Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by Solskier (administrator) on SOLSKIER-PC on 17-02-2015 19:21:49 Running from C:\Users\Solskier\Desktop\1 Loaded Profiles: Solskier (Available profiles: Solskier & Guest) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe () C:\Program Files\ASUS\AASP\1.00.80\aaCenter.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe () C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Facebook Inc.) C:\Users\Solskier\AppData\Local\Facebook\Update\FacebookUpdate.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [MsnMsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] => C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [KiesHelper] => C:\Program Files\Samsung\Kies\KiesHelper.exe [958352 2011-07-26] (Samsung) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-07-26] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-07-26] () HKU\S-1-5-21-682935528-494026121-326331953-1001\...\Run: [Facebook Update] => C:\Users\Solskier\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-13] (Facebook Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-682935528-494026121-326331953-1001 -> {0C7DF8B6-0191-4393-AF32-4C1BDC958F5E} URL = https://www.google.com/search?q={searchTerms} BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2C16D74E-A54E-4E93-B0B4-3413FCAF2985}: [NameServer] 89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{CBD21133-FA5D-40DF-8713-9B98F7DCAB73}: [NameServer] 89.108.195.21 89.108.202.21 Tcpip\..\Interfaces\{FC3377C3-B632-4A69-80FD-097778995ED5}: [NameServer] 89.108.195.21 89.108.202.21 FireFox: ======== FF ProfilePath: C:\Users\Solskier\AppData\Roaming\Mozilla\Firefox\Profiles\432j3q7u.default-1424196819462 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-682935528-494026121-326331953-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Solskier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-04-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-31] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Solskier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () CHR Profile: C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-17] CHR Extension: (Dokumenty Google) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17] CHR Extension: (Dysk Google) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17] CHR Extension: (YouTube) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-17] CHR Extension: (Szukaj w Google) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-17] CHR Extension: (Avast SafePrice) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-17] CHR Extension: (Arkusze Google) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-17] CHR Extension: (Avast Online Security) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-17] CHR Extension: (Skype Click to Call) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-17] CHR Extension: (Google Wallet) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17] CHR Extension: (Gmail) - C:\Users\Solskier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-17] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-31] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-31] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-31] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed] R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-10-19] (Lenovo Group Limited) [File not signed] R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5188096 2009-12-11] (ATI Technologies Inc.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-31] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-31] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-31] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-31] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-31] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-31] () R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] () S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.) S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-07-27] () [File not signed] S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2011-07-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2011-07-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2011-07-20] (MCCI Corporation) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2011-07-20] (MCCI Corporation) U3 azn3129e; C:\Windows\system32\Drivers\azn3129e.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 19:13 - 2015-02-17 19:13 - 00000000 ____D () C:\Users\Solskier\Desktop\Stare dane programu Firefox 2015-02-17 18:59 - 2015-02-17 19:21 - 00000000 ____D () C:\Users\Solskier\Desktop\1 2015-02-13 22:20 - 2015-02-13 22:20 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\AVAST Software 2015-02-10 20:00 - 2015-02-16 19:35 - 00000000 ____D () C:\ComboFix 2015-02-03 01:54 - 2015-02-03 01:54 - 00097056 _____ () C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-03 01:48 - 2015-02-17 19:21 - 00000000 ____D () C:\FRST 2015-02-01 12:39 - 2015-02-01 12:39 - 00000355 _____ () C:\Users\Guest\Downloads\Shortcut.txt 2015-02-01 12:38 - 2015-02-01 12:39 - 00028784 _____ () C:\Users\Guest\Downloads\FRST.txt 2015-02-01 12:38 - 2015-02-01 12:39 - 00014370 _____ () C:\Users\Guest\Downloads\Addition.txt 2015-02-01 12:36 - 2015-02-01 12:36 - 01122304 _____ (Farbar) C:\Users\Guest\Downloads\FRST.exe 2015-02-01 12:31 - 2015-02-01 12:31 - 00368705 _____ () C:\Users\Guest\Downloads\gm.zip 2015-02-01 12:26 - 2015-02-01 12:26 - 00370943 _____ () C:\Users\Guest\Downloads\gmer.zip 2015-02-01 12:26 - 2015-02-01 12:26 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinRAR 2015-02-01 12:21 - 2015-02-01 12:21 - 00380416 _____ () C:\Users\Guest\Downloads\zi1s55hf.exe 2015-02-01 12:01 - 2015-02-01 12:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2015-02-01 12:01 - 2015-02-01 12:01 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2015-02-01 11:47 - 2015-02-01 11:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software 2015-02-01 11:47 - 2015-02-01 11:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2015-02-01 11:42 - 2015-02-16 19:36 - 00000000 ____D () C:\Windows\system32\cache 2015-02-01 11:42 - 2015-02-01 11:42 - 00000067 _____ () C:\..txt 2015-02-01 09:59 - 2015-02-01 09:59 - 00021421 _____ () C:\ComboFix.txt 2015-01-31 23:56 - 2015-01-31 23:56 - 00000000 ____D () C:\Program Files\ESET 2015-01-31 23:43 - 2015-01-31 23:43 - 00002119 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-01-31 23:43 - 2015-01-31 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-31 23:42 - 2015-01-31 23:43 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-31 23:42 - 2015-01-31 23:43 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-01-31 23:42 - 2015-01-31 23:43 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-31 23:42 - 2015-01-31 23:42 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-31 23:42 - 2015-01-31 23:42 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-31 23:42 - 2015-01-31 23:42 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job 2015-01-31 23:41 - 2015-01-31 23:41 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-31 23:16 - 2015-02-16 19:32 - 00000000 ____D () C:\Qoobox 2015-01-31 23:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-31 23:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-31 23:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-31 23:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-31 23:15 - 2015-02-16 19:36 - 00000000 ____D () C:\Windows\erdnt 2015-01-31 23:07 - 2015-01-31 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-31 23:07 - 2015-01-31 23:07 - 04864744 _____ (AVAST Software) C:\Users\Guest\Downloads\avast_free_antivirus_setup_online.exe 2015-01-31 23:07 - 2015-01-31 23:07 - 00097056 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 23:06 - 2015-01-31 23:06 - 04578040 _____ (AVG Technologies) C:\Users\Guest\Downloads\avg_free_stb_all_2015_5315_ppc1.exe 2015-01-31 23:06 - 2015-01-31 23:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\MFAData 2015-01-31 22:54 - 2015-01-31 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG Secure Search 2015-01-31 22:53 - 2015-02-01 11:47 - 00000000 ____D () C:\Users\Guest\AppData\Local\LogMeIn Hamachi 2015-01-31 22:53 - 2015-01-31 22:53 - 00002209 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk 2015-01-31 22:53 - 2015-01-31 22:53 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-31 22:53 - 2015-01-31 22:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nero 2015-01-31 22:53 - 2015-01-31 22:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2015-01-31 22:53 - 2015-01-31 22:53 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2015-01-31 22:52 - 2015-02-16 19:36 - 00000000 ____D () C:\Users\Guest 2015-01-31 22:52 - 2015-01-31 22:52 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2015-01-31 22:52 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-31 22:52 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-31 22:44 - 2015-01-31 22:44 - 00000000 ____D () C:\Users\TEMP\AppData\Local\SWDS 2015-01-31 22:40 - 2015-02-16 19:36 - 00000000 ____D () C:\Users\TEMP 2015-01-31 22:40 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-31 22:40 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-26 18:50 - 2015-02-17 19:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 19:11 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-17 19:11 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-17 19:10 - 2010-02-06 20:12 - 01112092 _____ () C:\Windows\WindowsUpdate.log 2015-02-17 19:09 - 2011-05-01 07:47 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 19:06 - 2010-02-06 21:31 - 02412296 _____ () C:\Windows\PFRO.log 2015-02-17 19:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-17 19:06 - 2009-07-14 05:39 - 01054169 _____ () C:\Windows\setupact.log 2015-02-17 19:03 - 2014-07-16 20:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-17 18:59 - 2011-05-01 07:47 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-17 18:11 - 2010-02-06 20:17 - 00782210 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-17 07:31 - 2010-02-14 20:02 - 00000095 _____ () C:\Windows\winamp.ini 2015-02-17 05:53 - 2013-08-13 22:48 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682935528-494026121-326331953-1001UA.job 2015-02-16 23:53 - 2013-08-13 22:48 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682935528-494026121-326331953-1001Core.job 2015-02-16 19:37 - 2012-07-21 11:53 - 00000000 ____D () C:\Users\Solskier\AppData\Local\join.me 2015-02-16 19:37 - 2011-07-13 19:19 - 00000000 ____D () C:\ProgramData\DatacardService 2015-02-16 19:37 - 2010-02-14 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TibiaCam TV Lite 2015-02-16 19:37 - 2010-02-14 23:37 - 00000000 ____D () C:\Program Files\TibiaCam TV Lite 2015-02-16 19:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-02-16 19:36 - 2015-01-03 22:25 - 00000000 ____D () C:\Users\Solskier\Desktop\client 2015-02-16 19:36 - 2014-12-29 20:27 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Launcher 2015-02-16 19:36 - 2014-07-16 20:05 - 00000000 ____D () C:\Users\Solskier\Desktop\HelloZdrowie - Zdrowie stawia Ci wyzwanie!_files 2015-02-16 19:36 - 2014-01-07 21:27 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2015-02-16 19:36 - 2013-12-28 22:02 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\MAGIX 2015-02-16 19:36 - 2013-08-13 22:41 - 00000000 ____D () C:\Users\Solskier\AppData\Local\LogMeIn Hamachi 2015-02-16 19:36 - 2013-03-11 00:30 - 00000000 ____D () C:\Users\Solskier\Documents\The Witcher 2 2015-02-16 19:36 - 2013-03-10 22:32 - 00000000 ____D () C:\Users\Solskier\Desktop\Paragony 2015-02-16 19:36 - 2013-01-27 12:56 - 00000000 ____D () C:\Users\Solskier\AppData\Local\TeamSpeak 3 Client 2015-02-16 19:36 - 2012-08-03 11:44 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibianic High-Rate 2015-02-16 19:36 - 2012-06-21 15:53 - 00000000 ____D () C:\Users\Solskier\Desktop\Pliki 2015-02-16 19:36 - 2012-03-05 16:26 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\PacificPoker 2015-02-16 19:36 - 2012-01-18 17:34 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Ventrilo 2015-02-16 19:36 - 2012-01-18 17:34 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo 2015-02-16 19:36 - 2011-11-03 11:17 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\WordToPDF 2015-02-16 19:36 - 2011-08-23 10:50 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Samsung 2015-02-16 19:36 - 2011-07-13 19:22 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\PLAY ONLINE 2015-02-16 19:36 - 2011-06-23 08:33 - 00000000 ____D () C:\Users\Solskier\Documents\Witcher 2 2015-02-16 19:36 - 2011-05-02 18:30 - 00000000 ____D () C:\Users\Solskier\Documents\888poker 2015-02-16 19:36 - 2010-08-11 17:29 - 00000000 ____D () C:\Users\Solskier\AppData\Local\PokerStars.EU 2015-02-16 19:36 - 2010-07-29 20:22 - 00000000 ____D () C:\Users\Solskier\Documents\gothic3 2015-02-16 19:36 - 2010-07-16 09:09 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Vuze_Remote 2015-02-16 19:36 - 2010-07-11 21:23 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Skype 2015-02-16 19:36 - 2010-04-27 18:57 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Downloaded Installations 2015-02-16 19:36 - 2010-03-03 18:26 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube Downloader 2015-02-16 19:36 - 2010-02-15 23:18 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-16 19:36 - 2010-02-15 16:04 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Azureus 2015-02-16 19:36 - 2010-02-14 22:55 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-02-16 19:36 - 2010-02-06 20:13 - 00000000 ___RD () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-16 19:36 - 2010-02-06 20:13 - 00000000 ___RD () C:\Users\Solskier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-16 19:36 - 2010-02-06 20:13 - 00000000 ____D () C:\Users\Solskier\AppData\Local\VirtualStore 2015-02-16 19:36 - 2010-02-06 20:13 - 00000000 ____D () C:\Users\Solskier 2015-02-16 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-16 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2015-02-16 19:35 - 2012-09-24 10:18 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search 2015-02-16 19:35 - 2012-09-24 10:18 - 00000000 ____D () C:\Program Files\AVG Secure Search 2015-02-16 19:35 - 2012-08-20 19:49 - 00000000 ____D () C:\Users\Solskier\.swt 2015-02-16 19:35 - 2011-07-13 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2015-02-16 19:35 - 2011-07-13 19:20 - 00000000 ____D () C:\Program Files\PLAY ONLINE 2015-02-16 19:35 - 2011-03-01 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-02-16 19:35 - 2011-03-01 14:32 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-02-16 19:35 - 2010-04-01 08:52 - 00000000 ____D () C:\Program Files\Tasker 2015-02-16 19:35 - 2010-03-03 20:36 - 00000000 ____D () C:\Program Files\SopCast 2015-02-16 19:35 - 2010-02-14 20:02 - 00000000 ____D () C:\Program Files\Winamp 2015-02-16 19:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-02-16 19:34 - 2011-01-24 16:38 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\OpenFM 2015-02-16 19:34 - 2011-01-12 21:00 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Sony 2015-02-16 19:34 - 2010-02-17 15:55 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Ubisoft 2015-02-16 19:34 - 2010-02-06 20:26 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Mozilla 2015-02-16 19:33 - 2014-12-29 20:27 - 00000000 ____D () C:\Users\Solskier\AppData\Local\id Software 2015-02-16 19:33 - 2014-08-05 17:02 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Skype 2015-02-16 19:33 - 2013-08-13 22:47 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Facebook 2015-02-16 19:33 - 2011-01-12 21:01 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Sony 2015-02-16 19:33 - 2010-08-02 10:52 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Gadu-Gadu 10 2015-02-16 19:33 - 2010-04-07 22:56 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\CoreCodec 2015-02-16 19:33 - 2010-02-14 22:56 - 00000000 ____D () C:\Users\Solskier\AppData\Local\Google 2015-02-16 19:33 - 2010-02-06 21:44 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Macromedia 2015-02-16 19:33 - 2010-02-06 21:44 - 00000000 ____D () C:\Users\Solskier\AppData\Roaming\Adobe 2015-02-03 19:13 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-03 18:47 - 2010-02-06 20:54 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-03 18:47 - 2010-02-06 20:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-02-01 12:47 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-01 09:59 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-02-01 09:59 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-01 09:55 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-01 01:08 - 2010-02-15 16:03 - 00000000 ____D () C:\Program Files\Vuze_Remote 2015-02-01 01:07 - 2012-07-03 23:40 - 00000000 ____D () C:\Program Files\PDFCreator 2015-01-29 19:01 - 2010-02-06 22:48 - 00000000 ____D () C:\Users\Solskier\Tracing 2015-01-28 19:06 - 2012-06-16 23:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-24 22:03 - 2013-03-07 19:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-24 22:03 - 2012-01-28 18:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2012-05-02 20:00 - 2012-02-07 17:57 - 0066263 _____ () C:\Program Files\EULA.eng 2012-03-13 15:36 - 2012-03-13 15:36 - 0366228 _____ () C:\Program Files\Tasker.rar 2013-07-03 08:15 - 2013-12-28 22:17 - 0005120 _____ () C:\Users\Solskier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-20 02:57 - 2012-06-20 02:57 - 0004096 ____H () C:\Users\Solskier\AppData\Local\keyfile3.drm 2012-12-07 21:24 - 2012-12-07 21:24 - 0007599 _____ () C:\Users\Solskier\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 23:23 ==================== End Of Log ============================