Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013 Ran by ja (administrator) on JA-KOMPUTER on 19-11-2013 23:14:05 Running from C:\Users\ja\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Xfire Inc.) C:\Program Files (x86)\Xfire\Xfire.exe () C:\Program Files (x86)\Xfire\xfire64.exe () C:\Program Files (x86)\Xfire\xfire64.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\Gadu-Gadu 10\open-fm.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) MountPoints2: {afc35519-9aac-11e1-a087-1c6f65bb43c3} - G:\win\CDSplash.exe HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2012-06-10] (RealNetworks, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun AppInit_DLLs-x32: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110824&tt=4612_2&babsrc=HP_ss&mntrId=8cc8565600000000000000e04c8004bf HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {257CF3D1-1877-4be4-894E-154F007300B0} URL = http://startsear.ch/?aff=2&src=sp&cf=eb662e80-67c8-11e1-89ab-1c6f65bb43c3&q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=4612_2&babsrc=SP_ss&mntrId=8cc8565600000000000000e04c8004bf SearchScopes: HKCU - {257CF3D1-1877-4be4-894E-154F007300B0} URL = http://startsear.ch/?aff=2&src=sp&cf=eb662e80-67c8-11e1-89ab-1c6f65bb43c3&q={searchTerms} SearchScopes: HKCU - {65EBBD96-6831-20DD-129A-5D1AA32C2629} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=120912_cpc_3812_4&babsrc=SP_ss&mntrId=8cc8565600000000000000e04c8004bf SearchScopes: HKCU - {BB57C4A4-06F8-4550-9B4A-1F946D2E555A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\06xrl5kh.default-1352746516951 FF Homepage: onet.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF Extension: DownloadHelper - C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\06xrl5kh.default-1352746516951\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Search the web (Babylon)) - http://search.babylon.com/?q={searchTerms}&affID=112555&tt=120912_cpc_3812_4&babsrc=SP_ss&mntrId=8cc8565600000000000000e04c8004bf CHR DefaultSuggestURL: (Search the web (Babylon)) - "suggest_url": "", CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (OGPlanet Game Plugin) - C:\Windows\system32\npOGPPlugin.dll No File CHR Extension: (YouTube) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-25] () R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [215128 2013-10-18] () S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [666720 2012-10-28] (Wellbia.com Co., Ltd.) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-28] () R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 gdrv; \??\C:\Windows\gdrv.sys [x] S3 GPU-Z; \??\C:\Users\ja\AppData\Local\Temp\GPU-Z.sys [x] S3 RHDISK_AMD64; \??\F:\_rohos\RHDISK_AMD64.SYS [x] S3 vtany; \??\C:\Windows\vtany.sys [x] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-19 23:14 - 2013-11-19 23:14 - 00015451 _____ C:\Users\ja\Downloads\FRST.txt 2013-11-19 23:13 - 2013-11-19 23:13 - 00000000 ____D C:\FRST 2013-11-19 23:12 - 2013-11-19 23:13 - 01957964 _____ (Farbar) C:\Users\ja\Downloads\FRST64.exe 2013-11-19 21:20 - 2013-11-19 21:20 - 00077254 _____ C:\Users\ja\Downloads\deep_purple_highway_star.gp3 2013-11-18 18:16 - 2013-11-18 18:16 - 00049630 _____ C:\Users\ja\Downloads\megadeth_promises.gp5 2013-11-16 23:22 - 2013-11-16 23:22 - 00003977 _____ C:\Users\ja\.recently-used.xbel 2013-11-16 23:15 - 2013-11-16 23:22 - 00043561 _____ C:\Users\ja\Desktop\Bez nazwy.xcf 2013-11-16 22:27 - 2013-11-16 22:27 - 00063441 _____ C:\Users\ja\Downloads\metallica_wherever_i_may_roam.gp4 2013-11-15 23:55 - 2013-11-16 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 17:09 - 2013-11-15 17:09 - 00048316 _____ C:\Users\ja\Downloads\alice_cooper_poison.gp5 2013-11-14 19:24 - 2013-11-14 19:24 - 00001854 _____ C:\Users\Public\Desktop\Path of Exile.lnk 2013-11-14 15:53 - 2013-11-14 15:53 - 07401472 _____ C:\Users\ja\Downloads\PathOfExileInstaller(1).msi 2013-11-13 13:36 - 2013-11-13 13:36 - 00113279 _____ C:\Users\ja\Downloads\iron_maiden_2_minutes_to_midnight.gp5 2013-11-11 22:48 - 2013-11-11 22:49 - 00079651 _____ C:\Users\ja\Downloads\metallica_fade_to_black.gp4 2013-11-11 21:07 - 2013-11-11 21:07 - 00124549 _____ C:\Users\ja\Downloads\bruce_dickinson_tears_of_the_dragon.gp5 2013-11-10 21:36 - 2013-11-10 21:36 - 00050054 _____ C:\Users\ja\Downloads\motorhead_ace_of_spades.gp5 2013-11-10 14:30 - 2013-11-10 14:30 - 00001028 _____ C:\Users\ja\Desktop\open-fm.lnk 2013-11-10 14:29 - 2013-11-10 14:30 - 00002432 _____ C:\Users\ja\AppData\Local\TempqM3892.html 2013-11-10 14:24 - 2013-11-10 14:25 - 24669088 _____ C:\Users\ja\Desktop\gg10.exe 2013-11-10 14:22 - 2013-11-10 14:22 - 00400696 _____ (Softonic ) C:\Users\ja\Downloads\SoftonicDownloader_dla_open-fm.exe 2013-11-09 23:16 - 2006-06-28 01:42 - 00025288 _____ C:\Users\ja\Downloads\Metallica - Nothing Else Matters (5).gp4 2013-11-09 23:15 - 2013-11-09 23:15 - 00005402 _____ C:\Users\ja\Downloads\Metallica - Nothing Else Matters (5).zip 2013-11-09 19:18 - 2013-11-09 19:18 - 00041941 _____ C:\Users\ja\Downloads\metallica_nothing_else_matters.gp4 2013-11-09 10:46 - 2013-11-09 10:45 - 00049277 _____ C:\Users\ja\Downloads\megadeth_skin_o_my_teeth (2).gp4 2013-11-09 10:45 - 2013-11-09 10:45 - 00049277 _____ C:\Users\ja\Downloads\megadeth_skin_o_my_teeth.gp4 2013-11-07 13:57 - 2013-11-07 13:57 - 00033371 _____ C:\Users\ja\Downloads\iced_earth_a_question_of_heaven.gp3 2013-11-06 16:01 - 2013-11-06 16:01 - 00030699 _____ C:\Users\ja\Downloads\iron_maiden_wasting_love.gp3 2013-11-04 22:05 - 2013-11-04 22:05 - 00017417 _____ C:\Users\ja\Downloads\#2(1).gp5 2013-11-04 17:03 - 2013-11-04 17:03 - 00008524 _____ C:\Users\ja\Downloads\#2.gp5 2013-10-30 18:20 - 2013-10-30 18:20 - 00119185 _____ C:\Users\ja\Downloads\14196643.gp5 2013-10-30 18:13 - 2013-10-30 18:14 - 00000000 ____D C:\Program Files (x86)\TuxGuitar-Jet 2013-10-30 18:13 - 2013-10-30 18:13 - 00001047 _____ C:\Users\Public\Desktop\tuxguitar.lnk 2013-10-30 18:12 - 2013-10-30 18:13 - 16495636 _____ C:\Users\ja\Downloads\tuxguitar-1.2-windows-x86-jet.exe 2013-10-30 18:04 - 2013-10-30 18:05 - 07715210 _____ (Herac) C:\Users\ja\Downloads\tuxguitar-1.2-windows-x86-installer.exe 2013-10-30 17:06 - 2013-10-30 17:06 - 00019718 _____ C:\Users\ja\Downloads\misc_computer_games_the_elder_scrolls_5_-_skyrim_theme(1).gp5 2013-10-29 23:40 - 2013-10-29 23:40 - 00090759 _____ C:\Users\ja\Downloads\a-ha_take_on_me.gp5 2013-10-29 23:18 - 2013-10-29 23:18 - 00043199 _____ C:\Users\ja\Downloads\northern_kings_take_on_me.gp5 2013-10-29 16:03 - 2013-10-29 16:03 - 00091606 _____ C:\Users\ja\Downloads\megadeth_dont_turn_your_back.gp5 2013-10-28 22:15 - 2013-10-28 22:15 - 00036406 _____ C:\Users\ja\Downloads\misc_computer_games_the_elder_scrolls_5_-_skyrim_theme.gp5 2013-10-28 17:07 - 2013-10-28 17:07 - 00048908 _____ C:\Users\ja\Downloads\metallica_sad_but_true.gp4 2013-10-27 17:40 - 2013-10-27 17:40 - 00089457 _____ C:\Users\ja\Downloads\iced_earth_the_coming_curse.gp5 2013-10-26 19:07 - 2003-07-18 01:57 - 00401408 _____ () C:\Users\ja\Desktop\Start.exe 2013-10-26 19:03 - 2013-10-26 19:03 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade 2013-10-26 19:01 - 2013-10-26 19:01 - 00000000 ____D C:\Users\ja\Desktop\THPS4 Crack + Klucze 2013-10-24 19:27 - 2013-10-24 19:26 - 00012155 _____ C:\Users\ja\Downloads\black_sabbath_master_of_insanity - Kopia.gp5 2013-10-24 19:26 - 2013-10-24 19:26 - 00012155 _____ C:\Users\ja\Downloads\black_sabbath_master_of_insanity.gp5 ==================== One Month Modified Files and Folders ======= 2013-11-19 23:14 - 2013-11-19 23:14 - 00015451 _____ C:\Users\ja\Downloads\FRST.txt 2013-11-19 23:13 - 2013-11-19 23:13 - 00000000 ____D C:\FRST 2013-11-19 23:13 - 2013-11-19 23:12 - 01957964 _____ (Farbar) C:\Users\ja\Downloads\FRST64.exe 2013-11-19 23:10 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-19 23:10 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-19 22:52 - 2012-09-11 07:22 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2013-11-19 22:42 - 2013-09-11 17:32 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-19 22:20 - 2012-05-26 22:20 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-19 21:36 - 2012-02-28 16:26 - 00000000 ____D C:\Users\ja\AppData\Roaming\Xfire 2013-11-19 21:20 - 2013-11-19 21:20 - 00077254 _____ C:\Users\ja\Downloads\deep_purple_highway_star.gp3 2013-11-19 19:31 - 2013-05-09 11:37 - 00000000 __SHD C:\Users\ja\wc 2013-11-19 16:11 - 2012-04-18 14:48 - 01557735 _____ C:\Windows\WindowsUpdate.log 2013-11-19 15:42 - 2013-09-11 17:32 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-19 14:32 - 2013-07-05 16:57 - 00000000 ____D C:\Users\ja\AppData\Roaming\GG 2013-11-19 13:05 - 2011-02-04 18:20 - 00701022 _____ C:\Windows\system32\perfh015.dat 2013-11-19 13:05 - 2011-02-04 18:20 - 00136040 _____ C:\Windows\system32\perfc015.dat 2013-11-19 13:05 - 2009-07-14 06:13 - 01558380 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-19 13:01 - 2013-07-03 11:36 - 00022850 _____ C:\Windows\setupact.log 2013-11-19 13:01 - 2012-02-28 14:25 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-19 13:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-19 09:12 - 2012-07-10 17:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-18 18:22 - 2013-01-09 19:13 - 00000000 ____D C:\Users\ja\AppData\Roaming\AIMP3 2013-11-18 18:16 - 2013-11-18 18:16 - 00049630 _____ C:\Users\ja\Downloads\megadeth_promises.gp5 2013-11-16 23:22 - 2013-11-16 23:22 - 00003977 _____ C:\Users\ja\.recently-used.xbel 2013-11-16 23:22 - 2013-11-16 23:15 - 00043561 _____ C:\Users\ja\Desktop\Bez nazwy.xcf 2013-11-16 23:22 - 2012-05-05 18:19 - 00000000 ____D C:\Users\ja\AppData\Roaming\gtk-2.0 2013-11-16 23:22 - 2012-05-05 18:18 - 00000000 ____D C:\Users\ja\.gimp-2.6 2013-11-16 23:22 - 2012-02-28 12:19 - 00000000 ____D C:\Users\ja 2013-11-16 22:27 - 2013-11-16 22:27 - 00063441 _____ C:\Users\ja\Downloads\metallica_wherever_i_may_roam.gp4 2013-11-16 13:34 - 2012-02-28 16:26 - 00000000 ____D C:\ProgramData\Xfire 2013-11-16 09:22 - 2012-04-27 13:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-16 00:38 - 2013-11-15 23:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 17:09 - 2013-11-15 17:09 - 00048316 _____ C:\Users\ja\Downloads\alice_cooper_poison.gp5 2013-11-14 19:24 - 2013-11-14 19:24 - 00001854 _____ C:\Users\Public\Desktop\Path of Exile.lnk 2013-11-14 15:53 - 2013-11-14 15:53 - 07401472 _____ C:\Users\ja\Downloads\PathOfExileInstaller(1).msi 2013-11-14 13:31 - 2013-08-23 13:24 - 00000000 ____D C:\Users\ja\Desktop\uosu140 2013-11-13 13:36 - 2013-11-13 13:36 - 00113279 _____ C:\Users\ja\Downloads\iron_maiden_2_minutes_to_midnight.gp5 2013-11-11 22:49 - 2013-11-11 22:48 - 00079651 _____ C:\Users\ja\Downloads\metallica_fade_to_black.gp4 2013-11-11 21:07 - 2013-11-11 21:07 - 00124549 _____ C:\Users\ja\Downloads\bruce_dickinson_tears_of_the_dragon.gp5 2013-11-10 23:39 - 2012-08-26 16:10 - 00000000 ____D C:\ProgramData\OpenFM 2013-11-10 21:36 - 2013-11-10 21:36 - 00050054 _____ C:\Users\ja\Downloads\motorhead_ace_of_spades.gp5 2013-11-10 14:30 - 2013-11-10 14:30 - 00001028 _____ C:\Users\ja\Desktop\open-fm.lnk 2013-11-10 14:30 - 2013-11-10 14:29 - 00002432 _____ C:\Users\ja\AppData\Local\TempqM3892.html 2013-11-10 14:30 - 2012-08-26 16:12 - 00000000 ____D C:\Users\ja\.gstreamer-0.10 2013-11-10 14:30 - 2012-08-26 16:09 - 00000000 ____D C:\Program Files (x86)\Gadu-Gadu 10 2013-11-10 14:25 - 2013-11-10 14:24 - 24669088 _____ C:\Users\ja\Desktop\gg10.exe 2013-11-10 14:22 - 2013-11-10 14:22 - 00400696 _____ (Softonic ) C:\Users\ja\Downloads\SoftonicDownloader_dla_open-fm.exe 2013-11-09 23:15 - 2013-11-09 23:15 - 00005402 _____ C:\Users\ja\Downloads\Metallica - Nothing Else Matters (5).zip 2013-11-09 19:18 - 2013-11-09 19:18 - 00041941 _____ C:\Users\ja\Downloads\metallica_nothing_else_matters.gp4 2013-11-09 10:45 - 2013-11-09 10:46 - 00049277 _____ C:\Users\ja\Downloads\megadeth_skin_o_my_teeth (2).gp4 2013-11-09 10:45 - 2013-11-09 10:45 - 00049277 _____ C:\Users\ja\Downloads\megadeth_skin_o_my_teeth.gp4 2013-11-07 15:46 - 2013-07-05 16:58 - 00000000 ____D C:\Users\ja\AppData\Local\GG 2013-11-07 13:57 - 2013-11-07 13:57 - 00033371 _____ C:\Users\ja\Downloads\iced_earth_a_question_of_heaven.gp3 2013-11-07 12:17 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-06 16:01 - 2013-11-06 16:01 - 00030699 _____ C:\Users\ja\Downloads\iron_maiden_wasting_love.gp3 2013-11-04 22:05 - 2013-11-04 22:05 - 00017417 _____ C:\Users\ja\Downloads\#2(1).gp5 2013-11-04 17:03 - 2013-11-04 17:03 - 00008524 _____ C:\Users\ja\Downloads\#2.gp5 2013-10-31 16:56 - 2013-07-03 11:36 - 00003556 _____ C:\Windows\PFRO.log 2013-10-30 18:20 - 2013-10-30 18:20 - 00119185 _____ C:\Users\ja\Downloads\14196643.gp5 2013-10-30 18:14 - 2013-10-30 18:13 - 00000000 ____D C:\Program Files (x86)\TuxGuitar-Jet 2013-10-30 18:13 - 2013-10-30 18:13 - 00001047 _____ C:\Users\Public\Desktop\tuxguitar.lnk 2013-10-30 18:13 - 2013-10-30 18:12 - 16495636 _____ C:\Users\ja\Downloads\tuxguitar-1.2-windows-x86-jet.exe 2013-10-30 18:05 - 2013-10-30 18:04 - 07715210 _____ (Herac) C:\Users\ja\Downloads\tuxguitar-1.2-windows-x86-installer.exe 2013-10-30 17:06 - 2013-10-30 17:06 - 00019718 _____ C:\Users\ja\Downloads\misc_computer_games_the_elder_scrolls_5_-_skyrim_theme(1).gp5 2013-10-29 23:40 - 2013-10-29 23:40 - 00090759 _____ C:\Users\ja\Downloads\a-ha_take_on_me.gp5 2013-10-29 23:18 - 2013-10-29 23:18 - 00043199 _____ C:\Users\ja\Downloads\northern_kings_take_on_me.gp5 2013-10-29 16:03 - 2013-10-29 16:03 - 00091606 _____ C:\Users\ja\Downloads\megadeth_dont_turn_your_back.gp5 2013-10-28 22:15 - 2013-10-28 22:15 - 00036406 _____ C:\Users\ja\Downloads\misc_computer_games_the_elder_scrolls_5_-_skyrim_theme.gp5 2013-10-28 17:07 - 2013-10-28 17:07 - 00048908 _____ C:\Users\ja\Downloads\metallica_sad_but_true.gp4 2013-10-27 17:40 - 2013-10-27 17:40 - 00089457 _____ C:\Users\ja\Downloads\iced_earth_the_coming_curse.gp5 2013-10-26 19:05 - 2012-03-15 18:30 - 00000000 ____D C:\Users\ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-10-26 19:03 - 2013-10-26 19:03 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade 2013-10-26 19:01 - 2013-10-26 19:01 - 00000000 ____D C:\Users\ja\Desktop\THPS4 Crack + Klucze 2013-10-24 19:26 - 2013-10-24 19:27 - 00012155 _____ C:\Users\ja\Downloads\black_sabbath_master_of_insanity - Kopia.gp5 2013-10-24 19:26 - 2013-10-24 19:26 - 00012155 _____ C:\Users\ja\Downloads\black_sabbath_master_of_insanity.gp5 Some content of TEMP: ==================== C:\Users\ja\AppData\Local\Temp\gg10.upgr.exe C:\Users\ja\AppData\Local\Temp\ggdrive-menu.exe C:\Users\ja\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\ja\AppData\Local\Temp\installstats.exe C:\Users\ja\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\ja\AppData\Local\Temp\sfamcc00001.dll C:\Users\ja\AppData\Local\Temp\SRLDetectionLibrary1462855756360343808.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 17:17 ==================== End Of Log ============================