Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015 Ran by Guest (ATTENTION: The logged in user is not administrator) on SOLSKIER-PC on 01-02-2015 12:38:13 Running from C:\Users\Guest\Downloads Loaded Profiles: Solskier & Sol & Guest (Available profiles: Solskier & Sol & Guest) Platform: Windows 7 Ultimate (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () C:\Program Files\AVG Secure Search\vprot.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-27] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software) Winlogon\Notify\avgrsstarter: C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-682935528-494026121-326331953-501\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=18&barid={F71C97B2-2CEE-41BB-9487-652FA1F78108} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-682935528-494026121-326331953-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp URLSearchHook: HKLM - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File URLSearchHook: [S-1-5-21-682935528-494026121-326331953-1006] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={F71C97B2-2CEE-41BB-9487-652FA1F78108} SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={F71C97B2-2CEE-41BB-9487-652FA1F78108} SearchScopes: HKU\S-1-5-21-682935528-494026121-326331953-501 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-682935528-494026121-326331953-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-682935528-494026121-326331953-501 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2C16D74E-A54E-4E93-B0B4-3413FCAF2985}: [NameServer] 89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{CBD21133-FA5D-40DF-8713-9B98F7DCAB73}: [NameServer] 89.108.195.21 89.108.202.21 Tcpip\..\Interfaces\{FC3377C3-B632-4A69-80FD-097778995ED5}: [NameServer] 89.108.195.21 89.108.202.21 FireFox: ======== FF ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\gu1kjsrd.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26] FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2010-02-15] FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\RelevantKnowledge FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-04-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-31] Chrome: ======= CHR Profile: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-31] CHR Extension: (Dokumenty Google) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31] CHR Extension: (Dysk Google) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-31] CHR Extension: (YouTube) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-31] CHR Extension: (Szukaj w Google) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-31] CHR Extension: (Arkusze Google) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-31] CHR Extension: (Avast Online Security) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-01] CHR Extension: (Skype Click to Call) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-31] CHR Extension: (AVG Security Toolbar) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-31] CHR Extension: (Google Wallet) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31] CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2015-01-31] CHR Extension: (Gmail) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-31] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-31] CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28] CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\mjcm\SweetNT.crx [2014-07-16] CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "eventlog" service could not be unlocked. <===== ATTENTION R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-31] (AVAST Software) S2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.) R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-06-22] (AVG Technologies CZ, s.r.o.) R2 avgfws9; C:\Program Files\AVG\AVG9\avgfws9.exe [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5897808 2010-06-22] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.) S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [75536 2012-06-17] (SANDBOXIE L.T.D) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-10-19] (Lenovo Group Limited) [File not signed] S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2010-02-06] () R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S4 Browser Manager; Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5188096 2009-12-11] (ATI Technologies Inc.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-31] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-31] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-31] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-31] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-31] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-31] () R3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30104 2010-02-15] (AVG Technologies CZ, s.r.o.) S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30104 2010-02-15] (AVG Technologies CZ, s.r.o.) R3 AVGIDSDriverxpx; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [122448 2010-06-22] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSErHrxpx; C:\Windows\System32\Drivers\AVGIDSxx.sys [25168 2010-06-22] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilterxpx; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [30288 2010-06-22] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShimxpx; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [26192 2010-06-22] (AVG Technologies CZ, s.r.o. ) R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.) R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.) R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-03-05] (AVG Technologies CZ, s.r.o.) R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] () S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.) S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [137488 2012-06-17] (SANDBOXIE L.T.D) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-07-27] () [File not signed] S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2011-07-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2011-07-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2011-07-20] (MCCI Corporation) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2011-07-20] (MCCI Corporation) U3 a81srwhw; C:\Windows\system32\Drivers\a81srwhw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) R3 catchme; \??\C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\catchme.sys [X] S3 cpuz132; \??\C:\Users\Solskier\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 LVcKap; system32\DRIVERS\LVcKap.sys [X] S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X] U3 mbr; \??\C:\ComboFix\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 11:42 - 2015-02-01 11:42 - 00000067 _____ () C:\..txt 2015-02-01 11:42 - 2015-02-01 11:42 - 00000000 ____D () C:\Windows\system32\cache 2015-02-01 09:59 - 2015-02-01 09:59 - 00021421 _____ () C:\ComboFix.txt 2015-02-01 01:34 - 2015-02-01 01:34 - 00000000 ____D () C:\Windows\system32\%LocalAppData% 2015-01-31 23:56 - 2015-01-31 23:56 - 00000000 ____D () C:\Program Files\ESET 2015-01-31 23:42 - 2015-01-31 23:43 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-31 23:42 - 2015-01-31 23:43 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-01-31 23:42 - 2015-01-31 23:43 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-31 23:42 - 2015-01-31 23:42 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-31 23:42 - 2015-01-31 23:42 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-31 23:41 - 2015-01-31 23:41 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-31 23:16 - 2015-02-01 09:59 - 00000000 ____D () C:\Qoobox 2015-01-31 23:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-31 23:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-31 23:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-31 23:15 - 2015-02-01 09:57 - 00000000 ____D () C:\Windows\erdnt 2015-01-31 23:12 - 2015-01-31 23:12 - 00000000 ____D () C:\Users\Sol.Solskier-PC 2015-01-31 22:52 - 2015-01-31 23:34 - 00000000 ____D () C:\Users\Guest 2015-01-31 22:46 - 2015-01-31 22:46 - 00000000 ____D () C:\AVG9 2015-01-31 22:40 - 2015-02-01 09:28 - 00000000 ____D () C:\Users\TEMP 2015-01-26 18:50 - 2015-01-26 18:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 09:59 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-02-01 09:59 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-01 09:55 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-01 09:33 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-01 09:33 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-01 09:31 - 2010-02-06 20:12 - 01068560 _____ () C:\Windows\WindowsUpdate.log 2015-02-01 09:27 - 2010-02-06 21:31 - 02402368 _____ () C:\Windows\PFRO.log 2015-02-01 09:27 - 2009-07-14 05:39 - 01053441 _____ () C:\Windows\setupact.log 2015-02-01 09:25 - 2010-02-15 16:19 - 00000000 ____D () C:\Windows\system32\Drivers\Avg 2015-02-01 01:54 - 2014-06-30 05:21 - 00000000 ____D () C:\Windows\system32\mjcm 2015-02-01 01:54 - 2013-06-02 10:17 - 00000000 ____D () C:\Windows\system32\ARFC 2015-02-01 01:08 - 2012-10-06 14:47 - 00000000 ____D () C:\Program Files\YourFileDownloader 2015-02-01 01:08 - 2010-02-15 16:03 - 00000000 ____D () C:\Program Files\Vuze_Remote 2015-02-01 01:07 - 2012-07-03 23:40 - 00000000 ____D () C:\Program Files\PDFCreator 2015-01-30 07:38 - 2010-02-14 20:02 - 00000095 _____ () C:\Windows\winamp.ini 2015-01-28 19:06 - 2012-06-16 23:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-25 10:52 - 2010-02-06 20:17 - 00782210 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-24 22:03 - 2013-03-07 19:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-24 22:03 - 2012-01-28 18:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-10 13:39 - 2010-04-05 22:45 - 00000069 _____ () C:\Windows\NeroDigital.ini 2015-01-05 17:42 - 2013-06-02 10:17 - 00027136 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll 2015-01-03 22:57 - 2012-07-05 10:35 - 00001468 _____ () C:\Windows\Sandboxie.ini ==================== Files in the root of some directories ======= 2012-05-02 20:00 - 2012-02-07 17:57 - 0066263 _____ () C:\Program Files\EULA.eng 2013-06-27 08:29 - 2014-06-22 21:40 - 0003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2012-03-13 15:36 - 2012-03-13 15:36 - 0366228 _____ () C:\Program Files\Tasker.rar ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information. ==================== End Of Log ============================