Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01 Ran by Administrator (administrator) on WIOLA-KOMPUTER on 30-01-2014 16:19:34 Running from C:\Users\Administrator\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) MountPoints2: {2d445678-0c5b-11e1-9a15-806e6f6e6963} - E:\autorun.exe [verb00][2] "Angry Birds Breakfast 2.exe" MountPoints2: {4477e884-bf2b-11e2-b32f-5404a671fefc} - F:\AutoRun.exe MountPoints2: {4477e898-bf2b-11e2-b32f-5404a671fefc} - F:\AutoRun.exe MountPoints2: {d800cfc8-bf9b-11e2-a783-74de2bc07c55} - F:\AutoRun.exe MountPoints2: {d800cfd7-bf9b-11e2-a783-74de2bc07c55} - F:\AutoRun.exe HKU\wiola\...\Run: [GG] - C:\Users\wiola\AppData\Local\GG\Application\gghub.exe [3213408 2012-04-25] (GG Network S.A.) HKU\wiola\...\Run: [Gadu-Gadu 10] - C:\Program Files (x86)\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.) HKU\wiola\...\Run: [Google Update] - C:\Users\wiola\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-03] (Google Inc.) HKU\wiola\...\Run: [Mobile Partner] - C:\Program Files (x86)\MobileWiFi\MobileWiFi ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{4315E0F8-19E4-4009-A323-67E4C8D94C01}: [NameServer]89.108.195.21 89.108.202.21 Tcpip\..\Interfaces\{D27E15FB-DB4F-478D-917A-B11E5D059ED1}: [NameServer]89.108.195.21 89.108.202.21 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tdnoy11a.default FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2011-02-23] (France Telecom SA) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-05-18] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2013-05-18] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U4 WMCoreService; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-30 16:15 - 2014-01-30 16:19 - 00008746 _____ C:\Users\Administrator\Downloads\FRST.txt 2014-01-30 07:21 - 2014-01-30 07:21 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe 2014-01-30 07:08 - 2014-01-30 07:08 - 00991232 _____ C:\Users\Administrator\Downloads\MicrosoftFixit50267.msi 2014-01-30 07:01 - 2014-01-30 07:01 - 00000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion 2014-01-27 20:35 - 2014-01-30 16:19 - 00000000 ____D C:\FRST 2014-01-27 20:30 - 2014-01-27 20:30 - 00004635 _____ C:\Users\Administrator\Documents\gmer.txt 2014-01-27 06:52 - 2014-01-27 06:52 - 00000000 ____D C:\Users\Administrator\Downloads\gmer 2014-01-26 21:01 - 2014-01-26 21:01 - 00080824 _____ C:\Users\Administrator\Downloads\Extras.Txt 2014-01-26 20:55 - 2014-01-26 20:55 - 00085270 _____ C:\Users\Administrator\Downloads\OTL.Txt 2014-01-26 20:05 - 2014-01-26 20:05 - 00000488 _____ C:\Users\Administrator\Downloads\defogger_disable.log 2014-01-26 20:05 - 2014-01-26 20:05 - 00000000 _____ C:\Users\Administrator\defogger_reenable 2014-01-26 19:57 - 2014-01-26 19:57 - 00050477 _____ C:\Users\Administrator\Downloads\Defogger.exe 2014-01-26 19:33 - 2014-01-26 19:33 - 00370971 _____ C:\Users\Administrator\Downloads\gmer.zip 2014-01-26 19:32 - 2014-01-30 07:01 - 02079744 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-01-26 19:31 - 2014-01-26 19:31 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe 2014-01-26 17:25 - 2014-01-26 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2014 2014-01-26 17:24 - 2014-01-26 17:24 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute 2014-01-26 17:23 - 2014-01-26 17:23 - 00000997 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2014-01-26 17:23 - 2014-01-26 17:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software 2014-01-26 17:22 - 2014-01-26 17:24 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-26 17:22 - 2014-01-26 17:22 - 00000000 ___HD C:\$AVG 2014-01-26 17:20 - 2014-01-26 17:20 - 00000000 ____D C:\Program Files (x86)\AVG 2014-01-26 17:17 - 2014-01-26 17:17 - 00000000 ____D C:\Program Files (x86)\ToniArts 2014-01-26 17:15 - 2014-01-26 17:15 - 02951802 _____ (InstallShield Software Corporation) C:\Users\Administrator\Downloads\EClea2_0.exe 2014-01-26 17:13 - 2014-01-30 06:53 - 00000000 ____D C:\ProgramData\MFAData 2014-01-26 17:13 - 2014-01-26 19:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2014 2014-01-26 17:13 - 2014-01-26 17:13 - 04435768 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2014_4259_cm10(2).exe 2014-01-26 17:13 - 2014-01-26 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData 2014-01-26 17:11 - 2014-01-26 17:11 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-26 17:11 - 2014-01-26 17:11 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D C:\Program Files\CCleaner 2014-01-26 16:57 - 2014-01-26 16:57 - 04721920 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup410.exe 2014-01-26 16:52 - 2014-01-26 16:52 - 00012393 _____ C:\Users\Administrator\AppData\Local\Bron.tok.A12.em.bin 2014-01-26 15:41 - 2014-01-26 15:41 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-26 15:41 - 2014-01-26 15:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2014-01-26 15:41 - 2014-01-26 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-26 15:41 - 2014-01-26 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-26 15:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-26 15:40 - 2014-01-26 15:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-26 15:28 - 2014-01-26 15:28 - 02929110 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2014_4259_cm10.exe.part 2014-01-26 15:28 - 2014-01-26 15:28 - 00000000 _____ C:\Users\Administrator\Downloads\avg_avct_stb_all_2014_4259_cm10.exe 2014-01-23 17:50 - 2014-01-23 19:52 - 00000000 ____D C:\Users\Administrator\Desktop\dxien babci i dziadka 2014-01-23 17:46 - 2014-01-23 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\{85FD84C5-D2F5-439F-B0DD-5FA536B3C89B} 2014-01-23 17:43 - 2014-01-23 19:52 - 00000000 ____D C:\Users\Administrator\Desktop\przedszkole 2014-01-21 23:02 - 2014-01-21 23:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\com.rovio.AngryBirdsBreakfast2 2014-01-21 23:01 - 2014-01-21 23:01 - 00001180 _____ C:\Users\Administrator\Desktop\Angry Birds Breakfast 2.lnk 2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Breakfast 2 2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Angry Birds Breakfast 2 2014-01-16 20:03 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 20:03 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 20:03 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 20:03 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 20:03 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 20:03 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 20:03 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 20:03 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 20:03 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-15 18:32 - 2014-01-15 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\{1515AB78-09A7-4E75-97B1-1349C694B344} 2014-01-09 17:44 - 2014-01-30 15:57 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500UA.job 2014-01-09 17:44 - 2014-01-09 17:44 - 00003952 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500UA 2014-01-09 17:44 - 2014-01-09 17:44 - 00003584 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500Core 2014-01-09 17:43 - 2014-01-30 06:46 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500Core.job 2014-01-09 17:43 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Facebook 2014-01-05 18:20 - 2014-01-26 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-01-30 16:19 - 2014-01-30 16:15 - 00008746 _____ C:\Users\Administrator\Downloads\FRST.txt 2014-01-30 16:19 - 2014-01-27 20:35 - 00000000 ____D C:\FRST 2014-01-30 16:18 - 2012-07-19 12:03 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-30 16:06 - 2011-11-11 12:41 - 01593081 _____ C:\Windows\WindowsUpdate.log 2014-01-30 16:04 - 2012-05-03 16:19 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-1001UA.job 2014-01-30 15:57 - 2014-01-09 17:44 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500UA.job 2014-01-30 07:26 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-30 07:26 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-30 07:21 - 2014-01-30 07:21 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe 2014-01-30 07:19 - 2013-12-02 18:54 - 00000000 ____D C:\Program Files\NetPanel 2014-01-30 07:19 - 2012-04-25 11:18 - 00000000 ____D C:\Users\przemek 2014-01-30 07:19 - 2012-04-24 19:08 - 00000000 ____D C:\Users\wiola 2014-01-30 07:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-30 07:17 - 2009-07-14 05:51 - 00153154 _____ C:\Windows\setupact.log 2014-01-30 07:15 - 2011-04-01 10:19 - 00000000 ____D C:\Program Files (x86)\ASUS 2014-01-30 07:08 - 2014-01-30 07:08 - 00991232 _____ C:\Users\Administrator\Downloads\MicrosoftFixit50267.msi 2014-01-30 07:01 - 2014-01-30 07:01 - 00000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion 2014-01-30 07:01 - 2014-01-26 19:32 - 02079744 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-01-30 06:53 - 2014-01-26 17:13 - 00000000 ____D C:\ProgramData\MFAData 2014-01-30 06:50 - 2012-04-24 19:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2014-01-30 06:46 - 2014-01-09 17:43 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500Core.job 2014-01-30 06:46 - 2012-05-03 16:19 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-1001Core.job 2014-01-28 16:59 - 2011-11-11 13:14 - 00002198 _____ C:\Windows\system32\AutoRunFilter.ini 2014-01-28 16:59 - 2011-11-11 13:14 - 00001304 _____ C:\Windows\system32\ServiceFilter.ini 2014-01-28 16:58 - 2011-04-01 09:03 - 00733326 _____ C:\Windows\PFRO.log 2014-01-27 21:45 - 2013-12-05 17:10 - 00192425 _____ C:\Windows\IE11_main.log 2014-01-27 20:30 - 2014-01-27 20:30 - 00004635 _____ C:\Users\Administrator\Documents\gmer.txt 2014-01-27 20:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2014-01-27 06:52 - 2014-01-27 06:52 - 00000000 ____D C:\Users\Administrator\Downloads\gmer 2014-01-26 21:01 - 2014-01-26 21:01 - 00080824 _____ C:\Users\Administrator\Downloads\Extras.Txt 2014-01-26 20:55 - 2014-01-26 20:55 - 00085270 _____ C:\Users\Administrator\Downloads\OTL.Txt 2014-01-26 20:05 - 2014-01-26 20:05 - 00000488 _____ C:\Users\Administrator\Downloads\defogger_disable.log 2014-01-26 20:05 - 2014-01-26 20:05 - 00000000 _____ C:\Users\Administrator\defogger_reenable 2014-01-26 20:05 - 2013-03-19 12:41 - 00000000 ____D C:\Users\Administrator 2014-01-26 19:57 - 2014-01-26 19:57 - 00050477 _____ C:\Users\Administrator\Downloads\Defogger.exe 2014-01-26 19:33 - 2014-01-26 19:33 - 00370971 _____ C:\Users\Administrator\Downloads\gmer.zip 2014-01-26 19:31 - 2014-01-26 19:31 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe 2014-01-26 19:25 - 2013-04-15 17:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2014-01-26 19:24 - 2014-01-05 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2014-01-26 19:24 - 2012-04-24 19:09 - 00000000 ___HD C:\ASUS.DAT 2014-01-26 19:23 - 2014-01-26 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2014 2014-01-26 19:23 - 2013-04-15 17:30 - 00000000 ____D C:\ProgramData\Skype 2014-01-26 19:23 - 2012-06-05 17:29 - 00000000 ____D C:\Windows\Minidump 2014-01-26 17:25 - 2014-01-26 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2014 2014-01-26 17:24 - 2014-01-26 17:24 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute 2014-01-26 17:24 - 2014-01-26 17:22 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-26 17:23 - 2014-01-26 17:23 - 00000997 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2014-01-26 17:23 - 2014-01-26 17:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software 2014-01-26 17:22 - 2014-01-26 17:22 - 00000000 ___HD C:\$AVG 2014-01-26 17:20 - 2014-01-26 17:20 - 00000000 ____D C:\Program Files (x86)\AVG 2014-01-26 17:17 - 2014-01-26 17:17 - 00000000 ____D C:\Program Files (x86)\ToniArts 2014-01-26 17:17 - 2011-11-11 12:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-26 17:15 - 2014-01-26 17:15 - 02951802 _____ (InstallShield Software Corporation) C:\Users\Administrator\Downloads\EClea2_0.exe 2014-01-26 17:13 - 2014-01-26 17:13 - 04435768 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2014_4259_cm10(2).exe 2014-01-26 17:13 - 2014-01-26 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData 2014-01-26 17:11 - 2014-01-26 17:11 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-26 17:11 - 2014-01-26 17:11 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D C:\Program Files\CCleaner 2014-01-26 17:05 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew 2014-01-26 17:04 - 2013-03-19 12:43 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-26 16:57 - 2014-01-26 16:57 - 04721920 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup410.exe 2014-01-26 16:52 - 2014-01-26 16:52 - 00012393 _____ C:\Users\Administrator\AppData\Local\Bron.tok.A12.em.bin 2014-01-26 15:41 - 2014-01-26 15:41 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-26 15:41 - 2014-01-26 15:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2014-01-26 15:41 - 2014-01-26 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-26 15:41 - 2014-01-26 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-26 15:40 - 2014-01-26 15:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-26 15:28 - 2014-01-26 15:28 - 02929110 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2014_4259_cm10.exe.part 2014-01-26 15:28 - 2014-01-26 15:28 - 00000000 _____ C:\Users\Administrator\Downloads\avg_avct_stb_all_2014_4259_cm10.exe 2014-01-24 10:21 - 2013-09-25 15:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\Loc.Mail.Bron.Tok 2014-01-23 19:52 - 2014-01-23 17:50 - 00000000 ____D C:\Users\Administrator\Desktop\dxien babci i dziadka 2014-01-23 19:52 - 2014-01-23 17:43 - 00000000 ____D C:\Users\Administrator\Desktop\przedszkole 2014-01-23 17:48 - 2011-02-19 06:40 - 00643826 _____ C:\Windows\system32\perfh00E.dat 2014-01-23 17:48 - 2011-02-19 06:40 - 00152296 _____ C:\Windows\system32\perfc00E.dat 2014-01-23 17:48 - 2011-02-19 06:36 - 00634790 _____ C:\Windows\system32\perfh005.dat 2014-01-23 17:48 - 2011-02-19 06:36 - 00125774 _____ C:\Windows\system32\perfc005.dat 2014-01-23 17:48 - 2011-02-19 06:31 - 00709558 _____ C:\Windows\system32\perfh015.dat 2014-01-23 17:48 - 2011-02-19 06:31 - 00138976 _____ C:\Windows\system32\perfc015.dat 2014-01-23 17:48 - 2009-07-14 06:13 - 03134718 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-23 17:46 - 2014-01-23 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\{85FD84C5-D2F5-439F-B0DD-5FA536B3C89B} 2014-01-21 23:02 - 2014-01-21 23:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\com.rovio.AngryBirdsBreakfast2 2014-01-21 23:01 - 2014-01-21 23:01 - 00001180 _____ C:\Users\Administrator\Desktop\Angry Birds Breakfast 2.lnk 2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Breakfast 2 2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Angry Birds Breakfast 2 2014-01-18 13:49 - 2013-10-08 19:33 - 00067072 ___SH C:\Users\Administrator\Desktop\Thumbs.db 2014-01-17 07:40 - 2009-07-14 05:45 - 00276944 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-17 07:37 - 2013-03-25 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-15 18:32 - 2014-01-15 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\{1515AB78-09A7-4E75-97B1-1349C694B344} 2014-01-15 18:31 - 2013-07-21 06:09 - 00000000 ____D C:\Users\Administrator\Desktop\Nowy folder (2) 2014-01-13 22:15 - 2013-04-15 17:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2014-01-10 13:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-09 17:44 - 2014-01-09 17:44 - 00003952 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500UA 2014-01-09 17:44 - 2014-01-09 17:44 - 00003584 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2933875488-654722930-2882362549-500Core 2014-01-09 17:44 - 2014-01-09 17:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Facebook ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-30 08:33 ==================== End Of Log ============================