 2014-01-05 23:01 - 2012-06-12 23:26 - 00000000 ____D C:\Program Files\Common Files\Intel 2014-01-05 23:01 - 2012-06-12 23:24 - 00000000 ____D C:\Program Files (x86)\Intel 2014-01-05 22:59 - 2014-01-05 22:59 - 00000000 ____D C:\ProgramData\Package Cache 2014-01-05 22:27 - 2012-12-24 14:40 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-01-05 22:27 - 2012-10-07 23:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2014-01-03 00:00 - 2014-01-02 22:51 - 00000000 ____D C:\Users\pslaby\Desktop\Sylwester Zarządu 2013-12-30 17:57 - 2012-11-18 07:53 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPSLABY-PC$ 2013-12-30 17:57 - 2012-11-18 07:53 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForPSLABY-PC$.job 2013-12-25 01:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-24 23:58 - 2013-12-24 23:54 - 00001246 _____ C:\Users\Public\Desktop\FIFA 14.lnk 2013-12-24 23:58 - 2013-12-24 23:54 - 00001246 _____ C:\ProgramData\Desktop\FIFA 14.lnk 2013-12-24 23:53 - 2012-02-26 18:12 - 00544178 _____ C:\Windows\DirectX.log 2013-12-24 23:35 - 2012-10-09 20:27 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-12-24 23:23 - 2012-10-09 17:48 - 00000000 ____D C:\Program Files (x86)\Origin 2013-12-24 23:23 - 2009-07-14 05:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-24 23:23 - 2009-07-14 05:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-24 23:21 - 2012-10-09 17:48 - 00000000 ____D C:\ProgramData\Origin 2013-12-20 19:45 - 2013-06-11 10:51 - 00000000 ____D C:\Users\pslaby\Desktop\przyspiewki 2013-12-20 19:41 - 2013-01-16 20:19 - 00000000 ____D C:\Users\pslaby\Desktop\studia 2013-12-20 19:41 - 2013-01-16 17:55 - 00000000 ____D C:\Users\pslaby\Desktop\różne rzeczy 2013-12-20 19:28 - 2013-12-20 19:28 - 00000000 ____D C:\Users\pslaby\Desktop\Stare dane programu Firefox 2013-12-20 19:25 - 2012-10-11 13:30 - 00000000 ____D C:\Users\pslaby\AppData\Roaming\Skype 2013-12-20 19:04 - 2013-12-20 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 18:08 - 2012-10-06 06:21 - 00000000 ____D C:\Users\pslaby 2013-12-19 17:36 - 2013-11-24 18:10 - 00000000 ____D C:\Users\pslaby\Desktop\mikro zad 2013-12-18 21:08 - 2013-12-18 20:53 - 00000000 ____D C:\Users\pslaby\Desktop\accordion 2013-12-17 16:59 - 2013-12-16 12:06 - 01147363 _____ C:\Users\pslaby\Desktop\rysunek do zamowienia128.jpeg 2013-12-15 13:15 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-15 12:46 - 2009-07-14 05:45 - 00473064 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-15 12:43 - 2013-08-15 11:01 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 12:40 - 2012-10-11 14:33 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-14 22:34 - 2013-10-13 21:39 - 00000000 ____D C:\Users\pslaby\Desktop\studia 2013-2014 zima 2013-12-14 22:32 - 2013-12-09 17:49 - 00000000 ____D C:\Users\pslaby\Desktop\tify 2013-12-14 22:32 - 2013-11-04 21:01 - 00000000 ____D C:\Users\pslaby\Desktop\praca mgr materialy 2013-12-13 17:16 - 2012-10-12 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help Some content of TEMP: ==================== C:\Users\pslaby\AppData\Local\Temp\174-400C.exe C:\Users\pslaby\AppData\Local\Temp\ipl50B.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 14:18 ==================== End Of Log ============================