Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014 Ran by ja (administrator) on JA-KOMPUTER on 04-03-2014 02:57:58 Running from C:\Users\ja\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Disc Soft Ltd) C:\Users\ja\AppData\Local\Temp\~nsu.tmp\Au_.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-10] (RealNetworks, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-13] (AVAST Software) HKU\S-1-5-21-104546968-3883456803-114699705-1000\...\MountPoints2: E - E:\AUTORUN.exe HKU\S-1-5-21-104546968-3883456803-114699705-1000\...\MountPoints2: {077ba66b-a20f-11e3-8488-00e04c8004bf} - E:\AUTORUN.exe HKU\S-1-5-21-104546968-3883456803-114699705-1000\...\MountPoints2: {91c327e7-a33f-11e3-a190-00e04c8004bf} - E:\AUTORUN.exe HKU\S-1-5-21-104546968-3883456803-114699705-1000\...\MountPoints2: {afc35519-9aac-11e1-a087-1c6f65bb43c3} - G:\win\CDSplash.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {E980955E-EB2C-4a5d-A5F9-11C2232A22EE} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\06xrl5kh.default-1352746516951 FF user.js: detected! => C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\06xrl5kh.default-1352746516951\user.js FF Homepage: onet.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\ja\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: DownloadHelper - C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\06xrl5kh.default-1352746516951\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27] FF Extension: FindRight - C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\06xrl5kh.default-1352746516951\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-03-01] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-05] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-05] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-10] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-18] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR DefaultSearchKeyword: babylon.com CHR DefaultSearchProvider: Search the web (Babylon) CHR DefaultSearchURL: http://search.babylon.com/?q={searchTerms}&affID=112555&tt=120912_cpc_3812_4&babsrc=SP_ss&mntrId=8cc8565600000000000000e04c8004bf CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll () CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (OGPlanet Game Plugin) - C:\Windows\system32\npOGPPlugin.dll No File CHR Extension: (YouTube) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-18] CHR Extension: (Szukaj w Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-13] CHR Extension: (avast! Online Security) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-28] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-13] CHR Extension: (Google Wallet) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11] CHR Extension: (Gmail) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-13] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-13] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-10] ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-13] (AVAST Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-05-25] () S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-10-28] (Wellbia.com Co., Ltd.) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-13] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-13] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-13] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-13] () S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-28] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 GPU-Z; \??\C:\Users\ja\AppData\Local\Temp\GPU-Z.sys [X] S3 RHDISK_AMD64; \??\F:\_rohos\RHDISK_AMD64.SYS [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-04 02:57 - 2014-03-04 02:58 - 00017637 _____ () C:\Users\ja\Downloads\FRST.txt 2014-03-04 02:56 - 2014-03-04 02:56 - 02156544 _____ (Farbar) C:\Users\ja\Downloads\FRST64.exe 2014-03-04 02:52 - 2014-03-04 02:52 - 00005036 _____ () C:\Windows\PFRO.log 2014-03-04 02:52 - 2014-03-04 02:52 - 00000168 _____ () C:\Windows\setupact.log 2014-03-04 02:52 - 2014-03-04 02:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-04 02:26 - 2014-03-04 02:26 - 00156744 _____ () C:\Users\ja\Downloads\guns_n_roses_paradise_city.gp5 2014-03-04 01:22 - 2014-03-04 01:22 - 02347384 _____ (ESET) C:\Users\ja\Downloads\esetsmartinstaller_plk.exe 2014-03-04 01:22 - 2014-03-04 01:22 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-02 14:44 - 2014-03-02 14:44 - 00000776 _____ () C:\Users\Public\Desktop\Unreal Antologia.lnk 2014-03-02 14:35 - 2014-03-02 14:35 - 00003815 _____ () C:\Windows\SysWOW64\ST5UNST.000 2014-03-01 15:43 - 2014-03-01 15:47 - 11754509 _____ () C:\Users\ja\Downloads\VIA4in1_MB.zip 2014-03-01 15:11 - 2014-03-01 15:11 - 02134936 _____ () C:\Users\ja\Downloads\winrar-x64-501pl(dobreprogramy.pl).exe 2014-03-01 15:10 - 2014-03-01 15:10 - 27915537 _____ ( ) C:\Users\ja\Downloads\K-Lite_Codec_Pack_1035_Full.exe 2014-03-01 12:17 - 2014-03-01 12:17 - 00044071 _____ () C:\Users\ja\Downloads\deep_purple_smoke_on_the_water.gp4 2014-03-01 10:56 - 2014-03-03 15:47 - 00000000 ____D () C:\Users\ja\Desktop\filmy 2014-03-01 10:29 - 2014-03-01 10:29 - 00047733 _____ () C:\Users\ja\Downloads\Architecture of Aggresion.gp5 2014-02-25 18:37 - 2014-02-25 18:49 - 199747797 _____ () C:\Users\ja\Desktop\Welcome Home [Sanitarium] (Lesson _ Cover) W_ Tab PT.1.mp4 2014-02-25 13:06 - 2014-02-25 13:06 - 00061397 _____ () C:\Users\ja\Downloads\metallica_welcome_home_sanitarium.gp4 2014-02-22 14:20 - 2014-02-22 14:20 - 00062269 _____ () C:\Users\ja\Downloads\sodom_napalm_in_the_morning.gp5 2014-02-15 02:42 - 2014-02-15 02:42 - 00125878 _____ () C:\Users\ja\Downloads\iron_maiden_hallowed_be_thy_name.gp5 2014-02-14 15:59 - 2014-02-14 15:59 - 00000000 ____D () C:\Users\ja\AppData\Local\EdgeOfReality 2014-02-14 12:01 - 2014-02-14 12:01 - 00000222 _____ () C:\Users\ja\Desktop\Loadout.url 2014-02-13 18:27 - 2014-02-13 18:27 - 00000000 ____D () C:\Users\ja\AppData\Local\Blizzard 2014-02-13 11:54 - 2014-02-13 18:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-02-13 11:54 - 2014-02-13 11:54 - 00001183 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-02-12 20:11 - 2014-02-12 20:11 - 00021959 _____ () C:\Users\ja\Downloads\iced_earth_frankenstein.gp3 2014-02-12 19:23 - 2014-02-15 16:00 - 00000000 ____D () C:\Users\ja\AppData\Local\Battle.net 2014-02-12 19:23 - 2014-02-13 11:53 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Battle.net 2014-02-12 19:23 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\ja\AppData\Local\Blizzard Entertainment 2014-02-12 19:22 - 2014-02-12 19:22 - 00000657 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-02-12 12:17 - 2014-02-13 12:06 - 00000209 _____ () C:\Users\ja\Desktop\Nowy dokument tekstowy.txt 2014-02-12 03:25 - 2014-02-12 03:25 - 00045311 _____ () C:\Users\ja\Downloads\afi_miss_murder.gp5 2014-02-05 20:01 - 2014-02-05 20:01 - 00069530 _____ () C:\Users\ja\Downloads\iron_maiden_the_nomad(1).gp4 2014-02-05 18:10 - 2014-02-15 00:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-03 14:09 - 2014-02-03 14:09 - 00047018 _____ () C:\Users\ja\Downloads\dio_rainbow_in_the_dark.gp5 2014-02-03 13:36 - 2014-02-03 13:36 - 00088765 _____ () C:\Users\ja\Downloads\anthrax_the_devil_you_know.gp5 ==================== One Month Modified Files and Folders ======= 2014-03-04 02:58 - 2014-03-04 02:57 - 00017637 _____ () C:\Users\ja\Downloads\FRST.txt 2014-03-04 02:57 - 2013-11-19 23:13 - 00000000 ____D () C:\FRST 2014-03-04 02:56 - 2014-03-04 02:56 - 02156544 _____ (Farbar) C:\Users\ja\Downloads\FRST64.exe 2014-03-04 02:56 - 2011-02-04 18:20 - 00740590 _____ () C:\Windows\system32\perfh015.dat 2014-03-04 02:56 - 2011-02-04 18:20 - 00155186 _____ () C:\Windows\system32\perfc015.dat 2014-03-04 02:56 - 2009-07-14 06:13 - 01669916 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-04 02:55 - 2012-04-18 14:48 - 01824202 _____ () C:\Windows\WindowsUpdate.log 2014-03-04 02:53 - 2013-09-11 17:32 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-04 02:52 - 2014-03-04 02:52 - 00005036 _____ () C:\Windows\PFRO.log 2014-03-04 02:52 - 2014-03-04 02:52 - 00000168 _____ () C:\Windows\setupact.log 2014-03-04 02:52 - 2014-03-04 02:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-04 02:52 - 2013-09-11 17:32 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-04 02:52 - 2012-02-28 14:25 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-04 02:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-04 02:26 - 2014-03-04 02:26 - 00156744 _____ () C:\Users\ja\Downloads\guns_n_roses_paradise_city.gp5 2014-03-04 02:20 - 2012-05-26 22:20 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-04 01:22 - 2014-03-04 01:22 - 02347384 _____ (ESET) C:\Users\ja\Downloads\esetsmartinstaller_plk.exe 2014-03-04 01:22 - 2014-03-04 01:22 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-04 01:02 - 2013-01-09 19:13 - 00000000 ____D () C:\Users\ja\AppData\Roaming\AIMP3 2014-03-04 01:02 - 2012-05-10 20:26 - 00000000 ____D () C:\Users\ja\AppData\Roaming\DAEMON Tools Lite 2014-03-04 01:02 - 2012-04-15 09:47 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Media Player Classic 2014-03-04 00:29 - 2013-08-06 21:26 - 00000000 ____D () C:\Users\ja\AppData\Roaming\TS3Client 2014-03-04 00:29 - 2012-02-28 16:26 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Xfire 2014-03-03 15:47 - 2014-03-01 10:56 - 00000000 ____D () C:\Users\ja\Desktop\filmy 2014-03-03 12:38 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-03 12:38 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-02 14:44 - 2014-03-02 14:44 - 00000776 _____ () C:\Users\Public\Desktop\Unreal Antologia.lnk 2014-03-02 14:38 - 2012-02-28 12:20 - 00000000 ___RD () C:\Users\ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-02 14:35 - 2014-03-02 14:35 - 00003815 _____ () C:\Windows\SysWOW64\ST5UNST.000 2014-03-01 15:47 - 2014-03-01 15:43 - 11754509 _____ () C:\Users\ja\Downloads\VIA4in1_MB.zip 2014-03-01 15:11 - 2014-03-01 15:11 - 02134936 _____ () C:\Users\ja\Downloads\winrar-x64-501pl(dobreprogramy.pl).exe 2014-03-01 15:10 - 2014-03-01 15:10 - 27915537 _____ ( ) C:\Users\ja\Downloads\K-Lite_Codec_Pack_1035_Full.exe 2014-03-01 12:17 - 2014-03-01 12:17 - 00044071 _____ () C:\Users\ja\Downloads\deep_purple_smoke_on_the_water.gp4 2014-03-01 10:29 - 2014-03-01 10:29 - 00047733 _____ () C:\Users\ja\Downloads\Architecture of Aggresion.gp5 2014-02-28 14:51 - 2012-02-28 16:26 - 00000000 ____D () C:\ProgramData\Xfire 2014-02-27 13:48 - 2012-07-10 17:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-26 15:50 - 2013-07-05 16:57 - 00000000 ____D () C:\Users\ja\AppData\Roaming\GG 2014-02-26 12:21 - 2012-05-26 22:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-26 12:21 - 2012-05-26 22:20 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-26 12:21 - 2012-02-28 16:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-25 18:49 - 2014-02-25 18:37 - 199747797 _____ () C:\Users\ja\Desktop\Welcome Home [Sanitarium] (Lesson _ Cover) W_ Tab PT.1.mp4 2014-02-25 13:06 - 2014-02-25 13:06 - 00061397 _____ () C:\Users\ja\Downloads\metallica_welcome_home_sanitarium.gp4 2014-02-22 14:20 - 2014-02-22 14:20 - 00062269 _____ () C:\Users\ja\Downloads\sodom_napalm_in_the_morning.gp5 2014-02-17 15:37 - 2013-03-26 19:57 - 00000735 _____ () C:\Users\ja\Desktop\Nowy dokument tekstowy (2).txt 2014-02-17 02:22 - 2012-02-28 16:40 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Winamp 2014-02-15 16:00 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\ja\AppData\Local\Battle.net 2014-02-15 13:27 - 2012-10-06 23:28 - 00000000 ____D () C:\Users\ja\AppData\Local\ChomikBox 2014-02-15 13:25 - 2012-08-26 16:12 - 00000000 ____D () C:\Users\ja\.gstreamer-0.10 2014-02-15 13:06 - 2012-04-27 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-15 02:42 - 2014-02-15 02:42 - 00125878 _____ () C:\Users\ja\Downloads\iron_maiden_hallowed_be_thy_name.gp5 2014-02-15 00:09 - 2014-02-05 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 15:59 - 2014-02-14 15:59 - 00000000 ____D () C:\Users\ja\AppData\Local\EdgeOfReality 2014-02-14 12:01 - 2014-02-14 12:01 - 00000222 _____ () C:\Users\ja\Desktop\Loadout.url 2014-02-14 12:01 - 2013-09-09 19:09 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-02-13 18:36 - 2014-02-13 11:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-02-13 18:27 - 2014-02-13 18:27 - 00000000 ____D () C:\Users\ja\AppData\Local\Blizzard 2014-02-13 14:02 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-13 12:06 - 2014-02-12 12:17 - 00000209 _____ () C:\Users\ja\Desktop\Nowy dokument tekstowy.txt 2014-02-13 11:54 - 2014-02-13 11:54 - 00001183 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-02-13 11:53 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Battle.net 2014-02-13 11:48 - 2013-09-11 17:32 - 00004036 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-13 11:48 - 2013-09-11 17:32 - 00003784 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-12 20:11 - 2014-02-12 20:11 - 00021959 _____ () C:\Users\ja\Downloads\iced_earth_frankenstein.gp3 2014-02-12 19:23 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\ja\AppData\Local\Blizzard Entertainment 2014-02-12 19:22 - 2014-02-12 19:22 - 00000657 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-02-12 15:19 - 2013-05-09 11:37 - 00000000 __SHD () C:\Users\ja\wc 2014-02-12 13:28 - 2013-12-13 14:56 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-12 13:26 - 2013-02-21 01:25 - 00000000 ____D () C:\Users\ja\pxgclient 2014-02-12 13:26 - 2012-02-28 12:19 - 00000000 ____D () C:\Users\ja 2014-02-12 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-02-12 13:25 - 2012-06-10 12:18 - 00000000 ____D () C:\ProgramData\Real 2014-02-12 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-02-12 03:25 - 2014-02-12 03:25 - 00045311 _____ () C:\Users\ja\Downloads\afi_miss_murder.gp5 2014-02-05 20:01 - 2014-02-05 20:01 - 00069530 _____ () C:\Users\ja\Downloads\iron_maiden_the_nomad(1).gp4 2014-02-05 18:20 - 2013-12-20 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-02-03 14:09 - 2014-02-03 14:09 - 00047018 _____ () C:\Users\ja\Downloads\dio_rainbow_in_the_dark.gp5 2014-02-03 13:36 - 2014-02-03 13:36 - 00088765 _____ () C:\Users\ja\Downloads\anthrax_the_devil_you_know.gp5 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-03 12:31 ==================== End Of Log ============================