Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by grzegorz (administrator) on GRZEGORZ-PC on 04-04-2014 19:38:48 Running from C:\Users\grzegorz\Downloads\Nowy folder Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () C:\Windows\system\Cm106eye.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe () C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13320808 2011-10-25] (Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8757248 2010-10-13] (C-Media Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3990852856-1956993013-1042417060-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd) Startup: C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{4173A9AC-858D-4860-9B4D-6DB9337212DB}: [NameServer]8.8.8.8,213.199.225.14 FireFox: ======== FF ProfilePath: C:\Users\grzegorz\AppData\Roaming\Mozilla\Firefox\Profiles\pg6p0e0n.default FF Homepage: https://autoclubrevolution.com/en/index FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\grzegorz\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\grzegorz\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\grzegorz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2011-10-14] () S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [0 ] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [0 ] (AVG Technologies CZ, s.r.o.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation) S4 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe [186368 2010-10-12] (MAGIX AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-07] () ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.1; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [55936 2011-10-14] (Advanced Micro Devices) S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R0 DiskSec; C:\Windows\System32\Drivers\DiskSec.sys [27616 2009-09-23] (MAGIX) S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [6784 2009-02-11] (SweetLow) R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm)) S3 MSI_MSIBIOS_010507; C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [33592 2010-05-09] (Your Corporation) S3 NTIOLib_1_0_2; C:\Program Files (x86)\MSI\BIOS Code Unlocked Technology\NTIOLib_X64.sys [14136 2010-04-21] (MSI) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-21] (MSI) S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7599v1F0\NTIOLib_X64.sys [11888 2011-01-05] (MSI) S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73552 2012-11-29] (Dataram, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-25] () R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1310720 2010-08-12] (C-Media Electronics Inc) S3 VirtualFD; C:\Virtual Floppy Drive\vfd.sys [9887 2005-04-04] (Ken Kato) U3 ahtyz8h6; C:\Windows\System32\Drivers\ahtyz8h6.sys [0 ] (Advanced Micro Devices) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 19:29 - 2014-04-04 19:38 - 00000000 ____D () C:\Users\grzegorz\Downloads\Nowy folder 2014-04-04 18:16 - 2014-04-04 18:16 - 00987448 _____ () C:\Users\grzegorz\Downloads\SecurityCheck.exe 2014-04-04 18:10 - 2014-04-04 18:10 - 00096427 _____ () C:\Users\grzegorz\Downloads\Shortcut.txt 2014-04-04 18:08 - 2014-04-04 18:10 - 00048290 _____ () C:\Users\grzegorz\Downloads\Addition.txt 2014-04-04 18:08 - 2014-04-04 18:10 - 00041452 _____ () C:\Users\grzegorz\Downloads\FRST.txt 2014-04-04 18:06 - 2014-04-04 19:38 - 00000000 ____D () C:\FRST 2014-04-04 18:05 - 2014-04-04 18:05 - 02157056 _____ (Farbar) C:\Users\grzegorz\Downloads\FRST64.exe 2014-04-04 09:35 - 2014-04-04 09:35 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-04-04 09:34 - 2014-04-04 09:34 - 00000000 ____D () C:\ProgramData\ATI 2014-04-04 09:33 - 2014-04-04 09:33 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201404040933329556.log 2014-04-04 09:08 - 2014-04-04 09:08 - 00000000 ____D () C:\AMD 2014-04-04 08:41 - 2014-04-04 09:18 - 00000282 _____ () C:\Windows\Tasks\MSIAfterburner.job 2014-04-04 08:28 - 2014-04-04 08:28 - 70087104 _____ (Microsoft Corporation) C:\Users\grzegorz\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe 2014-04-04 08:23 - 2014-04-04 08:23 - 01005568 _____ (Microsoft Corporation) C:\Users\grzegorz\Downloads\dotNetFx45_Full_setup.exe 2014-04-04 06:36 - 2014-04-04 06:36 - 00347816 _____ (Microsoft Corporation) C:\Users\grzegorz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.5332001694821657.1.1.Run.exe 2014-04-03 20:21 - 2014-04-03 20:22 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\grzegorz\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 20:00 - 2014-04-03 20:00 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg 2014-04-02 20:20 - 2014-04-02 20:20 - 00001158 _____ () C:\Users\grzegorz\Desktop\Angry Birds Breakfast 2.lnk 2014-04-02 20:20 - 2014-04-02 20:20 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Breakfast 2 2014-04-02 20:20 - 2014-04-02 20:20 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\com.rovio.AngryBirdsBreakfast2 2014-04-02 20:20 - 2014-04-02 20:20 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Angry Birds Breakfast 2 2014-04-02 20:16 - 2014-04-02 20:16 - 20126408 _____ (GG Network S.A.) C:\Users\grzegorz\Downloads\openfm_setup.exe 2014-04-02 20:16 - 2014-04-02 20:16 - 00001200 _____ () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-04-02 20:16 - 2014-04-02 20:16 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\OpenFM 2014-03-31 13:41 - 2014-03-31 13:41 - 00266485 _____ () C:\Users\grzegorz\Downloads\GDZIE-WYRZUCAMY-ODPADY-TABELA-15.07.13.xlsx 2014-03-26 11:36 - 2014-04-03 20:00 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner 2014-03-25 21:20 - 2014-03-25 21:20 - 00000000 ____D () C:\Program Files (x86)\Nightly 2014-03-23 22:07 - 2014-03-23 22:07 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\bitComposer 2014-03-23 17:48 - 2014-03-23 17:48 - 00129220 ____H () C:\treeinfo.wc 2014-03-23 17:40 - 2014-03-23 17:40 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\GHISLER 2014-03-23 13:45 - 2014-03-23 13:45 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-03-23 13:30 - 2013-08-15 22:09 - 1141212356 _____ () C:\Users\grzegorz\Downloads\Iron.Man.3.2013.PL.DUB.MD.WEBRiP.X264.AAC-PBWT.mp4 2014-03-22 16:38 - 2014-03-22 16:39 - 00000000 ____D () C:\Users\grzegorz\Desktop\driver 2014-03-22 16:16 - 2014-03-22 16:16 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-03-22 16:16 - 2014-03-22 16:16 - 00000000 ____D () C:\Program Files\WinRAR 2014-03-19 13:09 - 2007-01-04 12:02 - 00663552 _____ (MAGIX AG) C:\Windows\SysWOW64\mgxoschk.dll 2014-03-17 16:35 - 2014-03-17 17:26 - 00000045 _____ () C:\Users\Nikodem\Desktop\gc.log 2014-03-17 12:43 - 2014-03-17 12:43 - 00000000 ____D () C:\Users\Nikodem\AppData\Roaming\HpUpdate 2014-03-15 13:51 - 2014-03-15 13:51 - 00000000 ____D () C:\Users\grzegorz\Documents\SelfMV 2014-03-14 21:30 - 2014-03-14 21:30 - 00001198 _____ () C:\Users\pirat.grzegorz-PC\Desktop\WRC4 — skrót.lnk 2014-03-14 21:30 - 2014-03-14 21:30 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Milestone 2014-03-14 21:21 - 2014-03-14 21:21 - 00001090 _____ () C:\Users\pirat.grzegorz-PC\Desktop\MSI Afterburner.lnk 2014-03-14 21:20 - 2014-03-14 21:20 - 00001256 _____ () C:\Users\pirat.grzegorz-PC\Desktop\GhostReconOnline — skrót.lnk 2014-03-14 21:19 - 2014-03-14 21:19 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Apps\2.0 2014-03-14 21:14 - 2014-03-14 21:14 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Opera Software 2014-03-14 21:14 - 2014-03-14 21:14 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Opera Software 2014-03-14 21:13 - 2014-03-14 21:13 - 00109688 _____ () C:\Users\pirat.grzegorz-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-14 21:13 - 2014-03-14 21:13 - 00001417 _____ () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ___RD () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ___RD () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\AVG2014 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\ATI 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Adobe 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Avg2014 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\ATI 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\AMD 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Adobe 2014-03-14 21:12 - 2014-04-04 18:17 - 00000000 ____D () C:\Users\pirat.grzegorz-PC 2014-03-14 21:12 - 2014-03-14 21:28 - 00000640 __RSH () C:\Users\pirat.grzegorz-PC\ntuser.pol 2014-03-14 21:12 - 2014-03-14 21:12 - 00000020 ___SH () C:\Users\pirat.grzegorz-PC\ntuser.ini 2014-03-14 21:12 - 2012-12-09 16:25 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\TuneUp Software 2014-03-14 21:12 - 2011-12-19 19:15 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Microsoft Help 2014-03-14 21:12 - 2011-12-15 21:20 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Macromedia 2014-03-14 21:12 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-14 21:12 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-09 19:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Users\grzegorz\Downloads\Odin3_v3.09 2014-03-09 19:00 - 2014-03-09 19:00 - 00995769 _____ () C:\Users\grzegorz\Downloads\Odin3_v3.09.zip 2014-03-09 18:59 - 2014-03-09 18:59 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Opera Software 2014-03-09 18:59 - 2014-03-09 18:59 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\Opera Software ==================== One Month Modified Files and Folders ======= 2014-04-04 19:39 - 2011-12-14 18:51 - 00743770 _____ () C:\Windows\system32\perfh015.dat 2014-04-04 19:39 - 2011-12-14 18:51 - 00157252 _____ () C:\Windows\system32\perfc015.dat 2014-04-04 19:39 - 2009-07-14 07:13 - 01679338 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 19:38 - 2014-04-04 19:29 - 00000000 ____D () C:\Users\grzegorz\Downloads\Nowy folder 2014-04-04 19:38 - 2014-04-04 18:06 - 00000000 ____D () C:\FRST 2014-04-04 19:33 - 2013-03-01 18:01 - 00068953 _____ () C:\Windows\setupact.log 2014-04-04 19:33 - 2012-12-02 19:35 - 00000008 __RSH () C:\Users\grzegorz\ntuser.pol 2014-04-04 19:33 - 2011-12-14 17:19 - 00000000 ____D () C:\Users\grzegorz 2014-04-04 19:32 - 2013-02-20 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-04 19:32 - 2011-12-14 17:16 - 01591606 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 19:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-04 18:17 - 2014-03-14 21:12 - 00000000 ____D () C:\Users\pirat.grzegorz-PC 2014-04-04 18:17 - 2014-01-21 17:45 - 00000000 ____D () C:\Users\Nikodem 2014-04-04 18:17 - 2012-12-02 19:16 - 00000000 ____D () C:\Users\pirat 2014-04-04 18:17 - 2011-12-15 17:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-04-04 18:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-04 18:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-04-04 18:16 - 2014-04-04 18:16 - 00987448 _____ () C:\Users\grzegorz\Downloads\SecurityCheck.exe 2014-04-04 18:13 - 2012-01-02 12:02 - 00000000 ____D () C:\Users\grzegorz\Desktop\fixitpc 2014-04-04 18:10 - 2014-04-04 18:10 - 00096427 _____ () C:\Users\grzegorz\Downloads\Shortcut.txt 2014-04-04 18:10 - 2014-04-04 18:08 - 00048290 _____ () C:\Users\grzegorz\Downloads\Addition.txt 2014-04-04 18:10 - 2014-04-04 18:08 - 00041452 _____ () C:\Users\grzegorz\Downloads\FRST.txt 2014-04-04 18:05 - 2014-04-04 18:05 - 02157056 _____ (Farbar) C:\Users\grzegorz\Downloads\FRST64.exe 2014-04-04 16:59 - 2013-05-03 09:06 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\GG 2014-04-04 16:04 - 2009-07-14 06:45 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 16:04 - 2009-07-14 06:45 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 09:35 - 2014-04-04 09:35 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-04-04 09:34 - 2014-04-04 09:34 - 00000000 ____D () C:\ProgramData\ATI 2014-04-04 09:33 - 2014-04-04 09:33 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201404040933329556.log 2014-04-04 09:18 - 2014-04-04 08:41 - 00000282 _____ () C:\Windows\Tasks\MSIAfterburner.job 2014-04-04 09:14 - 2011-12-14 20:32 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-04-04 09:13 - 2011-12-14 20:37 - 00000000 ____D () C:\ProgramData\AMD 2014-04-04 09:11 - 2012-03-25 10:40 - 00000000 ____D () C:\Program Files\AMD 2014-04-04 09:10 - 2013-10-05 00:31 - 00000000 ____D () C:\ProgramData\Package Cache 2014-04-04 09:08 - 2014-04-04 09:08 - 00000000 ____D () C:\AMD 2014-04-04 09:05 - 2011-12-14 20:50 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-04-04 08:45 - 2011-12-15 14:04 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\BitComet 2014-04-04 08:35 - 2011-12-15 17:56 - 01650976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-04 08:28 - 2014-04-04 08:28 - 70087104 _____ (Microsoft Corporation) C:\Users\grzegorz\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe 2014-04-04 08:23 - 2014-04-04 08:23 - 01005568 _____ (Microsoft Corporation) C:\Users\grzegorz\Downloads\dotNetFx45_Full_setup.exe 2014-04-04 07:05 - 2014-01-29 20:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-04 06:41 - 2012-11-13 14:48 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2014-04-04 06:41 - 2012-04-27 23:06 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\Deployment 2014-04-04 06:36 - 2014-04-04 06:36 - 00347816 _____ (Microsoft Corporation) C:\Users\grzegorz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.5332001694821657.1.1.Run.exe 2014-04-03 20:22 - 2014-04-03 20:21 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\grzegorz\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 20:00 - 2014-04-03 20:00 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg 2014-04-03 20:00 - 2014-03-26 11:36 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner 2014-04-03 19:59 - 2012-04-04 22:45 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-03 19:01 - 2011-12-14 17:40 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-03 17:12 - 2012-07-11 14:38 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-03 15:19 - 2012-06-05 09:23 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-04-03 15:19 - 2012-06-05 09:20 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-04-03 15:16 - 2012-06-05 09:20 - 00291488 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-04-03 12:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-02 20:20 - 2014-04-02 20:20 - 00001158 _____ () C:\Users\grzegorz\Desktop\Angry Birds Breakfast 2.lnk 2014-04-02 20:20 - 2014-04-02 20:20 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Breakfast 2 2014-04-02 20:20 - 2014-04-02 20:20 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\com.rovio.AngryBirdsBreakfast2 2014-04-02 20:20 - 2014-04-02 20:20 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Angry Birds Breakfast 2 2014-04-02 20:20 - 2014-01-13 12:25 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Rovio Entertainment Ltd 2014-04-02 20:16 - 2014-04-02 20:16 - 20126408 _____ (GG Network S.A.) C:\Users\grzegorz\Downloads\openfm_setup.exe 2014-04-02 20:16 - 2014-04-02 20:16 - 00001200 _____ () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-04-02 20:16 - 2014-04-02 20:16 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\OpenFM 2014-04-02 20:16 - 2011-12-16 15:42 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\OpenFM 2014-04-02 12:43 - 2013-05-03 09:06 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\GG 2014-04-01 15:32 - 2012-10-31 12:03 - 00000000 ____D () C:\ProgramData\Origin 2014-04-01 15:28 - 2013-02-01 23:30 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-01 15:19 - 2013-02-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-31 14:18 - 2013-12-19 20:07 - 00000000 ____D () C:\Users\grzegorz\Desktop\kolorowanki 2014-03-31 13:41 - 2014-03-31 13:41 - 00266485 _____ () C:\Users\grzegorz\Downloads\GDZIE-WYRZUCAMY-ODPADY-TABELA-15.07.13.xlsx 2014-03-25 21:20 - 2014-03-25 21:20 - 00000000 ____D () C:\Program Files (x86)\Nightly 2014-03-24 00:38 - 2011-12-14 17:19 - 00000000 ___RD () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-23 22:07 - 2014-03-23 22:07 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\bitComposer 2014-03-23 17:48 - 2014-03-23 17:48 - 00129220 ____H () C:\treeinfo.wc 2014-03-23 17:40 - 2014-03-23 17:40 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\GHISLER 2014-03-23 15:19 - 2011-12-14 17:37 - 00000000 ____D () C:\Users\grzegorz\Desktop\programy 2014-03-23 13:45 - 2014-03-23 13:45 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-03-23 13:29 - 2011-12-24 00:04 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-03-22 16:39 - 2014-03-22 16:38 - 00000000 ____D () C:\Users\grzegorz\Desktop\driver 2014-03-22 16:17 - 2012-06-07 20:05 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\WinRAR 2014-03-22 16:16 - 2014-03-22 16:16 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-03-22 16:16 - 2014-03-22 16:16 - 00000000 ____D () C:\Program Files\WinRAR 2014-03-21 10:48 - 2013-07-18 21:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-21 10:48 - 2013-07-18 21:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-19 13:17 - 2011-12-29 14:16 - 00000000 ____D () C:\Users\grzegorz\Documents\MAGIX_MxTray 2014-03-19 09:42 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-17 17:26 - 2014-03-17 16:35 - 00000045 _____ () C:\Users\Nikodem\Desktop\gc.log 2014-03-17 12:43 - 2014-03-17 12:43 - 00000000 ____D () C:\Users\Nikodem\AppData\Roaming\HpUpdate 2014-03-15 13:51 - 2014-03-15 13:51 - 00000000 ____D () C:\Users\grzegorz\Documents\SelfMV 2014-03-15 13:51 - 2012-12-13 12:01 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Samsung 2014-03-15 13:51 - 2012-12-12 01:47 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-03-15 13:51 - 2011-12-14 20:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-15 13:50 - 2011-12-15 19:44 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\Downloaded Installations 2014-03-14 21:30 - 2014-03-14 21:30 - 00001198 _____ () C:\Users\pirat.grzegorz-PC\Desktop\WRC4 — skrót.lnk 2014-03-14 21:30 - 2014-03-14 21:30 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Milestone 2014-03-14 21:28 - 2014-03-14 21:12 - 00000640 __RSH () C:\Users\pirat.grzegorz-PC\ntuser.pol 2014-03-14 21:21 - 2014-03-14 21:21 - 00001090 _____ () C:\Users\pirat.grzegorz-PC\Desktop\MSI Afterburner.lnk 2014-03-14 21:20 - 2014-03-14 21:20 - 00001256 _____ () C:\Users\pirat.grzegorz-PC\Desktop\GhostReconOnline — skrót.lnk 2014-03-14 21:19 - 2014-03-14 21:19 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Apps\2.0 2014-03-14 21:14 - 2014-03-14 21:14 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Opera Software 2014-03-14 21:14 - 2014-03-14 21:14 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Opera Software 2014-03-14 21:13 - 2014-03-14 21:13 - 00109688 _____ () C:\Users\pirat.grzegorz-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-14 21:13 - 2014-03-14 21:13 - 00001417 _____ () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ___RD () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ___RD () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\AVG2014 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\ATI 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Roaming\Adobe 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Avg2014 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\ATI 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\AMD 2014-03-14 21:13 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\pirat.grzegorz-PC\AppData\Local\Adobe 2014-03-14 21:12 - 2014-03-14 21:12 - 00000020 ___SH () C:\Users\pirat.grzegorz-PC\ntuser.ini 2014-03-12 14:00 - 2012-04-04 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 14:00 - 2012-04-04 22:45 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 14:00 - 2011-12-14 17:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 18:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-09 19:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Users\grzegorz\Downloads\Odin3_v3.09 2014-03-09 19:00 - 2014-03-09 19:00 - 00995769 _____ () C:\Users\grzegorz\Downloads\Odin3_v3.09.zip 2014-03-09 18:59 - 2014-03-09 18:59 - 00000000 ____D () C:\Users\grzegorz\AppData\Roaming\Opera Software 2014-03-09 18:59 - 2014-03-09 18:59 - 00000000 ____D () C:\Users\grzegorz\AppData\Local\Opera Software 2014-03-07 19:21 - 2012-06-05 09:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-03-07 19:00 - 2012-12-03 20:20 - 00000000 ___HD () C:\$AVG ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 14:44 ==================== End Of Log ============================