Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Agnieszka (administrator) on AGNIESZKA74 on 15-01-2014 21:01:25
Running from C:\Users\Agnieszka\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-09-05] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Onet.pl AutoUpdate] - C:\Program Files (x86)\Common Files\Onet.pl\AutoUpdate.exe [260096 2005-07-27] (Onet.pl)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [NextLive] - C:\Users\Agnieszka\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
Startup: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.6.lnk
ShortcutTarget: LibreOffice 3.6.lnk -> C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKLM - {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKLM-x32 - DefaultScope {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = 
SearchScopes: HKLM-x32 - {C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D22C0AEEE69E1542&affID=119357&tsp=5014
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid=&mid=08c79f40078847d0bd5fd16fd8829635-4dd5765d4bf373576ef70e16a19c1a1b99475d67&lang=pl&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C6C4AD51-06F4-4B7C-BF1E-CAFD2F0C06A4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKCU - {CE478A33-2406-4F47-9F8C-73DD77C7A8CC} URL = http://startsear.ch/?aff=1&src=sp&cf=33093fd6-dcc2-11e1-b459-00269e667fc6&q={searchTerms}
SearchScopes: HKCU - {DE740420-8E41-48A7-9B02-9E8631445285} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=08BDCC06-EAC5-4013-9241-80D4DF257939&apn_sauid=45B60941-3D12-49DD-973D-9C8D37CAF0B5
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default
FF user.js: detected! => C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Agnieszka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Agnieszka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\searchplugins\mixidj.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: MixiDJ Toolbar - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\1p6z7nz4.default\Extensions\ffxtlbr@mixidj.com [2013-03-14]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{33242894-d0f4-f874-3f14-469ea0b34fde} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [764216 2013-06-14] (ABBYY Production LLC)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
S2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [97056 2014-01-12] ()
S2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [97056 2014-01-12] ()

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S1 bdevrxvd; \??\C:\Windows\system32\drivers\bdevrxvd.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 eamonm; system32\DRIVERS\eamonm.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-15 21:01 - 2014-01-15 21:01 - 00015321 _____ C:\Users\Agnieszka\Desktop\FRST.txt
2014-01-15 21:01 - 2014-01-15 21:01 - 00000000 ____D C:\FRST
2014-01-15 21:00 - 2014-01-16 20:59 - 02076160 _____ (Farbar) C:\Users\Agnieszka\Desktop\FRST64.exe
2014-01-15 20:03 - 2014-01-15 20:03 - 00090450 _____ C:\Users\Agnieszka\Desktop\Extras.Txt
2014-01-15 20:01 - 2014-01-15 20:01 - 00076694 _____ C:\Users\Agnieszka\Desktop\OTL.Txt
2014-01-15 19:51 - 2014-01-16 19:45 - 00602112 _____ (OldTimer Tools) C:\Users\Agnieszka\Desktop\OTL.exe
2014-01-15 19:21 - 2014-01-15 19:21 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Avg2013
2014-01-15 19:07 - 2014-01-15 19:07 - 00030012 _____ C:\ComboFix.txt
2014-01-15 18:55 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-15 18:55 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-15 18:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-15 18:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-15 18:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-15 18:55 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-15 18:55 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-15 18:55 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-15 18:41 - 2014-01-16 18:39 - 05167985 ____R (Swearware) C:\Users\Agnieszka\Desktop\ComboFix.exe
2014-01-15 14:34 - 2014-01-15 14:38 - 00000000 ____D C:\Users\Agnieszka\Desktop\shexview-x64
2014-01-08 14:28 - 2010-10-08 17:00 - 01786429 _____ C:\Users\Agnieszka\Desktop\Kaziu.WMA
2013-12-30 21:54 - 2013-12-30 22:27 - 00000000 ____D C:\Users\Agnieszka\Documents\18 WoS Haulin
2013-12-30 20:18 - 2013-12-30 20:46 - 00000000 ____D C:\ProgramData\HipSoft
2013-12-27 16:38 - 2013-12-27 16:52 - 00000000 ____D C:\Users\Agnieszka\Desktop\Klendy koścół
2013-12-27 16:29 - 2014-01-12 17:18 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2013-12-27 16:28 - 2013-12-27 16:28 - 00865059 _____ C:\Users\Agnieszka\Downloads\lame3.99.5-64(dobreprogramy.pl).zip
2013-12-27 16:28 - 2013-12-27 16:28 - 00666648 _____ C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377)(1).exe
2013-12-27 16:27 - 2013-12-27 16:27 - 00666648 _____ C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377).exe
2013-12-27 16:25 - 2013-12-27 16:25 - 63600718 _____ C:\Users\Agnieszka\Desktop\Kolęda dla nieobecnych - p 0,5.wav
2013-12-27 16:22 - 2014-01-14 19:55 - 00002644 _____ C:\Users\Agnieszka\daemonprocess.txt
2013-12-27 16:22 - 2014-01-14 12:19 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\newnext.me
2013-12-27 16:22 - 2014-01-12 16:28 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Mobogenie
2013-12-27 16:22 - 2014-01-12 16:28 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\genienext
2013-12-27 16:22 - 2013-12-27 16:55 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Audacity
2013-12-27 16:22 - 2013-12-27 16:22 - 00000971 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-12-27 16:22 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\Documents\Mobogenie
2013-12-27 16:22 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\cache
2013-12-27 16:22 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\.android
2013-12-27 16:21 - 2013-12-27 21:49 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-27 16:21 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-27 16:21 - 2013-12-27 16:22 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-12-27 16:21 - 2013-12-27 16:21 - 00000983 _____ C:\Users\Agnieszka\Desktop\Mobogenie.lnk
2013-12-27 16:19 - 2013-12-27 16:19 - 22180353 _____ (Audacity Team                                               ) C:\Users\Agnieszka\Downloads\audacity-win-2.0.5.exe
2013-12-27 16:17 - 2013-12-27 16:17 - 00666648 _____ C:\Users\Agnieszka\Downloads\Audacity(11826).exe
2013-12-21 16:11 - 2013-12-21 16:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:17 - 2013-12-17 17:59 - 00000000 ____D C:\Users\Agnieszka\Desktop\kolędy

==================== One Month Modified Files and Folders =======

2014-01-16 20:59 - 2014-01-15 21:00 - 02076160 _____ (Farbar) C:\Users\Agnieszka\Desktop\FRST64.exe
2014-01-16 19:45 - 2014-01-15 19:51 - 00602112 _____ (OldTimer Tools) C:\Users\Agnieszka\Desktop\OTL.exe
2014-01-16 18:39 - 2014-01-15 18:41 - 05167985 ____R (Swearware) C:\Users\Agnieszka\Desktop\ComboFix.exe
2014-01-15 21:01 - 2014-01-15 21:01 - 00015321 _____ C:\Users\Agnieszka\Desktop\FRST.txt
2014-01-15 21:01 - 2014-01-15 21:01 - 00000000 ____D C:\FRST
2014-01-15 20:03 - 2014-01-15 20:03 - 00090450 _____ C:\Users\Agnieszka\Desktop\Extras.Txt
2014-01-15 20:01 - 2014-01-15 20:01 - 00076694 _____ C:\Users\Agnieszka\Desktop\OTL.Txt
2014-01-15 20:01 - 2009-10-11 00:25 - 01134204 _____ C:\Windows\WindowsUpdate.log
2014-01-15 19:51 - 2009-09-06 00:03 - 00710544 _____ C:\Windows\system32\perfh015.dat
2014-01-15 19:51 - 2009-09-06 00:03 - 00139426 _____ C:\Windows\system32\perfc015.dat
2014-01-15 19:51 - 2009-07-14 06:13 - 01576452 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 19:46 - 2009-10-11 00:51 - 00000282 _____ C:\ProgramData\hpqp.ini
2014-01-15 19:45 - 2013-10-30 20:38 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-15 19:45 - 2013-06-12 11:22 - 00144416 _____ C:\Windows\setupact.log
2014-01-15 19:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 19:33 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 19:33 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 19:24 - 2013-06-12 11:22 - 00071958 _____ C:\Windows\PFRO.log
2014-01-15 19:21 - 2014-01-15 19:21 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Avg2013
2014-01-15 19:21 - 2012-11-17 07:35 - 00000000 ____D C:\ProgramData\MFAData
2014-01-15 19:07 - 2014-01-15 19:07 - 00030012 _____ C:\ComboFix.txt
2014-01-15 19:07 - 2013-11-25 10:35 - 00000000 ____D C:\Qoobox
2014-01-15 19:04 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-15 18:54 - 2012-09-24 17:30 - 00002243 _____ C:\Windows\epplauncher.mif
2014-01-15 17:57 - 2010-03-11 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2014-01-15 17:48 - 2013-12-14 05:33 - 00000000 ____D C:\ProgramData\Recovery
2014-01-15 14:38 - 2014-01-15 14:34 - 00000000 ____D C:\Users\Agnieszka\Desktop\shexview-x64
2014-01-15 07:25 - 2012-11-11 12:37 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 19:55 - 2013-12-27 16:22 - 00002644 _____ C:\Users\Agnieszka\daemonprocess.txt
2014-01-14 12:19 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\newnext.me
2014-01-14 12:15 - 2013-03-10 22:01 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1300177389-4011910773-4023719696-1000Core.job
2014-01-14 12:08 - 2013-03-10 22:01 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1300177389-4011910773-4023719696-1000UA.job
2014-01-13 14:42 - 2012-02-25 15:04 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForAgnieszka.job
2014-01-12 17:18 - 2013-12-27 16:29 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2014-01-12 16:41 - 2012-02-25 15:04 - 00003212 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAgnieszka
2014-01-12 16:29 - 2010-03-02 22:42 - 00000000 ____D C:\Users\Agnieszka
2014-01-12 16:28 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Mobogenie
2014-01-12 16:28 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\genienext
2014-01-12 16:28 - 2013-11-02 14:44 - 00000000 ___RD C:\Users\Agnieszka\Desktop\Mateusz
2014-01-12 16:28 - 2010-03-03 13:56 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\QuickPlay
2014-01-12 16:28 - 2009-10-11 10:13 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-12 16:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-10 16:01 - 2013-11-02 15:38 - 00000000 ____D C:\Users\Agnieszka\Desktop\Babcia
2014-01-08 18:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-30 22:27 - 2013-12-30 21:54 - 00000000 ____D C:\Users\Agnieszka\Documents\18 WoS Haulin
2013-12-30 22:05 - 2009-09-05 14:42 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-30 20:46 - 2013-12-30 20:18 - 00000000 ____D C:\ProgramData\HipSoft
2013-12-30 20:43 - 2013-12-03 16:29 - 00000000 ____D C:\Users\Agnieszka\Desktop\Gosia podkłady
2013-12-27 21:49 - 2013-12-27 16:21 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-27 16:55 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Audacity
2013-12-27 16:52 - 2013-12-27 16:38 - 00000000 ____D C:\Users\Agnieszka\Desktop\Klendy koścół
2013-12-27 16:45 - 2013-12-02 10:06 - 00000000 ____D C:\Users\Agnieszka\Desktop\muzyka świateczna
2013-12-27 16:28 - 2013-12-27 16:28 - 00865059 _____ C:\Users\Agnieszka\Downloads\lame3.99.5-64(dobreprogramy.pl).zip
2013-12-27 16:28 - 2013-12-27 16:28 - 00666648 _____ C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377)(1).exe
2013-12-27 16:27 - 2013-12-27 16:27 - 00666648 _____ C:\Users\Agnieszka\Downloads\LAME-MP3-encoder(12377).exe
2013-12-27 16:25 - 2013-12-27 16:25 - 63600718 _____ C:\Users\Agnieszka\Desktop\Kolęda dla nieobecnych - p 0,5.wav
2013-12-27 16:22 - 2013-12-27 16:22 - 00000971 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-12-27 16:22 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\Documents\Mobogenie
2013-12-27 16:22 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\cache
2013-12-27 16:22 - 2013-12-27 16:22 - 00000000 ____D C:\Users\Agnieszka\.android
2013-12-27 16:22 - 2013-12-27 16:21 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-27 16:22 - 2013-12-27 16:21 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-12-27 16:21 - 2013-12-27 16:21 - 00000983 _____ C:\Users\Agnieszka\Desktop\Mobogenie.lnk
2013-12-27 16:19 - 2013-12-27 16:19 - 22180353 _____ (Audacity Team                                               ) C:\Users\Agnieszka\Downloads\audacity-win-2.0.5.exe
2013-12-27 16:17 - 2013-12-27 16:17 - 00666648 _____ C:\Users\Agnieszka\Downloads\Audacity(11826).exe
2013-12-22 12:00 - 2012-05-29 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 20:41 - 2013-11-14 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 16:12 - 2013-12-21 16:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 17:59 - 2013-12-17 14:17 - 00000000 ____D C:\Users\Agnieszka\Desktop\kolędy

Some content of TEMP:
====================
C:\Users\Agnieszka\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 15:57

==================== End Of Log ============================