Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014 Ran by michal (administrator) on MICHAL-TOSH on 12-10-2014 12:59:43 Running from C:\Users\michal\Downloads Loaded Profile: michal (Available profiles: michal) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-2929919424-3581435416-278190595-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-29] (Electronic Arts) HKU\S-1-5-21-2929919424-3581435416-278190595-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2929919424-3581435416-278190595-1000\...\Policies\Explorer: [NoWinKeys] 1 HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKCU - {8E267C72-B19A-44DD-BBEA-DC6B66C13AF5} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {8F5495F4-58B7-40B9-B0B7-6848E764610C} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== Chrome: ======= CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112555&tt=4512_1&babsrc=HP_ss&mntrId=c43edba400000000000070f1a10c42de CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=112555&tt=4512_1&babsrc=HP_ss&mntrId=c43edba400000000000070f1a10c42de" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Profile: C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-05] CHR Extension: (Dokumenty Google) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-05] CHR Extension: (Dysk Google) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-05] CHR Extension: (YouTube) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-05] CHR Extension: (Tiles) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpjknlfokkbpdhafbdccnndgchglnfhj [2014-09-06] CHR Extension: (Szukaj w Google) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-05] CHR Extension: (Arkusze Google) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-05] CHR Extension: (Adblock Super) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-06] CHR Extension: (Google Wallet) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06] CHR Extension: (Gmail) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed] S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-18] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 12:26 - 2014-10-12 12:26 - 00020312 _____ () C:\Users\michal\Desktop\GMER.txt 2014-10-12 11:36 - 2014-10-12 11:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-12 11:35 - 2014-10-12 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-12 11:35 - 2014-10-12 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-12 11:35 - 2014-10-12 11:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-12 11:35 - 2014-10-12 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-12 11:35 - 2014-10-12 11:35 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-12 11:28 - 2014-10-12 11:29 - 00918440 _____ (Oracle Corporation) C:\Users\michal\Downloads\chromeinstall-7u67.exe 2014-10-12 11:05 - 2014-10-12 11:05 - 00000000 ___DC () C:\MATS 2014-10-12 10:59 - 2014-10-12 10:59 - 00347816 _____ (Microsoft Corporation) C:\Users\michal\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.128336535132202549.1.1.Run.exe 2014-10-12 10:41 - 2014-10-12 10:41 - 00370943 _____ () C:\Users\michal\Downloads\gmer.zip 2014-10-12 00:53 - 2014-10-12 01:00 - 00018818 _____ () C:\Users\michal\Desktop\DDS1.txt 2014-10-12 00:52 - 2014-10-12 00:59 - 00009813 _____ () C:\Users\michal\Desktop\attach.txt 2014-10-12 00:52 - 2014-10-12 00:51 - 00018818 _____ () C:\Users\michal\Desktop\dds.txt 2014-10-12 00:49 - 2014-10-12 00:49 - 00688992 ____R (Swearware) C:\Users\michal\Downloads\dds.pif 2014-10-12 00:48 - 2014-10-12 00:57 - 00048087 _____ () C:\Users\michal\Desktop\Shortcut.txt 2014-10-12 00:48 - 2014-10-12 00:57 - 00039285 _____ () C:\Users\michal\Desktop\Addition.txt 2014-10-12 00:48 - 2014-10-12 00:57 - 00038237 _____ () C:\Users\michal\Desktop\FRST.txt 2014-10-12 00:47 - 2014-10-12 00:53 - 00048087 _____ () C:\Users\michal\Downloads\Shortcut.txt 2014-10-12 00:45 - 2014-10-12 00:53 - 00039285 _____ () C:\Users\michal\Downloads\Addition.txt 2014-10-12 00:44 - 2014-10-12 12:59 - 00012177 _____ () C:\Users\michal\Downloads\FRST.txt 2014-10-12 00:43 - 2014-10-12 12:59 - 00000000 ___DC () C:\FRST 2014-10-12 00:41 - 2014-10-12 00:42 - 02109952 _____ (Farbar) C:\Users\michal\Downloads\FRST64.exe 2014-10-12 00:38 - 2014-10-12 00:38 - 00099466 _____ () C:\Users\michal\Desktop\OTL.Txt 2014-10-12 00:38 - 2014-10-12 00:38 - 00084978 _____ () C:\Users\michal\Desktop\Extras.Txt 2014-10-12 00:31 - 2014-10-12 00:31 - 00084978 _____ () C:\Users\michal\Downloads\Extras.Txt 2014-10-12 00:28 - 2014-10-12 00:28 - 00099466 _____ () C:\Users\michal\Downloads\OTL.Txt 2014-10-11 23:17 - 2014-10-11 23:17 - 00602112 _____ (OldTimer Tools) C:\Users\michal\Downloads\OTL (1).exe 2014-10-11 23:13 - 2014-10-11 23:13 - 00003276 _____ () C:\Windows\System32\Tasks\{625B20B6-DB2C-4924-9E16-A07D261F2F2E} 2014-10-10 15:02 - 2014-10-10 15:02 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av 2014-10-10 14:58 - 2014-10-10 14:58 - 00000000 ____D () C:\Users\michal\AppData\Roaming\AVG2015 2014-10-10 14:56 - 2014-10-10 14:56 - 00001002 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-10-10 14:56 - 2014-10-10 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-10-10 14:53 - 2014-10-10 14:57 - 00000000 ____D () C:\ProgramData\AVG2015 2014-10-10 14:53 - 2014-10-10 14:53 - 00000000 __HDC () C:\$AVG 2014-10-10 14:51 - 2014-10-10 14:51 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-10-10 14:48 - 2014-10-10 23:59 - 00000000 ____D () C:\Users\michal\AppData\Local\Avg2015 2014-10-10 14:48 - 2014-10-10 14:48 - 00000000 ____D () C:\Users\michal\AppData\Local\MFAData 2014-10-10 14:45 - 2014-10-10 14:47 - 166267560 _____ (AVG Technologies) C:\Users\michal\Downloads\avg_free_x64_all_2015_5315a8160.exe 2014-10-09 23:00 - 2014-10-09 23:00 - 00602112 _____ (OldTimer Tools) C:\Users\michal\Downloads\OTL.exe 2014-10-09 22:44 - 2014-10-09 22:45 - 01375089 _____ () C:\Users\michal\Downloads\adwcleaner_3.311 (1).exe 2014-10-09 18:04 - 2014-10-09 18:04 - 00000000 ____D () C:\Users\michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound 2014-10-08 20:22 - 2014-10-08 20:22 - 11429888 _____ () C:\Users\michal\Downloads\Przekładnie mechaniczne.ppt 2014-10-08 20:21 - 2014-10-08 20:21 - 02735616 _____ () C:\Users\michal\Downloads\prezentacja.ppt 2014-10-08 09:31 - 2014-10-08 09:31 - 00599040 _____ () C:\Users\michal\Downloads\nitowanie w pigulce.pps 2014-10-07 09:35 - 2014-10-07 09:35 - 17999246 _____ () C:\Users\michal\Downloads\Pkm T1 - M.D.rar 2014-10-07 09:34 - 2014-10-07 09:34 - 01139712 _____ () C:\Users\michal\Downloads\Łożyska toczne.ppt 2014-10-07 09:33 - 2014-10-07 09:33 - 01544192 _____ () C:\Users\michal\Downloads\PKM - lozyska toczne.ppt 2014-10-05 00:51 - 2014-10-05 00:51 - 00000004 _____ () C:\Users\michal\AppData\Roaming\appdataFr2.bin 2014-10-05 00:46 - 2014-10-05 00:46 - 00044995 ____C () C:\ComboFix.txt 2014-10-05 00:24 - 2014-10-05 00:47 - 00000000 ___DC () C:\ComboFix 2014-10-05 00:19 - 2014-10-05 00:20 - 05582481 ____R (Swearware) C:\Users\michal\Downloads\ComboFix.exe 2014-10-05 00:04 - 2014-10-12 12:42 - 00722352 _____ () C:\Windows\PFRO.log 2014-10-04 23:58 - 2014-10-11 23:54 - 00000000 ___DC () C:\AdwCleaner 2014-10-04 23:57 - 2014-10-04 23:58 - 01375089 _____ () C:\Users\michal\Downloads\adwcleaner_3.311.exe 2014-10-01 23:52 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 23:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-29 13:23 - 2014-09-29 13:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-09-29 12:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-09-29 12:33 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-09-29 12:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-09-29 12:33 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-09-29 12:33 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-09-29 12:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-09-29 12:33 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-09-29 12:33 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2014-09-29 12:33 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-09-29 12:33 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-09-29 12:33 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-09-29 12:33 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-09-29 12:33 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-09-29 12:33 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-09-29 12:33 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-09-29 12:33 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-09-29 12:33 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-09-29 12:33 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-09-29 12:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-09-29 12:33 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-09-29 12:33 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-09-29 12:33 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-09-29 12:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2014-09-29 12:33 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-09-29 12:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2014-09-29 12:14 - 2014-09-29 12:32 - 00025390 _____ () C:\Windows\DirectX.log 2014-09-29 11:21 - 2014-09-29 11:21 - 00000000 ____D () C:\Users\michal\Documents\FIFA 15 Demo 2014-09-29 11:17 - 2014-09-29 11:13 - 00058687 _____ () C:\Users\michal\Desktop\dxcpl.rar 2014-09-29 11:13 - 2014-09-29 11:13 - 00058687 _____ () C:\Users\michal\Downloads\dxcpl.rar 2014-09-29 11:01 - 2014-09-29 11:01 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-29 10:47 - 2014-09-29 10:52 - 00000000 ____D () C:\Users\michal\AppData\Local\Origin 2014-09-29 10:46 - 2014-09-29 10:46 - 00000986 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-09-29 10:45 - 2014-09-29 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-09-29 10:41 - 2014-09-29 10:41 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\michal\Downloads\OriginThinSetup.exe 2014-09-28 20:09 - 2014-09-28 20:09 - 00323542 _____ () C:\Users\michal\Downloads\rozkl_sem_zimowy 14-15 - nowe-sale.xlsx 2014-09-28 20:09 - 2014-09-28 20:09 - 00323542 _____ () C:\Users\michal\Downloads\rozkl_sem_zimowy 14-15 - nowe-sale (1).xlsx 2014-09-28 09:06 - 2014-10-12 12:42 - 00000392 _____ () C:\Windows\setupact.log 2014-09-28 09:06 - 2014-09-28 09:06 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-25 23:45 - 2014-09-25 23:45 - 00810788 _____ () C:\Users\michal\Downloads\instagram_2014-09-25.zip 2014-09-24 12:32 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 12:32 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 22:58 - 2014-09-23 22:59 - 00000000 ____D () C:\Users\michal\Desktop\Rap ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 12:50 - 2010-09-14 17:13 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-12 12:50 - 2009-07-14 06:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-12 12:50 - 2009-07-14 06:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-12 12:44 - 2012-11-02 21:24 - 00000000 ____D () C:\ProgramData\Origin 2014-10-12 12:42 - 2013-09-04 15:23 - 00000000 ____D () C:\Users\michal\AppData\Local\HTC MediaHub 2014-10-12 12:42 - 2012-11-02 21:23 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-12 12:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-12 12:41 - 2011-12-30 20:36 - 02011744 _____ () C:\Windows\WindowsUpdate.log 2014-10-12 12:17 - 2010-09-14 17:13 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-12 12:06 - 2013-09-17 15:58 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-12 11:36 - 2013-10-30 13:35 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-12 10:58 - 2012-06-22 16:03 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-10-12 10:26 - 2010-12-18 14:29 - 00000000 ____D () C:\ProgramData\MFAData 2014-10-11 23:19 - 2009-09-11 10:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA 2014-10-11 23:17 - 2009-09-11 10:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-11 23:17 - 2009-09-11 10:03 - 00000000 ____D () C:\Program Files\TOSHIBA 2014-10-11 23:14 - 2009-09-11 10:04 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA 2014-10-11 23:08 - 2013-06-26 11:44 - 00000000 ____D () C:\Users\michal\AppData\Local\Unity 2014-10-11 14:46 - 2010-12-22 22:53 - 00000000 ____D () C:\Users\michal\AppData\Roaming\Windows Live Writer 2014-10-10 22:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-10 14:56 - 2010-10-23 19:37 - 00000000 ____D () C:\Users\michal\AppData\Roaming\TuneUp Software 2014-10-06 20:44 - 2014-08-30 23:59 - 00030720 _____ () C:\Users\michal\Desktop\Plan.xls 2014-10-05 00:46 - 2012-06-22 14:56 - 00000000 ___DC () C:\Qoobox 2014-10-05 00:42 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini 2014-10-05 00:26 - 2013-02-11 19:59 - 00000000 ____D () C:\Users\michal\Desktop\szmery bajery 2014-10-05 00:02 - 2010-10-15 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-05 00:02 - 2010-09-14 16:16 - 00000966 _____ () C:\Users\michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-05 00:02 - 2010-09-14 11:26 - 00000000 ____D () C:\Users\michal 2014-10-03 23:53 - 2010-10-22 14:21 - 00000000 ____D () C:\Users\michal\AppData\Local\Windows Live 2014-09-29 13:21 - 2011-04-22 20:12 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-09-29 13:21 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-29 12:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-29 10:52 - 2012-11-02 22:11 - 00000000 ____D () C:\Users\michal\AppData\Roaming\Origin 2014-09-24 09:32 - 2012-09-18 14:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-09-24 09:19 - 2014-05-07 14:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-23 22:59 - 2014-05-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Grupa IMAGE 2014-09-23 22:58 - 2011-11-25 09:52 - 00000000 ____D () C:\Users\michal\Desktop\Zdjęcia 2014-09-23 22:03 - 2013-09-17 15:58 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 22:03 - 2012-04-02 09:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 22:03 - 2011-11-29 17:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 22:02 - 2014-09-11 12:44 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-22 08:42 - 2010-10-17 13:17 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\michal\DTLite4402-0131.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-08 00:02 ==================== End Of Log ============================