Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 Ran by user (administrator) on LAPTOP (02-08-2015 16:24:19) Running from C:\Documents and Settings\user\Pulpit Loaded Profiles: user (Available Profiles: user) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\PluginContainer.exe () C:\Program Files\Common Files\87737dd0-ad90-4193-bd48-336966b8d777\Updater.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugins\8\Plugin.exe () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugins\2\Plugin.exe () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugins\3\Plugin.exe () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugins\7\Plugin.exe () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugins\3\Plugin.exe () C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugins\7\Plugin.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-20] (Analog Devices, Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04] (ATI Technologies Inc.) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-07-14] (Ahead Software AG) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [116648 2015-06-05] (Google Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-22] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1433275202&z=0ecaa53bc8f2ea99f7c0d5bg9zfcec5o3m1wao4ece&from=cor&uid=ST9250410AS_5VG1C4E4&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1433275202&z=0ecaa53bc8f2ea99f7c0d5bg9zfcec5o3m1wao4ece&from=cor&uid=ST9250410AS_5VG1C4E4&q={searchTerms} HKU\S-1-5-21-746137067-1390067357-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&i= HKU\S-1-5-21-746137067-1390067357-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1433275202&z=0ecaa53bc8f2ea99f7c0d5bg9zfcec5o3m1wao4ece&from=cor&uid=ST9250410AS_5VG1C4E4&q={searchTerms} HKU\S-1-5-21-746137067-1390067357-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-746137067-1390067357-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1433275202&z=0ecaa53bc8f2ea99f7c0d5bg9zfcec5o3m1wao4ece&from=cor&uid=ST9250410AS_5VG1C4E4&q={searchTerms} HKU\S-1-5-21-746137067-1390067357-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&i= HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&i=" <======= ATTENTION SearchScopes: HKU\S-1-5-21-746137067-1390067357-839522115-1003 -> DefaultScope {D7C2796E-F2BA-4A19-8302-C8705E96D074} URL = http://search.eshield.com/serp?guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-1390067357-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9250410AS_5VG1C4E4&ts=1433275288&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-1390067357-839522115-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9250410AS_5VG1C4E4&ts=1433275288&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-1390067357-839522115-1003 -> {8F9282A3-54E9-4B8F-B7F8-77549B4E2AB2} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467 SearchScopes: HKU\S-1-5-21-746137067-1390067357-839522115-1003 -> {D7C2796E-F2BA-4A19-8302-C8705E96D074} URL = http://search.eshield.com/serp?guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-1390067357-839522115-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9250410AS_5VG1C4E4&ts=1433275288&type=default&q={searchTerms} BHO: Record Page -> {2335267c-dbba-4dd5-a9d0-c4db8e6a75a4} -> C:\Program Files\Record Page\Extensions\2335267c-dbba-4dd5-a9d0-c4db8e6a75a4.dll [2015-08-02] () BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2009-10-09] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{D943668F-A2C8-4361-BB91-81E8F556EAE8}: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7oxjz15.default-1423939123625 FF NewTab: FF SelectedSearchEngine: eShield Safe Web FF Homepage: hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&i= FF Keyword.URL: hxxp://search.eshield.com/serp?guid={D524EF42-1786-4BC3-AB58-F2FE4C04F8A3}&action=default_search&k= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.) FF user.js: detected! => C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7oxjz15.default-1423939123625\user.js [2015-08-02] FF Extension: Flashblock - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7oxjz15.default-1423939123625\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29] FF Extension: Record Page - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7oxjz15.default-1423939123625\Extensions\{2dd1d62d-6394-45a3-8d61-d2008f76ce9e}.xpi [2015-08-02] FF Extension: Adblock Plus - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7oxjz15.default-1423939123625\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-14] FF Extension: YouTube Flash Video Player - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\z7oxjz15.default-1423939123625\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-07-14] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-04] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2008-04-14] (Microsoft Corporation) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-21] (Adobe Systems) [File not signed] R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] R2 Service Mgr RecordPage; C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777\plugincontainer.exe [1139464 2015-08-02] () R2 Update Mgr RecordPage; C:\Program Files\Common Files\87737dd0-ad90-4193-bd48-336966b8d777\updater.exe [1074952 2015-08-02] () R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-06-04] (Marvell) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 5U876UVC; C:\WINDOWS\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-22] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-22] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-22] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1735296 2010-01-13] (Broadcom Corporation) R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2009-01-14] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-01-14] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.) R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-01-14] (Broadcom Corporation.) R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2009-01-14] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-01-14] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [5504 2004-03-02] (Ahead Software AG) [File not signed] R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [125184 2004-03-02] (Ahead Software AG) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-01-17] (Duplex Secure Ltd.) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225664 2008-04-14] (Microsoft Corporation) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [10144 2003-05-14] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [21216 2003-05-14] (Logitech Inc.) S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [13920 2003-05-14] (Logitech Inc.) S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [5728 2003-05-14] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [44288 2003-05-14] (Logitech Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297728 2009-06-04] (Marvell) S4 IntelIde; No ImagePath S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-02 16:24 - 2015-08-02 16:25 - 00018604 _____ C:\Documents and Settings\user\Pulpit\FRST.txt 2015-08-02 16:17 - 2015-08-02 16:17 - 01673216 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2015-08-02 16:17 - 2015-08-02 16:17 - 00380416 _____ C:\Documents and Settings\user\Pulpit\n0nv5kgh.exe 2015-08-02 16:00 - 2015-08-02 16:01 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\87737dd0-ad90-4193-bd48-336966b8d777 2015-08-02 16:00 - 2015-08-02 16:00 - 00000000 ____D C:\Program Files\Record Page 2015-08-02 16:00 - 2015-08-02 16:00 - 00000000 ____D C:\Program Files\Common Files\87737dd0-ad90-4193-bd48-336966b8d777 2015-07-06 23:46 - 2015-08-02 15:42 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-06 23:46 - 2015-07-15 19:42 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-07-06 23:46 - 2015-07-15 19:42 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-07-04 08:51 - 2015-07-05 08:57 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-02 16:25 - 2010-01-13 13:18 - 00000000 ____D C:\Documents and Settings\user\Ustawienia lokalne\Temp 2015-08-02 16:24 - 2014-05-20 21:02 - 00000000 ____D C:\FRST 2015-08-02 16:24 - 2010-01-13 13:18 - 00000000 ____D C:\Documents and Settings\user\Pulpit 2015-08-02 16:17 - 2012-07-02 22:31 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-08-02 16:17 - 2010-01-13 13:11 - 00340672 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-02 16:16 - 2010-01-13 14:03 - 01087636 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-02 16:16 - 2001-10-26 20:15 - 00490866 _____ C:\WINDOWS\system32\perfh015.dat 2015-08-02 16:16 - 2001-10-26 20:15 - 00084078 _____ C:\WINDOWS\system32\perfc015.dat 2015-08-02 16:11 - 2011-04-18 22:20 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-02 16:11 - 2010-01-13 14:05 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-08-02 16:11 - 2010-01-13 14:05 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-08-02 16:11 - 2010-01-13 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-02 16:11 - 2009-02-04 01:13 - 00121808 _____ C:\WINDOWS\system32\ativvaxx.cap 2015-08-02 16:10 - 2010-01-13 13:18 - 00000188 ___SH C:\Documents and Settings\user\ntuser.ini 2015-08-02 16:10 - 2010-01-13 13:17 - 00032548 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-02 16:09 - 2010-01-13 13:18 - 00000000 ___HD C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji 2015-08-02 16:06 - 2010-01-13 14:02 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-08-02 16:03 - 2015-06-05 08:58 - 00001152 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2015-08-02 16:03 - 2011-04-18 22:20 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-02 16:00 - 2010-01-13 14:02 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-08-02 15:53 - 2013-01-15 15:58 - 00000000 ____D C:\Documents and Settings\user\Dane aplikacji\vlc 2015-08-02 15:46 - 2010-03-09 01:08 - 00000000 ____D C:\Documents and Settings\user\Dane aplikacji\uTorrent 2015-08-02 09:03 - 2015-06-05 08:58 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2015-07-28 13:49 - 2014-12-13 19:43 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2015-07-26 15:39 - 2010-01-15 22:04 - 02084918 _____ C:\WINDOWS\ACD Wallpaper.bmp 2015-07-25 08:18 - 2013-04-02 12:56 - 00422598 _____ C:\WINDOWS\setupapi.log 2015-07-23 07:34 - 2012-11-30 13:14 - 00000000 ____D C:\Documents and Settings\user\Pulpit\PULPIT 2015-07-20 22:03 - 2010-01-15 21:37 - 00000095 _____ C:\WINDOWS\winamp.ini 2015-07-20 00:03 - 2011-04-18 22:20 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2015-07-19 23:17 - 2010-01-13 13:18 - 00000000 ___RD C:\Documents and Settings\user\Moje dokumenty 2015-07-12 10:27 - 2001-07-22 02:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-06 23:09 - 2014-06-17 10:25 - 00000000 ____D C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Adobe 2015-07-05 08:57 - 2012-04-25 15:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2010-01-13 14:16 - 2010-01-13 14:16 - 0000000 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\AtStart.txt 2010-01-15 22:28 - 2014-10-08 21:48 - 0016896 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-01-13 14:16 - 2010-01-13 14:16 - 0000000 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DSwitch.txt 2010-01-18 00:34 - 2014-10-05 16:55 - 0000000 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2010-01-13 14:16 - 2010-01-13 14:16 - 0000000 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\QSwitch.txt 2014-04-15 18:13 - 2014-04-26 11:26 - 0005899 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.dat 2014-04-26 11:26 - 2014-04-26 11:26 - 0707504 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.exe 2014-04-15 18:13 - 2014-04-26 11:26 - 0011761 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.msg Some files in TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u65-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\NEventMessages.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\Nokia_PC_Suite_pol.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\Nokia_Suite_PCS_update.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\NOSEventMessages.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\utt25B.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.1.5-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.2.1-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================