Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by Monika (administrator) on LENOVO-PC on 16-02-2015 21:52:18 Running from C:\Users\Monika\Desktop\farbar Loaded Profiles: Monika (Available profiles: Monika) Platform: Windows 8.1 Connected (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files\Lenovo PhoneCompanion\adb.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor) HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-06-18] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-06-18] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-06-18] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-16] (AVAST Software) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-2430813557-1338680548-1355275771-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ HKU\S-1-5-21-2430813557-1338680548-1355275771-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2430813557-1338680548-1355275771-1001 -> {0E67ECC1-3868-452F-AE83-872FEE5DDE0B} URL = http://www.google.com/search?q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File Tcpip\Parameters: [DhcpNameServer] 87.199.1.12 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\0qtldk2v.default FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=156 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Extension: Strong Signal - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\0qtldk2v.default\Extensions\{1d1a835d-e7db-4598-a263-34b77157d4e9}.xpi [2015-02-13] FF Extension: Adblock Plus - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\0qtldk2v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-16] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-16] (AVAST Software) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed] R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] () R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited) R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-06-18] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-06-18] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-06-18] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-16] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-16] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-16] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-16] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-16] () R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-14] (Realtek Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation ) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 21:47 - 2015-02-16 21:52 - 00000000 ____D () C:\FRST 2015-02-16 21:44 - 2015-02-16 21:52 - 00000000 ____D () C:\Users\Monika\Desktop\farbar 2015-02-16 21:43 - 2015-02-16 21:43 - 02085888 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe 2015-02-16 21:33 - 2015-02-16 21:33 - 00003945 _____ () C:\Users\Monika\Desktop\AdwCleaner[S0].txt 2015-02-16 21:19 - 2015-02-16 21:23 - 00000000 ____D () C:\AdwCleaner 2015-02-16 21:18 - 2015-02-16 21:19 - 02112512 _____ () C:\Users\Monika\Downloads\AdwCleaner.exe 2015-02-16 18:44 - 2015-02-16 18:44 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\AVAST Software 2015-02-16 18:39 - 2015-02-16 18:39 - 00001991 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-02-16 18:39 - 2015-02-16 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-02-16 18:38 - 2015-02-16 18:44 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-02-16 18:38 - 2015-02-16 18:38 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-02-16 18:38 - 2015-02-16 18:38 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-02-16 18:38 - 2015-02-16 18:38 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-02-16 18:38 - 2015-02-16 18:38 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-02-16 18:24 - 2015-02-16 18:24 - 00000000 ____D () C:\Program Files\AVAST Software 2015-02-16 17:54 - 2015-02-16 17:54 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-16 17:54 - 2015-02-16 17:54 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-16 17:54 - 2015-02-16 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-16 17:54 - 2015-02-16 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-16 17:53 - 2015-02-16 17:53 - 40601600 _____ () C:\Users\Monika\Downloads\Firefox%20Setup%2035.0.1.exe 2015-02-16 17:46 - 2015-02-16 17:46 - 00717216 _____ (Web Generic ) C:\Users\Monika\Downloads\Firefox(13108)-dp.exe 2015-02-14 18:52 - 2015-02-14 18:52 - 00042661 _____ () C:\Users\Monika\Desktop\TrLiIU62AWYja10A0r3W0sGdyJkc96qii4yGz0MUdGyVK7GUWQD-tKvkaxehENXZRhXWlAjRf4TsVcEa3WOuhTHxG74BfDHwdOLHAVhVzrc=w636-h411-nc.jpeg 2015-02-14 08:41 - 2015-02-14 08:41 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-02-14 08:39 - 2015-02-14 08:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-14 08:39 - 2015-02-14 08:39 - 00000000 ____D () C:\Users\Monika\AppData\Local\Microsoft Help 2015-02-13 17:44 - 2015-02-13 21:55 - 00000000 ____D () C:\Program Files (x86)\FastStone Image Viewer 2015-02-13 17:44 - 2015-02-13 17:44 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\FastStone 2015-02-13 17:42 - 2015-02-13 17:42 - 00728784 _____ (Web ) C:\Users\Monika\Downloads\FastStone-Image-Viewer(12836)-dp.exe 2015-02-12 17:35 - 2015-02-13 23:05 - 00000000 ____D () C:\Users\Monika\Desktop\afryka 2015-02-11 08:38 - 2015-02-13 23:12 - 00000000 ____D () C:\Users\Monika\Desktop\do wywołania 2015-02-10 09:16 - 2015-02-10 09:16 - 00000000 ____D () C:\Users\Monika\Desktop\zdjecia 2015-02-10 08:39 - 2015-02-10 08:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-25 10:23 - 2015-02-14 18:54 - 00071168 ___SH () C:\Users\Monika\Downloads\Thumbs.db 2015-01-23 19:17 - 2015-02-16 20:48 - 00000000 ____D () C:\Users\Monika\Desktop\Nowy folder 2015-01-17 11:46 - 2015-01-17 16:39 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-17 11:46 - 2015-01-17 16:38 - 00000000 ____D () C:\Users\Monika\AppData\Local\Google ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 21:35 - 2014-06-18 16:23 - 02055460 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-16 21:29 - 2014-10-10 19:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2430813557-1338680548-1355275771-1001 2015-02-16 21:29 - 2014-06-19 01:50 - 00807160 _____ () C:\WINDOWS\system32\perfh015.dat 2015-02-16 21:29 - 2014-06-19 01:50 - 00163478 _____ () C:\WINDOWS\system32\perfc015.dat 2015-02-16 21:29 - 2014-03-18 10:53 - 01825074 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-16 21:24 - 2014-10-10 19:38 - 00808260 _____ () C:\Users\Monika\AppData\Local\BTServer.log 2015-02-16 21:24 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-16 21:23 - 2014-06-18 17:03 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf 2015-02-16 21:23 - 2014-06-18 16:19 - 06937466 _____ () C:\Users\Public\CAFADEBUG.log 2015-02-16 21:00 - 2014-11-03 19:50 - 00218112 ___SH () C:\Users\Monika\Desktop\Thumbs.db 2015-02-16 21:00 - 2014-03-18 10:44 - 00940382 _____ () C:\WINDOWS\PFRO.log 2015-02-16 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-16 18:24 - 2014-11-10 22:07 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-15 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-14 08:54 - 2013-08-22 15:44 - 00346112 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-14 08:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-14 08:48 - 2014-06-18 16:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-02-14 08:47 - 2014-03-18 10:38 - 00000000 ____D () C:\WINDOWS\ShellNew 2015-02-14 08:47 - 2013-08-22 14:25 - 00000076 _____ () C:\WINDOWS\win.ini 2015-02-14 08:46 - 2014-04-02 17:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-14 08:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-13 22:59 - 2014-10-24 18:48 - 00003914 _____ () C:\Users\Monika\Desktop\szarlotka.txt 2015-02-13 22:31 - 2014-12-05 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 2015-02-12 17:51 - 2013-08-22 15:46 - 00026337 _____ () C:\WINDOWS\setupact.log 2015-02-11 09:41 - 2014-10-10 19:37 - 00000000 ____D () C:\Users\Monika ==================== Files in the root of some directories ======= 2014-10-10 19:38 - 2015-02-16 21:24 - 0808260 _____ () C:\Users\Monika\AppData\Local\BTServer.log 2014-06-18 16:18 - 2014-06-18 16:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Monika\AppData\Local\Temp\hp_80DC.tmp.exe C:\Users\Monika\AppData\Local\Temp\hp_8411.tmp.exe C:\Users\Monika\AppData\Local\Temp\ochelper.dll C:\Users\Monika\AppData\Local\Temp\ochelper.exe C:\Users\Monika\AppData\Local\Temp\oct273.tmp.exe C:\Users\Monika\AppData\Local\Temp\oct3A5B.tmp.exe C:\Users\Monika\AppData\Local\Temp\oct3C4.tmp.exe C:\Users\Monika\AppData\Local\Temp\octD854.tmp.exe C:\Users\Monika\AppData\Local\Temp\octF5B7.tmp.exe C:\Users\Monika\AppData\Local\Temp\octFAEB.tmp.exe C:\Users\Monika\AppData\Local\Temp\Quarantine.exe C:\Users\Monika\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-08 20:57 ==================== End Of Log ============================