Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01 Ran by ADMIN (administrator) on ADMIN-KOMPUTER on 12-01-2015 18:43:34 Running from C:\Users\ADMIN\Desktop Loaded Profile: ADMIN (Available profiles: ADMIN & UpdatusUser & Edyta) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO) HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\a5d22a58-ebf7-4b66-a50d-e693142b88ab.exe [183232 2015-01-12] (AVAST Software) HKU\S-1-5-21-2339661925-3291958849-1774368646-1000\...\MountPoints2: {6a42f142-1eb0-11e3-8f91-806e6f6e6963} - E:\setup.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2339661925-3291958849-1774368646-1000 -> {052972B8-74BC-4B04-A3DF-2D704D2AA353} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKU\S-1-5-21-2339661925-3291958849-1774368646-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\..\Interfaces\{A8FCBA3B-C0E5-48A7-A199-44480436D8E6}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\l1ksk670.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin HKU\S-1-5-21-2339661925-3291958849-1774368646-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ADMIN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\l1ksk670.default\searchplugins\tekstowo-po-tytule-piosenki.xml FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\l1ksk670.default\searchplugins\wikicytaty-pl.xml FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\l1ksk670.default\searchplugins\wyszukiwarka-filmw-w-youtube.xml FF Extension: WOT - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\l1ksk670.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26] FF Extension: Adblock Plus - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\l1ksk670.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-23] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-16] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014-10-02] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08] CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-08] (Avast Software) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO) S4 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-08] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts) S3 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-05] () S4 RzWizardService; C:\Program Files\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed] S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-08] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-08] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-08] () S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1086080 2011-01-26] (ATI Technologies Inc.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-09-28] (NVIDIA Corporation) S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) S3 RTCore32; C:\Program Files\EVGA Precision X\RTCore32.sys [5632 2013-03-11] () [File not signed] R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2009-07-13] (Realtek) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-08] (Avast Software) S1 A2DDA; \??\C:\USERS\ADMIN\DESKTOP\EEK\BIN\a2ddax86.sys [X] S3 cleanhlp; \??\C:\Users\ADMIN\Desktop\EEK\bin\cleanhlp32.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 18:43 - 2015-01-12 18:46 - 00010821 _____ () C:\Users\ADMIN\Desktop\FRST.txt 2015-01-12 18:40 - 2015-01-12 18:40 - 01115648 _____ (Farbar) C:\Users\ADMIN\Desktop\FRST.exe 2015-01-12 18:38 - 2015-01-12 18:38 - 00000197 _____ () C:\Windows\system32\2015-01-12-17-38-22.069-AvastVBoxSVC.exe-2812.log 2015-01-11 18:31 - 2015-01-12 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-11 18:15 - 2015-01-12 18:35 - 00000112 _____ () C:\Windows\setupact.log 2015-01-11 18:15 - 2015-01-11 18:15 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-11 14:26 - 2015-01-11 14:26 - 00000197 _____ () C:\Windows\system32\2015-01-11-13-26-03.001-AvastVBoxSVC.exe-2748.log 2015-01-10 22:20 - 2015-01-10 22:21 - 00000197 _____ () C:\Windows\system32\2015-01-10-21-20-41.009-AvastVBoxSVC.exe-2648.log 2015-01-09 17:41 - 2015-01-11 14:54 - 00000000 ____D () C:\Users\ADMIN\Doctor Web 2015-01-09 16:38 - 2015-01-09 16:44 - 00000247 _____ () C:\Windows\system32\2015-01-09-15-38-21.031-aswFe.exe-2688.log 2015-01-09 16:38 - 2015-01-09 16:38 - 00000197 _____ () C:\Windows\system32\2015-01-09-15-38-13.030-AvastVBoxSVC.exe-6036.log 2015-01-09 15:10 - 2015-01-09 15:10 - 00000197 _____ () C:\Windows\system32\2015-01-09-14-10-17.029-AvastVBoxSVC.exe-2692.log 2015-01-08 18:38 - 2015-01-08 18:38 - 00642632 _____ (EFD Software ) C:\Users\ADMIN\Downloads\hdtune_255.exe 2015-01-08 17:40 - 2015-01-08 17:40 - 00000247 _____ () C:\Windows\system32\2015-01-08-16-40-56.080-aswFe.exe-2008.log 2015-01-08 17:32 - 2015-01-08 17:32 - 00000197 _____ () C:\Windows\system32\2015-01-08-16-32-55.083-AvastVBoxSVC.exe-5628.log 2015-01-07 17:05 - 2015-01-07 17:05 - 00000247 _____ () C:\Windows\system32\2015-01-07-16-05-38.065-aswFe.exe-1624.log 2015-01-07 16:59 - 2015-01-07 17:05 - 00000247 _____ () C:\Windows\system32\2015-01-07-15-59-28.061-aswFe.exe-5272.log 2015-01-07 16:59 - 2015-01-07 16:59 - 00000197 _____ () C:\Windows\system32\2015-01-07-15-59-18.099-AvastVBoxSVC.exe-4272.log 2015-01-06 19:40 - 2015-01-06 19:40 - 00000197 _____ () C:\Windows\system32\2015-01-06-18-40-24.012-AvastVBoxSVC.exe-2476.log 2015-01-06 19:04 - 2015-01-06 19:04 - 00000197 _____ () C:\Windows\system32\2015-01-06-18-04-04.067-AvastVBoxSVC.exe-2652.log 2015-01-06 14:32 - 2015-01-06 14:33 - 00000197 _____ () C:\Windows\system32\2015-01-06-13-32-53.023-AvastVBoxSVC.exe-2752.log 2015-01-05 16:45 - 2015-01-05 16:45 - 00000197 _____ () C:\Windows\system32\2015-01-05-15-45-02.040-AvastVBoxSVC.exe-2468.log 2015-01-04 15:44 - 2015-01-04 15:44 - 00000197 _____ () C:\Windows\system32\2015-01-04-14-44-40.004-AvastVBoxSVC.exe-2596.log 2015-01-03 23:05 - 2015-01-03 23:05 - 00642560 _____ () C:\Users\ADMIN\Desktop\rougelike.exe 2015-01-03 16:54 - 2015-01-03 16:54 - 00000280 _____ () C:\Windows\system32\2015-01-03-15-54-36.053-aswFe.exe-2548.log 2015-01-03 15:07 - 2015-01-03 15:07 - 00000197 _____ () C:\Windows\system32\2015-01-03-14-07-24.061-AvastVBoxSVC.exe-2644.log 2015-01-02 15:18 - 2015-01-02 15:18 - 00000197 _____ () C:\Windows\system32\2015-01-02-14-18-09.080-AvastVBoxSVC.exe-2676.log 2015-01-01 14:54 - 2015-01-01 14:55 - 00000197 _____ () C:\Windows\system32\2015-01-01-13-54-52.068-AvastVBoxSVC.exe-2768.log 2014-12-27 20:26 - 2014-12-27 20:26 - 00000197 _____ () C:\Windows\system32\2014-12-27-19-26-46.084-AvastVBoxSVC.exe-2476.log 2014-12-27 15:52 - 2014-12-27 15:53 - 00000197 _____ () C:\Windows\system32\2014-12-27-14-52-50.030-AvastVBoxSVC.exe-2388.log 2014-12-26 17:23 - 2014-12-26 17:23 - 00000197 _____ () C:\Windows\system32\2014-12-26-16-23-42.030-AvastVBoxSVC.exe-2488.log 2014-12-26 13:22 - 2014-12-26 13:23 - 00000197 _____ () C:\Windows\system32\2014-12-26-12-22-56.028-AvastVBoxSVC.exe-2476.log 2014-12-24 13:16 - 2014-12-24 13:16 - 00000197 _____ () C:\Windows\system32\2014-12-24-12-16-29.008-AvastVBoxSVC.exe-2328.log 2014-12-23 15:37 - 2014-12-23 15:37 - 00000197 _____ () C:\Windows\system32\2014-12-23-14-37-04.027-AvastVBoxSVC.exe-2732.log 2014-12-21 15:43 - 2014-12-21 15:43 - 00000197 _____ () C:\Windows\system32\2014-12-21-14-43-18.023-AvastVBoxSVC.exe-2596.log 2014-12-20 22:30 - 2014-12-20 22:30 - 00000005 _____ () C:\Users\ADMIN\Desktop\Nowy dokument tekstowy.txt 2014-12-20 12:48 - 2015-01-12 18:46 - 00636419 _____ () C:\Windows\WindowsUpdate.log 2014-12-20 12:48 - 2014-12-20 12:48 - 00000197 _____ () C:\Windows\system32\2014-12-20-11-48-06.050-AvastVBoxSVC.exe-2472.log 2014-12-19 15:26 - 2014-12-19 15:27 - 05317104 _____ (Piriform Ltd) C:\Users\ADMIN\Downloads\ccsetup501.exe 2014-12-19 15:26 - 2014-12-19 15:27 - 00000197 _____ () C:\Windows\system32\2014-12-19-14-26-53.081-AvastVBoxSVC.exe-2536.log 2014-12-18 17:11 - 2014-12-18 17:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 17:06 - 2014-12-18 17:06 - 00000197 _____ () C:\Windows\system32\2014-12-18-16-06-13.026-AvastVBoxSVC.exe-2552.log 2014-12-16 20:10 - 2014-12-16 20:10 - 00000247 _____ () C:\Windows\system32\2014-12-16-19-10-08.054-aswFe.exe-4556.log 2014-12-16 20:02 - 2014-12-16 20:09 - 00000247 _____ () C:\Windows\system32\2014-12-16-19-02-56.014-aswFe.exe-2444.log 2014-12-16 20:02 - 2014-12-16 20:02 - 00000197 _____ () C:\Windows\system32\2014-12-16-19-02-46.028-AvastVBoxSVC.exe-3104.log 2014-12-14 13:18 - 2014-12-14 13:18 - 00000197 _____ () C:\Windows\system32\2014-12-14-12-18-18.056-AvastVBoxSVC.exe-2868.log 2014-12-13 15:08 - 2014-12-13 15:09 - 00000197 _____ () C:\Windows\system32\2014-12-13-14-08-53.071-AvastVBoxSVC.exe-2848.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 18:43 - 2013-11-13 16:02 - 00000000 ____D () C:\FRST 2015-01-12 18:43 - 2009-07-14 05:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-12 18:43 - 2009-07-14 05:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-12 18:36 - 2014-08-22 15:24 - 00000443 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-01-12 18:35 - 2013-09-16 10:24 - 00000000 ____D () C:\Users\ADMIN 2015-01-12 18:35 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-12 18:34 - 2014-12-11 22:25 - 00000000 ____D () C:\Windows\system32\appraiser 2015-01-12 18:34 - 2014-11-25 18:25 - 00000000 ____D () C:\Windows\pl 2015-01-12 18:34 - 2014-11-25 18:23 - 00000000 ____D () C:\Program Files\Windows Live 2015-01-12 18:34 - 2014-11-10 16:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-12 18:34 - 2014-04-29 17:26 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-01-12 18:34 - 2014-04-02 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-12 18:34 - 2014-04-02 17:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-01-12 18:34 - 2013-09-24 18:07 - 00000000 ____D () C:\Program Files\Steam 2015-01-12 18:34 - 2013-09-23 23:38 - 00000000 ____D () C:\Users\Edyta 2015-01-12 18:34 - 2013-09-23 20:38 - 00000000 ____D () C:\ProgramData\Origin 2015-01-12 18:34 - 2013-09-23 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-01-12 18:34 - 2013-09-23 20:37 - 00000000 ____D () C:\Program Files\Origin 2015-01-12 18:34 - 2013-09-23 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-12 18:34 - 2013-09-23 18:38 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-12 18:34 - 2013-09-16 12:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-12 18:34 - 2013-09-16 12:15 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-12 18:34 - 2013-09-16 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-12 18:34 - 2013-09-16 12:15 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-12 18:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-01-12 18:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2015-01-12 18:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-01-12 18:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2015-01-12 18:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-12 18:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-01-12 18:30 - 2014-11-25 18:24 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2015-01-12 18:30 - 2014-11-25 18:18 - 00000000 ____D () C:\Program Files\Common Files\Windows Live 2015-01-12 17:29 - 2013-09-23 15:53 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-11 21:44 - 2013-11-08 01:18 - 00007596 _____ () C:\Users\ADMIN\AppData\Local\Resmon.ResmonCfg 2015-01-11 21:36 - 2013-09-16 12:48 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\Adobe 2015-01-11 15:25 - 2014-04-02 17:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-11 14:47 - 2014-09-25 19:17 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\Media Player Classic 2015-01-09 16:15 - 2013-11-13 22:35 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-09 15:19 - 2013-09-16 12:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-03 23:59 - 2014-04-02 17:19 - 00005092 _____ () C:\Windows\system32\Drivers\fvstore.dat 2014-12-19 15:31 - 2013-09-23 18:38 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk Some content of TEMP: ==================== C:\Users\Edyta\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Edyta\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Edyta\AppData\Local\Temp\installstats.exe C:\Users\Edyta\AppData\Local\Temp\utt4B1D.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-05 19:06 ==================== End Of Log ============================