Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 ([color=red]ATTENTION: ====> FRST version is 34 days old and could be outdated[/color]) Ran by lenovo (administrator) on LENOVO-THINK on 16-04-2014 16:38:59 Running from F:\Naprawa laptopa Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () C:\Program Files (x86)\iPlus\iPlusManager.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) C:\Windows\System32\Magnify.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated) HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [iPlusManager] - C:\Program Files (x86)\iPlus\iPlusChecker.exe [468288 2010-11-26] () HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-12] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-792102220-3396410978-4218021924-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-792102220-3396410978-4218021924-1000\...\MountPoints2: {55aa1854-fadc-11df-9837-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-792102220-3396410978-4218021924-1000\...\MountPoints2: {73588915-a8c2-11e2-9a55-ccf0da10d88d} - F:\AutoRun.exe HKU\S-1-5-21-792102220-3396410978-4218021924-1000\...\MountPoints2: {c735ba4d-9231-11e2-95a5-60eb699a279c} - F:\AutoRun.exe HKU\S-1-5-21-792102220-3396410978-4218021924-1000\...\MountPoints2: {c735ba5b-9231-11e2-95a5-60eb699a279c} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{9384EBC4-5631-4B81-9A7A-3D5D21E5F5CE}: [NameServer]212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{BF62FB56-78F4-42DB-ACF3-737C88FFB844}: [NameServer]212.2.96.51 212.2.96.52 FireFox: ======== FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\39bf5st4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\39bf5st4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-20] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-18] Chrome: ======= CHR Extension: (Docs) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12] CHR Extension: (Dysk Google) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12] CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12] CHR Extension: (Szukaj w Google) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12] CHR Extension: (Google Wallet) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12] CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-12] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-12] (AVAST Software) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-12] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-12] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-12] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-12] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-11-26] (Huawei Technologies Co., Ltd.) R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] () S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 16:38 - 2014-04-16 16:38 - 00000000 ____D () C:\FRST 2014-04-16 16:14 - 2014-04-16 16:15 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-16 16:14 - 2014-04-16 16:14 - 00000000 ____D () C:\ProgramData\Sun 2014-04-16 16:14 - 2014-04-16 16:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-16 16:14 - 2014-04-16 16:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-16 16:14 - 2014-04-16 16:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-16 16:14 - 2014-04-16 16:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-16 16:13 - 2014-04-16 16:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-16 16:07 - 2014-04-16 16:07 - 00921000 _____ (Oracle Corporation) C:\Users\lenovo\Downloads\jxpiinstall(1).exe 2014-04-16 15:52 - 2014-04-16 15:52 - 00921000 _____ (Oracle Corporation) C:\Users\lenovo\Downloads\jxpiinstall.exe 2014-04-16 15:14 - 2014-04-16 16:27 - 00000842 _____ () C:\Windows\setupact.log 2014-04-16 15:14 - 2014-04-16 15:14 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-16 15:13 - 2014-04-16 15:13 - 00442648 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 15:09 - 2014-04-16 15:12 - 00000000 ____D () C:\AdwCleaner 2014-04-16 15:08 - 2014-04-16 15:08 - 01426178 _____ () C:\Users\lenovo\Downloads\AdwCleaner.exe 2014-04-12 08:14 - 2014-04-12 08:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-10 15:55 - 2014-04-10 15:55 - 01301462 _____ () C:\Users\lenovo\Downloads\zyczenia-wielkanocne-2012.bmp 2014-03-29 13:01 - 2014-04-16 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-17 19:03 - 2014-04-12 08:14 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-03-17 17:42 - 2014-04-16 15:21 - 00000000 ____D () C:\Windows\pss 2014-03-17 17:33 - 2014-03-17 17:33 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-17 17:32 - 2014-03-17 17:32 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-17 17:30 - 2014-03-17 17:31 - 04765152 _____ (Piriform Ltd) C:\Users\lenovo\Downloads\ccsetup411.exe ==================== One Month Modified Files and Folders ======= 2014-04-16 16:38 - 2014-04-16 16:38 - 00000000 ____D () C:\FRST 2014-04-16 16:32 - 2010-11-28 21:29 - 00687828 _____ () C:\Windows\system32\perfh015.dat 2014-04-16 16:32 - 2010-11-28 21:29 - 00131382 _____ () C:\Windows\system32\perfc015.dat 2014-04-16 16:32 - 2009-07-14 07:13 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 16:29 - 2013-03-20 18:22 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 16:27 - 2014-04-16 15:14 - 00000842 _____ () C:\Windows\setupact.log 2014-04-16 16:27 - 2010-11-28 12:47 - 01115492 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 16:15 - 2014-04-16 16:14 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-16 16:14 - 2014-04-16 16:14 - 00000000 ____D () C:\ProgramData\Sun 2014-04-16 16:13 - 2014-04-16 16:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-16 16:13 - 2014-04-16 16:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-16 16:13 - 2014-04-16 16:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-16 16:13 - 2014-04-16 16:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-16 16:13 - 2014-04-16 16:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-16 16:07 - 2014-04-16 16:07 - 00921000 _____ (Oracle Corporation) C:\Users\lenovo\Downloads\jxpiinstall(1).exe 2014-04-16 15:59 - 2014-03-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-16 15:52 - 2014-04-16 15:52 - 00921000 _____ (Oracle Corporation) C:\Users\lenovo\Downloads\jxpiinstall.exe 2014-04-16 15:37 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 15:37 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 15:27 - 2013-03-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-16 15:21 - 2014-03-17 17:42 - 00000000 ____D () C:\Windows\pss 2014-04-16 15:21 - 2013-03-15 17:47 - 00000000 ___RD () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-16 15:14 - 2014-04-16 15:14 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-16 15:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 15:13 - 2014-04-16 15:13 - 00442648 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 15:12 - 2014-04-16 15:09 - 00000000 ____D () C:\AdwCleaner 2014-04-16 15:08 - 2014-04-16 15:08 - 01426178 _____ () C:\Users\lenovo\Downloads\AdwCleaner.exe 2014-04-16 14:58 - 2013-03-15 17:47 - 00121776 _____ () C:\Users\lenovo\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-13 14:00 - 2010-11-28 13:33 - 00000332 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-04-12 08:26 - 2013-03-20 22:32 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Google 2014-04-12 08:15 - 2013-03-18 13:09 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-12 08:15 - 2013-03-18 13:09 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-12 08:14 - 2014-04-12 08:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-12 08:14 - 2014-03-17 19:03 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-12 08:14 - 2013-03-20 18:22 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-12 08:14 - 2013-03-20 18:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-12 08:14 - 2013-03-18 13:09 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-12 08:14 - 2013-03-18 13:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-12 08:14 - 2013-03-18 13:09 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-12 08:14 - 2013-03-18 13:09 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-12 08:14 - 2013-03-18 13:09 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-10 15:55 - 2014-04-10 15:55 - 01301462 _____ () C:\Users\lenovo\Downloads\zyczenia-wielkanocne-2012.bmp 2014-04-02 14:18 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 18:18 - 2013-03-18 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-17 17:37 - 2013-03-20 22:48 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Media Player Classic 2014-03-17 17:36 - 2009-07-24 19:29 - 00000000 ____D () C:\Windows\Panther 2014-03-17 17:33 - 2014-03-17 17:33 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-17 17:32 - 2014-03-17 17:32 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-17 17:31 - 2014-03-17 17:30 - 04765152 _____ (Piriform Ltd) C:\Users\lenovo\Downloads\ccsetup411.exe Some content of TEMP: ==================== C:\Users\lenovo\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2009-07-24 18:29 ==================== End Of Log ============================