Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014
Ran by Joanna (administrator) on ASIA on 07-03-2014 12:52:44
Running from C:\Users\Joanna\Desktop
Windows 8 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Murray Hurps Corp Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Murray Hurps Corp Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Ad Muncher] - C:\Program Files (x86)\Ad Muncher\AdMunch.exe [535752 2013-11-21] (Murray Hurps Corp Pty Ltd)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-02-05] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Atheros Communications))
HKU\S-1-5-21-2647092291-3916351581-2344262381-1002\...\Run: [Google Update] - C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-21] (Google Inc.)
HKU\S-1-5-21-2647092291-3916351581-2344262381-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
http://www.idg.pl/start

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/175
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/175
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPALL13/175
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/175
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPALL13/175
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {23A0AE0F-606D-418B-B5C5-C1BCA96DC33C} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {23A0AE0F-606D-418B-B5C5-C1BCA96DC33C} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {23A0AE0F-606D-418B-B5C5-C1BCA96DC33C} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TheSea.TheSeaPlugin - {C585D593-E7F3-4852-A200-561686EE02E4} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 5.15.151.143 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\gsxdvvem.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joanna\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joanna\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{3ED591BC-7CC7-495B-A526-B2431356EDC1}] - C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0
FF Extension: Ad Muncher Browser Extensions - C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2013-11-21]
FF HKLM-x32\...\SeaMonkey\Extensions: [{3ED591BC-7CC7-495B-A526-B2431356EDC1}] - C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0
FF Extension: Ad Muncher Browser Extensions - C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2013-11-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-21]

Chrome: 
=======
CHR HomePage: hxxp://www.google.pl/
CHR Extension: (Dokumenty Google) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-21]
CHR Extension: (Dysk Google) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21]
CHR Extension: (YouTube) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21]
CHR Extension: (Szukaj w Google) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21]
CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-08] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 12:52 - 2014-03-07 12:53 - 00014951 _____ () C:\Users\Joanna\Desktop\FRST.txt
2014-03-07 12:52 - 2014-03-07 12:52 - 00056112 _____ () C:\Users\Joanna\Desktop\Extras.Txt
2014-03-07 12:50 - 2014-03-07 12:50 - 00112566 _____ () C:\Users\Joanna\Desktop\OTL.Txt
2014-03-07 12:33 - 2014-03-07 12:52 - 00000000 ____D () C:\FRST
2014-03-07 12:30 - 2014-03-07 12:30 - 02156544 _____ (Farbar) C:\Users\Joanna\Desktop\FRST64.exe
2014-03-07 12:25 - 2014-03-07 12:25 - 00602112 _____ (OldTimer Tools) C:\Users\Joanna\Desktop\OTL.exe
2014-03-07 12:21 - 2014-03-07 12:21 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Joanna\Desktop\SPTDinst-v186-x64.exe
2014-02-27 19:06 - 2014-02-27 19:06 - 06951048 _____ (Microsoft Corporation) C:\Users\Joanna\Downloads\Silverlight.exe
2014-02-27 19:06 - 2014-02-27 19:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-27 08:29 - 2014-02-27 08:29 - 00000000 ___RD () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-19 20:33 - 2014-03-02 18:25 - 00000000 ____D () C:\Users\Joanna\Desktop\przedszkole
2014-02-18 14:37 - 2014-03-07 12:42 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647092291-3916351581-2344262381-1002UA1cf2cae837abd4e.job
2014-02-18 14:37 - 2014-02-18 14:37 - 00004020 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647092291-3916351581-2344262381-1002UA1cf2cae837abd4e
2014-02-14 19:42 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 19:42 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 19:17 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 19:17 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 19:17 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 19:17 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-13 19:17 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 19:17 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 19:17 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 19:17 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 19:17 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 19:17 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 19:17 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 19:17 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 19:17 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-13 19:17 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 19:17 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 19:17 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-13 19:17 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-13 19:15 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 19:15 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 19:15 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 19:15 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 19:15 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 19:15 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 19:13 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 19:13 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 19:13 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-13 19:03 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 19:03 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 19:03 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 19:03 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 18:45 - 2014-02-11 18:49 - 22233088 ____H () C:\Users\Joanna\Desktop\Korupcja rządów (1).pdf.~tmp
2014-02-05 15:44 - 2014-02-05 15:44 - 00000000 ____D () C:\Users\wangjihua\AppData\Local\Mobogenie
2014-02-05 15:44 - 2014-02-05 15:44 - 00000000 ____D () C:\Users\wangjihua

==================== One Month Modified Files and Folders =======

2014-03-07 12:53 - 2014-03-07 12:52 - 00014951 _____ () C:\Users\Joanna\Desktop\FRST.txt
2014-03-07 12:52 - 2014-03-07 12:52 - 00056112 _____ () C:\Users\Joanna\Desktop\Extras.Txt
2014-03-07 12:52 - 2014-03-07 12:33 - 00000000 ____D () C:\FRST
2014-03-07 12:50 - 2014-03-07 12:50 - 00112566 _____ () C:\Users\Joanna\Desktop\OTL.Txt
2014-03-07 12:42 - 2014-02-18 14:37 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647092291-3916351581-2344262381-1002UA1cf2cae837abd4e.job
2014-03-07 12:30 - 2014-03-07 12:30 - 02156544 _____ (Farbar) C:\Users\Joanna\Desktop\FRST64.exe
2014-03-07 12:26 - 2013-11-21 12:29 - 02052572 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 12:25 - 2014-03-07 12:25 - 00602112 _____ (OldTimer Tools) C:\Users\Joanna\Desktop\OTL.exe
2014-03-07 12:21 - 2014-03-07 12:21 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Joanna\Desktop\SPTDinst-v186-x64.exe
2014-03-07 11:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-06 18:51 - 2013-12-29 22:23 - 00000000 ____D () C:\Users\Joanna\Desktop\telefon
2014-03-06 14:42 - 2013-11-21 16:15 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647092291-3916351581-2344262381-1002Core.job
2014-03-04 21:31 - 2013-06-06 01:20 - 00827626 _____ () C:\Windows\system32\perfh015.dat
2014-03-04 21:31 - 2013-06-06 01:20 - 00176034 _____ () C:\Windows\system32\perfc015.dat
2014-03-04 21:31 - 2012-07-26 08:28 - 01936226 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 21:29 - 2012-07-26 08:21 - 00035133 _____ () C:\Windows\setupact.log
2014-03-04 19:50 - 2013-11-21 16:19 - 00002348 _____ () C:\Users\Joanna\Desktop\Google Chrome.lnk
2014-03-04 09:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-02 20:54 - 2013-11-23 17:42 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Skype
2014-03-02 18:25 - 2014-02-19 20:33 - 00000000 ____D () C:\Users\Joanna\Desktop\przedszkole
2014-03-01 16:49 - 2013-11-22 17:59 - 00000000 ____D () C:\Users\Joanna\Desktop\Studia
2014-02-28 18:44 - 2013-11-24 10:27 - 00000000 ____D () C:\Users\Joanna\Desktop\zdjecia
2014-02-27 19:06 - 2014-02-27 19:06 - 06951048 _____ (Microsoft Corporation) C:\Users\Joanna\Downloads\Silverlight.exe
2014-02-27 19:06 - 2014-02-27 19:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-27 08:33 - 2013-11-27 15:36 - 00000000 ____D () C:\Users\Joanna\Desktop\pendrive
2014-02-27 08:29 - 2014-02-27 08:29 - 00000000 ___RD () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-27 08:28 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 08:27 - 2012-08-03 23:23 - 00707794 _____ () C:\Windows\PFRO.log
2014-02-27 08:26 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-02-18 20:08 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-18 14:37 - 2014-02-18 14:37 - 00004020 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647092291-3916351581-2344262381-1002UA1cf2cae837abd4e
2014-02-18 14:37 - 2013-11-21 16:15 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647092291-3916351581-2344262381-1002Core
2014-02-17 23:03 - 2013-12-15 18:19 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-12-15 18:19 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 22:16 - 2013-11-21 16:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 22:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-02-17 22:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-02-17 22:10 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-02-17 22:09 - 2013-12-15 22:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 22:05 - 2013-12-15 22:47 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 21:10 - 2013-11-24 21:46 - 348882593 _____ () C:\Windows\MEMORY.DMP
2014-02-11 18:49 - 2014-02-11 18:45 - 22233088 ____H () C:\Users\Joanna\Desktop\Korupcja rządów (1).pdf.~tmp
2014-02-11 16:50 - 2013-11-23 16:03 - 00000000 ____D () C:\Users\Joanna\AppData\Local\Mobogenie
2014-02-06 18:32 - 2013-11-23 16:03 - 00000000 ____D () C:\Users\Joanna\AppData\Local\cache
2014-02-06 18:31 - 2013-11-23 16:02 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-06 16:24 - 2013-11-23 16:03 - 00017082 _____ () C:\Users\Joanna\daemonprocess.txt
2014-02-05 15:44 - 2014-02-05 15:44 - 00000000 ____D () C:\Users\wangjihua\AppData\Local\Mobogenie
2014-02-05 15:44 - 2014-02-05 15:44 - 00000000 ____D () C:\Users\wangjihua

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\InstHelper.exe
C:\Users\Joanna\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-06 10:39

==================== End Of Log ============================