Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by user (administrator) on USER-KOMPUTER on 09-01-2015 22:45:17 Running from C:\Users\user\Downloads Loaded Profile: user (Available profiles: user) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ClickCaption) C:\Program Files (x86)\ClickCaption_1.10.0.5\Service\ccsvc.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe () C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBWMgr.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-10] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2306732264-2671449272-640629496-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-2306732264-2671449272-640629496-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-2306732264-2671449272-640629496-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} HKU\S-1-5-21-2306732264-2671449272-640629496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2306732264-2671449272-640629496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mzl5xuun.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mzl5xuun.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mzl5xuun.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-20] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mzl5xuun.default\extensions\faststartff@gmail.com FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=sc&ts=1419886090&from=cor&uid=TOSHIBAXMK6475GSX_Y199FKJASXXY199FKJAS Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ccsvc_1.10.0.5; C:\Program Files (x86)\ClickCaption_1.10.0.5\Service\ccsvc.exe [277584 2014-12-12] (ClickCaption) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed] S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] () R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software) S3 netr28ux; system32\DRIVERS\netr28ux.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 22:45 - 2015-01-09 22:45 - 00011959 _____ () C:\Users\user\Downloads\FRST.txt 2015-01-09 22:35 - 2015-01-09 22:35 - 00000197 _____ () C:\Windows\system32\2015-01-09-21-35-28.045-AvastVBoxSVC.exe-4056.log 2015-01-09 22:34 - 2014-11-14 14:05 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-09 22:28 - 2015-01-09 22:28 - 00270384 _____ () C:\Windows\Minidump\010915-35615-01.dmp 2015-01-09 19:08 - 2015-01-09 19:09 - 00000197 _____ () C:\Windows\system32\2015-01-09-18-08-53.075-AvastVBoxSVC.exe-2708.log 2015-01-08 21:41 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion 2015-01-08 21:28 - 2015-01-08 21:28 - 00000197 _____ () C:\Windows\system32\2015-01-08-20-28-05.046-AvastVBoxSVC.exe-1804.log 2015-01-08 20:46 - 2015-01-08 20:47 - 00000197 _____ () C:\Windows\system32\2015-01-08-19-46-51.066-AvastVBoxSVC.exe-2928.log 2015-01-07 21:03 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\Downloads\Pretty.Little.Liars.S05E14.HDTV.x264-LOL[ettv] 2015-01-07 20:34 - 2015-01-07 20:34 - 00000197 _____ () C:\Windows\system32\2015-01-07-19-34-22.053-AvastVBoxSVC.exe-2580.log 2015-01-06 21:40 - 2015-01-06 21:40 - 00000197 _____ () C:\Windows\system32\2015-01-06-20-40-28.025-AvastVBoxSVC.exe-2924.log 2015-01-06 21:37 - 2015-01-09 22:28 - 00000000 ____D () C:\Windows\Minidump 2015-01-06 21:37 - 2015-01-09 22:27 - 137830444 _____ () C:\Windows\MEMORY.DMP 2015-01-06 21:37 - 2015-01-06 21:38 - 00455160 _____ () C:\Windows\Minidump\010615-36769-01.dmp 2015-01-06 21:03 - 2015-01-06 21:03 - 00689664 _____ () C:\Users\user\Downloads\MicrosoftFixit50202.msi 2015-01-06 20:57 - 2015-01-06 20:57 - 00029384 _____ (Microsoft Corporation) C:\Users\user\Downloads\KB3024777-amd64.exe 2015-01-06 20:53 - 2015-01-06 20:53 - 00028864 _____ (Microsoft Corporation) C:\Users\user\Downloads\KB3024777-x86.exe 2015-01-06 18:33 - 2015-01-06 18:33 - 00026094 _____ () C:\Users\user\Downloads\GMER1.txt 2015-01-06 17:03 - 2015-01-06 17:03 - 00013046 _____ () C:\Users\user\Downloads\GMER.log 2015-01-06 15:33 - 2015-01-06 15:33 - 00045896 _____ () C:\Users\user\Downloads\Extras.Txt 2015-01-06 15:31 - 2015-01-06 15:31 - 00084990 _____ () C:\Users\user\Downloads\OTL.Txt 2015-01-06 15:14 - 2015-01-06 15:14 - 00027027 _____ () C:\Users\user\Downloads\Shortcut.txt 2015-01-06 15:11 - 2015-01-06 15:14 - 00021842 _____ () C:\Users\user\Downloads\Addition.txt 2015-01-06 15:09 - 2015-01-09 22:45 - 00000000 ____D () C:\FRST 2015-01-06 15:03 - 2015-01-06 15:03 - 00380416 _____ () C:\Users\user\Downloads\lem86rpe.exe 2015-01-06 15:01 - 2015-01-06 15:01 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe 2015-01-06 15:00 - 2015-01-08 21:41 - 02124288 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2015-01-06 12:57 - 2015-01-06 12:58 - 00000197 _____ () C:\Windows\system32\2015-01-06-11-57-41.032-AvastVBoxSVC.exe-2176.log 2015-01-06 01:40 - 2015-01-06 01:40 - 00000197 _____ () C:\Windows\system32\2015-01-06-00-40-06.089-AvastVBoxSVC.exe-2700.log 2015-01-06 00:04 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-01-06 00:04 - 2015-01-06 00:04 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk 2015-01-06 00:03 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Sony 2015-01-06 00:03 - 2015-01-09 20:50 - 00000000 ____D () C:\Program Files\Sony 2015-01-06 00:03 - 2015-01-09 20:47 - 00000000 ____D () C:\Program Files (x86)\Sony 2015-01-05 23:59 - 2015-01-06 00:00 - 354230360 _____ () C:\Users\user\Downloads\vegaspro13.0.310_64bit.exe 2015-01-05 23:59 - 2015-01-06 00:00 - 00000289 _____ () C:\Users\user\Downloads\How To Open Nfo Files.txt 2015-01-05 23:25 - 2015-01-06 00:00 - 00003304 _____ () C:\Users\user\Downloads\ChingLiu.Install.Notes.nfo 2015-01-05 23:07 - 2015-01-05 23:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Sony Creative Software Inc 2015-01-05 23:02 - 2015-01-05 23:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\Publish Providers 2015-01-05 22:59 - 2015-01-06 00:04 - 00013708 _____ () C:\Windows\system32\--traceoff 2015-01-05 22:59 - 2015-01-05 22:59 - 00000000 _____ () C:\Windows\system32\--debugoff 2015-01-05 22:58 - 2015-01-09 20:56 - 00000000 ____D () C:\Users\user\AppData\Local\Sony 2015-01-05 22:55 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\Sony 2015-01-05 21:24 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu] 2015-01-05 19:28 - 2015-01-05 19:28 - 00642896 _____ () C:\Users\user\Downloads\setup.exe 2015-01-05 18:28 - 2015-01-05 18:29 - 00000197 _____ () C:\Windows\system32\2015-01-05-17-28-50.075-AvastVBoxSVC.exe-2900.log 2015-01-04 13:05 - 2015-01-04 13:14 - 00000000 ____D () C:\Users\user\Desktop\zdj d wywołania 2015-01-04 12:41 - 2015-01-04 12:41 - 00000197 _____ () C:\Windows\system32\2015-01-04-11-41-14.035-AvastVBoxSVC.exe-2648.log 2015-01-03 16:01 - 2015-01-03 16:01 - 00000197 _____ () C:\Windows\system32\2015-01-03-15-01-01.014-AvastVBoxSVC.exe-3012.log 2015-01-02 18:47 - 2015-01-02 18:47 - 00000197 _____ () C:\Windows\system32\2015-01-02-17-47-26.060-AvastVBoxSVC.exe-2520.log 2015-01-01 14:04 - 2015-01-01 14:04 - 00003152 _____ () C:\Windows\System32\Tasks\{189DCC04-9A31-40C4-A868-DA1AE6B47940} 2015-01-01 13:52 - 2015-01-01 13:52 - 00000197 _____ () C:\Windows\system32\2015-01-01-12-52-01.059-AvastVBoxSVC.exe-3044.log 2015-01-01 02:11 - 2015-01-01 02:11 - 00000197 _____ () C:\Windows\system32\2015-01-01-01-11-02.066-AvastVBoxSVC.exe-3064.log 2014-12-31 15:29 - 2014-12-31 15:29 - 00000197 _____ () C:\Windows\system32\2014-12-31-14-29-40.098-AvastVBoxSVC.exe-2592.log 2014-12-31 07:29 - 2014-12-31 07:29 - 00000197 _____ () C:\Windows\system32\2014-12-31-06-29-49.048-AvastVBoxSVC.exe-3036.log 2014-12-31 01:32 - 2014-12-31 01:32 - 00000000 ____D () C:\Windows\SysWOW64\Hotspot Shield 2014-12-30 20:02 - 2014-12-30 20:02 - 00000197 _____ () C:\Windows\system32\2014-12-30-19-02-13.016-AvastVBoxSVC.exe-2680.log 2014-12-30 08:51 - 2014-12-30 08:52 - 00000197 _____ () C:\Windows\system32\2014-12-30-07-51-30.043-AvastVBoxSVC.exe-2164.log 2014-12-30 07:12 - 2014-12-30 07:12 - 00000197 _____ () C:\Windows\system32\2014-12-30-06-12-33.043-AvastVBoxSVC.exe-1372.log 2014-12-29 21:58 - 2015-01-09 22:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2014-12-29 21:58 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\GHISLER 2014-12-29 21:58 - 2015-01-09 21:45 - 00000000 ____D () C:\totalcmd 2014-12-29 21:58 - 2014-12-29 21:58 - 00000632 _____ () C:\Users\user\Desktop\Total Commander.lnk 2014-12-29 21:58 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\UC.PIF 2014-12-29 21:58 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\RAR.PIF 2014-12-29 21:58 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\PKZIP.PIF 2014-12-29 21:58 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\PKUNZIP.PIF 2014-12-29 21:58 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\LHA.PIF 2014-12-29 21:58 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\ARJ.PIF 2014-12-29 21:49 - 2014-12-30 07:33 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-12-29 21:47 - 2015-01-09 21:45 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.5 2014-12-29 21:47 - 2014-12-29 21:47 - 03721616 _____ (Ghisler Software GmbH) C:\Users\user\Downloads\Total Commander 8.51a [1].exe 2014-12-29 21:47 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\WebTest 2014-12-29 18:16 - 2014-12-29 18:16 - 00000197 _____ () C:\Windows\system32\2014-12-29-17-16-39.016-AvastVBoxSVC.exe-2640.log 2014-12-28 21:40 - 2014-12-28 21:40 - 00000197 _____ () C:\Windows\system32\2014-12-28-20-40-01.068-AvastVBoxSVC.exe-2920.log 2014-12-28 08:55 - 2014-12-28 08:55 - 00000197 _____ () C:\Windows\system32\2014-12-28-07-55-06.024-AvastVBoxSVC.exe-2792.log 2014-12-27 18:26 - 2014-12-27 18:26 - 00000197 _____ () C:\Windows\system32\2014-12-27-17-26-24.052-AvastVBoxSVC.exe-2500.log 2014-12-26 17:45 - 2014-12-26 17:45 - 00000197 _____ () C:\Windows\system32\2014-12-26-16-45-35.045-AvastVBoxSVC.exe-2748.log 2014-12-26 11:25 - 2014-12-26 11:26 - 00000197 _____ () C:\Windows\system32\2014-12-26-10-25-35.023-AvastVBoxSVC.exe-2844.log 2014-12-25 23:08 - 2014-12-25 23:08 - 00000197 _____ () C:\Windows\system32\2014-12-25-22-08-01.034-AvastVBoxSVC.exe-3052.log 2014-12-25 16:20 - 2014-12-25 16:20 - 00000197 _____ () C:\Windows\system32\2014-12-25-15-20-02.034-AvastVBoxSVC.exe-1684.log 2014-12-25 08:50 - 2014-12-25 08:50 - 00000197 _____ () C:\Windows\system32\2014-12-25-07-50-28.038-AvastVBoxSVC.exe-2196.log 2014-12-25 01:50 - 2014-12-25 01:51 - 00000197 _____ () C:\Windows\system32\2014-12-25-00-50-55.070-AvastVBoxSVC.exe-2464.log 2014-12-24 15:20 - 2014-12-24 15:20 - 00000197 _____ () C:\Windows\system32\2014-12-24-14-20-10.012-AvastVBoxSVC.exe-2468.log 2014-12-23 23:54 - 2014-12-23 23:55 - 00000197 _____ () C:\Windows\system32\2014-12-23-22-54-46.002-AvastVBoxSVC.exe-2448.log 2014-12-23 18:35 - 2014-12-23 18:35 - 00000197 _____ () C:\Windows\system32\2014-12-23-17-35-14.011-AvastVBoxSVC.exe-2400.log 2014-12-22 19:23 - 2014-12-22 19:23 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-23-19.085-AvastVBoxSVC.exe-2592.log 2014-12-21 21:47 - 2014-12-21 21:47 - 00000197 _____ () C:\Windows\system32\2014-12-21-20-47-35.048-AvastVBoxSVC.exe-2524.log 2014-12-21 12:29 - 2014-12-21 12:29 - 00000197 _____ () C:\Windows\system32\2014-12-21-11-29-23.057-AvastVBoxSVC.exe-2064.log 2014-12-20 20:24 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-12-20 20:24 - 2015-01-09 20:56 - 00000000 ____D () C:\Users\user\AppData\Local\Skype 2014-12-20 20:23 - 2015-01-09 21:45 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-20 20:23 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Skype 2014-12-20 20:23 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-12-20 20:23 - 2014-12-20 20:23 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-12-20 20:21 - 2014-12-20 20:21 - 01548384 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\SkypeSetup.exe 2014-12-20 20:13 - 2014-12-20 20:13 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-13-43.024-AvastVBoxSVC.exe-2616.log 2014-12-19 22:42 - 2014-12-19 22:42 - 00000197 _____ () C:\Windows\system32\2014-12-19-21-42-06.047-AvastVBoxSVC.exe-2348.log 2014-12-18 23:32 - 2014-05-17 03:35 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys 2014-12-18 23:30 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\Hotspot Shield 2014-12-18 23:30 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2014-12-18 23:30 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Hotspot Shield 2014-12-18 23:30 - 2015-01-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield 2014-12-18 23:29 - 2014-12-18 23:29 - 07787136 _____ () C:\Users\user\Downloads\HSS-3.42-install-e-550-plain.exe 2014-12-18 21:37 - 2014-12-18 21:37 - 00000197 _____ () C:\Windows\system32\2014-12-18-20-37-12.027-AvastVBoxSVC.exe-2104.log 2014-12-17 18:42 - 2014-12-17 18:42 - 00000197 _____ () C:\Windows\system32\2014-12-17-17-42-28.054-AvastVBoxSVC.exe-2184.log 2014-12-16 23:19 - 2014-12-16 23:19 - 05169404 _____ () C:\Users\user\Downloads\Top - Tempo - no diggity.mp4 2014-12-16 20:07 - 2014-12-16 20:07 - 00000197 _____ () C:\Windows\system32\2014-12-16-19-07-34.054-AvastVBoxSVC.exe-2424.log 2014-12-15 19:27 - 2014-12-15 19:27 - 00000197 _____ () C:\Windows\system32\2014-12-15-18-27-20.042-AvastVBoxSVC.exe-2316.log 2014-12-14 19:14 - 2014-12-14 19:14 - 00000197 _____ () C:\Windows\system32\2014-12-14-18-14-07.014-AvastVBoxSVC.exe-2376.log 2014-12-14 12:04 - 2014-12-14 12:04 - 00000197 _____ () C:\Windows\system32\2014-12-14-11-04-46.033-AvastVBoxSVC.exe-328.log 2014-12-13 20:28 - 2015-01-09 20:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software 2014-12-13 20:28 - 2014-12-13 20:28 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software 2014-12-13 20:27 - 2014-12-17 18:47 - 00003882 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1418498865 2014-12-13 20:27 - 2014-12-13 20:27 - 00001135 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-12-13 20:27 - 2014-12-13 20:27 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-12-13 20:26 - 2014-12-13 20:26 - 00049524 _____ () C:\Users\user\Downloads\Arrow.S03E08.HDTV.x264-LOL.srt 2014-12-13 20:26 - 2014-12-13 20:26 - 00049524 _____ () C:\Users\user\Downloads\Arrow.S03E08.HDTV.x264-LOL (2).srt 2014-12-13 20:25 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\NapiProjekt 2014-12-13 20:25 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\IHlpr 2014-12-13 20:25 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt 2014-12-13 20:25 - 2015-01-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-13 20:25 - 2014-12-13 20:25 - 00024912 _____ () C:\Users\user\Downloads\Arrow.S03E07.HDTV.x264-LOL.txt 2014-12-13 20:24 - 2015-01-09 21:45 - 00000000 ____D () C:\Program Files (x86)\NapiProjekt 2014-12-13 20:24 - 2014-12-13 20:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\OpenCandy 2014-12-13 19:53 - 2014-12-13 19:55 - 09989013 _____ ( ) C:\Users\user\Downloads\NapiProjektBuild_2.2.0.2399(dobreprogramy.pl).exe 2014-12-13 17:15 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\Downloads\Arrow.S03E09.HDTV.x264-LOL[ettv] 2014-12-13 17:14 - 2014-12-13 17:58 - 241928411 _____ () C:\Users\user\Downloads\Arrow.S03E07.HDTV.x264-LOL.mp4 2014-12-13 17:14 - 2014-12-13 17:43 - 260519446 _____ () C:\Users\user\Downloads\Arrow.S03E08.HDTV.x264-LOL.mp4 2014-12-13 10:42 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\Downloads\The.Vampire.Diaries.S06E10.HDTV.x264-LOL[ettv] 2014-12-13 10:35 - 2014-12-13 10:36 - 00000000 ____D () C:\Users\user\Downloads\Trance Zen Dental Spa 2014-12-13 10:34 - 2014-12-13 10:34 - 00000792 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-12-13 10:34 - 2014-12-13 10:34 - 00000000 ____D () C:\ProgramData\APN 2014-12-13 10:33 - 2015-01-09 21:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent 2014-12-13 10:33 - 2014-12-13 10:33 - 01682512 _____ (BitTorrent Inc.) C:\Users\user\Downloads\utorrent.exe 2014-12-13 10:03 - 2014-12-13 10:03 - 00000197 _____ () C:\Windows\system32\2014-12-13-09-03-28.028-AvastVBoxSVC.exe-2124.log 2014-12-12 22:19 - 2014-12-12 22:20 - 00000197 _____ () C:\Windows\system32\2014-12-12-21-19-32.003-AvastVBoxSVC.exe-2256.log 2014-12-12 00:53 - 2014-12-12 00:53 - 00058232 _____ (ClickCaption) C:\Windows\system32\Drivers\ccnfd_1_10_0_5.sys 2014-12-11 20:20 - 2014-12-11 20:20 - 00000197 _____ () C:\Windows\system32\2014-12-11-19-20-46.010-AvastVBoxSVC.exe-2308.log 2014-12-10 22:33 - 2015-01-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 21:16 - 2014-12-10 21:16 - 00000197 _____ () C:\Windows\system32\2014-12-10-20-16-14.049-AvastVBoxSVC.exe-1872.log 2014-12-10 21:12 - 2015-01-09 22:00 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 01:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 01:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 01:02 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-10 01:02 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-10 01:02 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-10 01:02 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-10 01:02 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-10 01:02 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-10 01:02 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-10 01:02 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 22:40 - 2009-07-14 05:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-09 22:40 - 2009-07-14 05:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-09 22:35 - 2014-11-14 14:06 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-01-09 22:35 - 2014-11-14 14:05 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-09 22:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-09 22:28 - 2009-07-14 05:51 - 00024656 _____ () C:\Windows\setupact.log 2015-01-09 22:03 - 2014-11-14 14:06 - 00000000 ____D () C:\Windows\SysWOW64\vbox 2015-01-09 22:03 - 2014-11-14 14:06 - 00000000 ____D () C:\Windows\system32\vbox 2015-01-09 22:01 - 2009-07-14 19:09 - 00000000 ____D () C:\Windows\ShellNew 2015-01-09 22:01 - 2009-07-14 19:09 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-09 22:01 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-09 22:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages 2015-01-09 22:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-01-09 22:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-09 22:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker 2015-01-09 22:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ras 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\catroot2.bak 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sppui 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ras 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ias 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-09 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Services 2015-01-09 22:00 - 2014-11-14 13:36 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-01-09 22:00 - 2009-07-14 18:55 - 00000000 ____D () C:\Windows\SysWOW64\pl 2015-01-09 22:00 - 2009-07-14 18:55 - 00000000 ____D () C:\Windows\system32\pl 2015-01-09 22:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2015-01-09 22:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-09 22:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2015-01-09 22:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-09 22:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\th-TH 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ro-RO 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\manifeststore 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lv-LV 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lt-LT 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\hr-HR 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\he-IL 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\et-EE 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-09 22:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas 2015-01-09 21:52 - 2014-11-16 20:11 - 00000000 ____D () C:\Windows\system32\SPReview 2015-01-09 21:52 - 2014-11-14 13:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-01-09 21:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\SMI 2015-01-09 21:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NetworkList 2015-01-09 21:51 - 2014-11-16 19:40 - 00000000 ____D () C:\Windows\system32\EventProviders 2015-01-09 21:51 - 2014-11-14 13:02 - 00000000 ____D () C:\Windows\system32\Macromed 2015-01-09 21:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas 2015-01-09 21:49 - 2014-11-29 00:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\Winamp 2015-01-09 21:49 - 2014-11-28 23:05 - 00000000 ____D () C:\Users\user\AppData\Roaming\Audacity 2015-01-09 21:49 - 2014-11-21 07:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-09 21:49 - 2014-11-14 12:48 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-09 21:49 - 2014-11-14 12:48 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-09 21:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-09 21:45 - 2014-12-01 22:09 - 00000000 ____D () C:\Program Files (x86)\Aegisub 2015-01-09 21:45 - 2014-11-29 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm 2015-01-09 21:45 - 2014-11-29 09:19 - 00000000 ____D () C:\Program Files (x86)\Last.fm 2015-01-09 21:45 - 2014-11-29 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-01-09 21:45 - 2014-11-29 00:15 - 00000000 ____D () C:\Program Files (x86)\Winamp 2015-01-09 21:45 - 2014-11-28 23:04 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-01-09 21:45 - 2014-11-28 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2015-01-09 21:45 - 2014-11-21 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-09 21:45 - 2014-11-21 07:43 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-09 21:45 - 2014-11-16 14:52 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-01-09 21:45 - 2014-11-16 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-01-09 21:45 - 2014-11-14 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-09 21:45 - 2014-11-14 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-09 21:45 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-09 21:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-09 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-09 21:19 - 2009-07-14 18:55 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2015-01-09 21:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech 2015-01-09 21:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2015-01-09 21:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\spp 2015-01-09 21:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Speech 2015-01-09 21:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI 2015-01-09 21:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security 2015-01-09 20:56 - 2014-11-28 22:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\GRETECH 2015-01-09 20:56 - 2014-11-14 13:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla 2015-01-09 20:56 - 2014-11-14 13:06 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla 2015-01-09 20:52 - 2014-12-01 22:10 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 20:52 - 2014-11-29 09:21 - 00000000 ____D () C:\ProgramData\Last.fm 2015-01-09 20:52 - 2014-11-14 13:59 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-09 20:47 - 2014-11-16 14:49 - 00000000 ____D () C:\Program Files\ATI 2015-01-09 20:47 - 2014-11-14 14:00 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-09 20:46 - 2014-11-28 22:45 - 00000000 ____D () C:\Program Files (x86)\GRETECH 2015-01-09 20:46 - 2014-11-16 14:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2015-01-09 19:23 - 2014-11-14 12:41 - 01247960 _____ () C:\Windows\WindowsUpdate.log 2015-01-09 19:21 - 2014-11-14 13:03 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-09 19:14 - 2014-11-14 13:03 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C70D552-1920-4A15-895C-125E02B2F781} 2015-01-08 21:30 - 2009-07-14 18:55 - 00740446 _____ () C:\Windows\system32\perfh015.dat 2015-01-08 21:30 - 2009-07-14 18:55 - 00155988 _____ () C:\Windows\system32\perfc015.dat 2015-01-08 21:30 - 2009-07-14 06:13 - 01669606 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-06 21:02 - 2014-11-29 09:19 - 00000000 ____D () C:\Users\user\AppData\Local\Last.fm 2015-01-01 14:05 - 2014-11-14 12:49 - 00001417 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-01 14:05 - 2014-11-14 12:48 - 00001451 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-30 07:10 - 2014-11-14 14:12 - 00121926 _____ () C:\Windows\PFRO.log 2014-12-29 21:48 - 2014-11-14 13:06 - 00001369 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-29 21:48 - 2014-11-14 13:06 - 00001357 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-28 09:00 - 2014-11-20 00:26 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe 2014-12-28 08:58 - 2014-11-14 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-28 08:58 - 2014-11-14 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-28 08:58 - 2014-11-14 13:03 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 01:08 - 2014-11-14 13:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 01:05 - 2014-11-14 13:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\ExPromo.exe C:\Users\user\AppData\Local\Temp\ICReinstall_Total Commander 8.51a.exe C:\Users\user\AppData\Local\Temp\Quarantine.exe C:\Users\user\AppData\Local\Temp\sqlite3.dll C:\Users\user\AppData\Local\Temp\utt3AF.tmp.exe C:\Users\user\AppData\Local\Temp\utt5C8A.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-06 13:32 ==================== End Of Log ============================