Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015 Ran by user (administrator) on USER-KOMPUTER on 11-07-2015 18:31:08 Running from C:\Users\user\Desktop Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser & Gość) Platform: Windows 7 Home Premium (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (Adobe Systems Incorporated) D:\Pliki\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) D:\Programy\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => D:\pliki\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-16] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => D:\Programy\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => D:\Programy\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\Run: [ALLUpdate] => D:\Programy\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] () HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\Run: [Xvid] => D:\Programy\XViD\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.) HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\MountPoints2: {dc8bcf24-fcbe-11df-ae2c-806e6f6e6963} - E:\InstAll.exe HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\MountPoints2: {ddcece8a-2da1-11e1-8755-20cf3060b964} - F:\EGUExtra.exe HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\...\MountPoints2: {ddceced3-2da1-11e1-8755-20cf3060b964} - The Elder Scrolls V Skyrim.exe HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-4111920011-2050148025-2919203244-1001\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [113768 2010-07-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [102504 2010-07-12] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-11-30] ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-01-02] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.pl/ HKU\S-1-5-21-4111920011-2050148025-2919203244-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://wp.pl/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-01-02] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-02] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-19] (Sun Microsystems, Inc.) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> D:\Programy\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{29EFCA27-5586-461C-BCE8-C42F62E8A145}: [DhcpNameServer] 95.160.170.92 88.156.222.92 82.139.8.40 Tcpip\..\Interfaces\{F54B4D28-D1B8-453E-B2EC-F0136005D3FE}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c981zx2r.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programy\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-19] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programy\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> D:\pliki\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4111920011-2050148025-2919203244-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-4111920011-2050148025-2919203244-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-4111920011-2050148025-2919203244-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-15] (Ubisoft) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-06-19] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-06-07] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-09] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-09] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-09] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-09] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-09] (Apple Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-02] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (CPDD-Floral) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eleaanohmbjpeldodmjmdiilebpgcalg [2012-09-24] CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-08] CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-13] CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-02] CHR Extension: (Weather Forecast) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbmknmpendafnnkibphfmeeljfdomgk [2014-04-13] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-02] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] StartMenuInternet: Google Chrome.JBT6LHHQ2TNMNYQP6YI5VJXTXM - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-02] (Avast Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-03-15] () S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-02] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-02] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-02] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-03-02] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-03-02] () R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-02] (Avast Software) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 18:30 - 2015-07-11 18:30 - 00015091 _____ C:\Users\user\Desktop\AdwCleaner[S0].txt 2015-07-11 18:24 - 2015-07-11 18:27 - 00000000 ____D C:\AdwCleaner 2015-07-11 18:24 - 2015-07-11 18:24 - 02248704 _____ C:\Users\user\Desktop\adwcleaner_4.208.exe 2015-07-11 16:57 - 2015-07-11 16:57 - 00002949 _____ C:\Users\user\Desktop\GMER.txt 2015-07-11 16:04 - 2015-07-11 16:04 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2015-07-11 16:04 - 2015-07-11 16:04 - 00000470 _____ C:\Users\user\Desktop\defogger_disable.log 2015-07-11 16:04 - 2015-07-11 16:04 - 00000000 _____ C:\Users\user\defogger_reenable 2015-07-11 15:58 - 2015-07-11 15:58 - 00380416 _____ C:\Users\user\Desktop\vtgw51mv.exe 2015-07-11 15:54 - 2015-07-11 18:31 - 00017554 _____ C:\Users\user\Desktop\FRST.txt 2015-07-11 15:53 - 2015-07-11 18:31 - 00000000 ____D C:\FRST 2015-07-11 15:52 - 2015-07-11 15:52 - 02130944 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 18:30 - 2015-01-02 18:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-11 18:29 - 2013-01-30 14:54 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2015-07-11 18:29 - 2011-12-29 18:29 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-11 18:29 - 2011-03-05 11:49 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2015-07-11 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-11 18:29 - 2009-07-14 06:51 - 00139135 _____ C:\Windows\setupact.log 2015-07-11 18:23 - 2013-03-18 20:02 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-11 18:23 - 2012-09-22 09:00 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111920011-2050148025-2919203244-1000UA.job 2015-07-11 18:23 - 2012-09-22 09:00 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111920011-2050148025-2919203244-1000Core.job 2015-07-11 18:23 - 2011-12-29 18:29 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-11 17:04 - 2014-06-25 19:53 - 00970240 ___SH C:\Users\user\Desktop\Thumbs.db 2015-07-11 16:13 - 2009-07-14 06:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-11 16:13 - 2009-07-14 06:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-11 16:05 - 2010-11-30 23:11 - 00025834 _____ C:\Windows\PFRO.log 2015-06-28 19:06 - 2011-11-23 18:22 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc 2015-06-14 22:17 - 2010-11-30 22:20 - 01570179 _____ C:\Windows\WindowsUpdate.log ==================== Files in the root of some directories ======= 2012-12-02 19:09 - 2012-12-02 19:09 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\Quarantine.exe C:\Users\user\AppData\Local\Temp\sqlite3.dll C:\Users\user\AppData\Local\Temp\t.dll C:\Users\user\AppData\Local\Temp\utt8ECA.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 20:57 ==================== End of log ============================