Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by Rafal (administrator) on RAFAL-PC (30-01-2017 09:43:39) Running from C:\Users\Rafal\Downloads Loaded Profiles: Rafal (Available Profiles: Rafal & User) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe () C:\Windows\SysWOW64\PnkBstrA.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Spotify Ltd) C:\Users\Rafal\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Flux Software LLC) C:\Users\Rafal\AppData\Local\FluxSoftware\Flux\flux.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Windows\System32\perfmon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Rafal\Downloads\adwcleaner_6.043.exe (Farbar) C:\Users\Rafal\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\Run: [Spotify Web Helper] => C:\Users\Rafal\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-22] (Spotify Ltd) HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\Run: [f.lux] => C:\Users\Rafal\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\MountPoints2: {45577ae3-e061-11e1-9b9f-e006e6a7d714} - E:\setup.exe HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\MountPoints2: {6adc51fa-d3b6-11e5-a66e-e006e6a7d714} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\MountPoints2: {6adc5204-d3b6-11e5-a66e-e006e6a7d714} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\MountPoints2: {a79e43a8-bac1-11e6-8396-e006e6a7d714} - G:\HiSuiteDownLoader.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-02] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 217.144.192.2 217.144.192.33 Tcpip\..\Interfaces\{85FB1751-984B-4AC5-8FD4-46ADE5233549}: [DhcpNameServer] 217.144.192.2 217.144.192.33 Tcpip\..\Interfaces\{D75CF597-FC0B-4C28-B228-8903583FD0CA}: [DhcpNameServer] 217.144.192.2 217.144.192.33 Internet Explorer: ================== HKU\S-1-5-21-1745381870-427158394-1962776618-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.idg.pl/start SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-05-20] (Atheros Commnucations) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default [2017-01-30] FF Homepage: Mozilla\Firefox\Profiles\2pfbp3bz.default -> hxxp://www.onet.pl/ FF NetworkProxy: Mozilla\Firefox\Profiles\2pfbp3bz.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == \"abctvlivehds-lh.akamaihd.net\") (host == \"www.abc.net.au\") (host == \"iview.abc.net.au\") (host == \"iviewmetered-vh.akamaihd.net\") (url.indexOf(\"proxmate=au\") != -1) (host == \"livestream.com\") (host == \"www.animelab.com\") (host == \"dcgm6i50yfgtk.cloudfront.net\") (host == \"tv-api.9now.com.au\") (host == \"login.nine.com.au\") (host == \"user-api.9now.com.au\") (host == \"9nowlivehls-i.akamaihd.net\") (host == \"settings.nine.com.au\") (host == \"www.9now.com.au\") (host == \"9now-vod-progressive.akamaized.net\") (host == \"networktenuds-a.akamaihd.net\") (host == \"hlsnetworkten-a.akamaihd.net\") (host == \"http://edge.api.brightcove.com\")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf(\"proxmate=ca\") != -1) (host == \"vod-s.rio2016.cbc.ca\") (host == \"metrics.cbc.ca\") (host == \"dvr-s.rio2016.cbc.ca\") (host == \"ici.tou.tv\") (host == \"toutvuniver1-vh.akamaihd.net\") (host == \"geoip.radio-canada.ca\") (host == \"api.radio-canada.ca\") (host == \"images.tou.tv\") (host == \"player.siriusxm.ca\") (host == \"primary.hls-streaming.production.streaming.siriusxm.ca\") (host == \"now.sportsnet.ca\") (host == \"watch.sportsnet.ca\") (host == \"player.9c9media.com\") (host == \"metrics.ctv.ca\") (host == \"capi.9c9media.com\") (host == \"www.ctv.ca\") (host == \"production-ps.lvp.llnw.net\") (host == \"www.allseego.com\") (host == \"myanimelist.net\")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == \"arte.tv\") (host == \"www.arte.tv\") (host == \"geoftv-a.akamaihd.net\") (host == \"hdfauthftv-a.akamaihd.net\") (host == \"replayftv-vh.akamaihd.net\") (host == \"ftvingest-vh.akamaihd.net\") (host == \"live.francetv.fr\") (host == \"d8.tv\") (host == \"www.d8.tv\") (host == \"hds_live_d8_aka-lh.akamaihd.net\") (host == \"d17.tv\") (host == \"www.d17.tv\") (host == \"us-cplus-aka.canal-plus.com\") (host == \"hds_live_d17_aka-lh.akamaihd.net\") (url.indexOf(\"proxmate=fr\") != -1) (host == \"s.wat.tv\") (host == \"www.wat.tv\") (host == \"nt1livhdsweb-lh.akamaihd.net\") (host == \"hd1livhdsweblive-lh.akamaihd.net\") (host == \"tmclivhdsweblive-lh.akamaihd.net\") (host == \"www.6play.fr\") (host == \"geo.6cloud.fr\") (host == \"proxy-021.dc3.dailymotion.com\") (host == \"proxy-67.dailymotion.com\") (host == \"prof.estat.com\") (host == \"metrics.dailymotion.com\") (host == \"www.dailymotion.com\") (host == \"vmap.snappytv.com\") (host == \"lb.cdn.m6web.fr\") (host == \"livebrazil-s.jo2016.francetv.fr\") (host == \"rio2016.francetvsport.fr\") (host == \"www.francetvsport.fr\") (host == \"whatismyip.akamai.com\") (host == \"ma1221-r.analytics.edgesuite.net\") (host == \"vod-s.jo2016.francetv.fr\") (host == \"dvr-s.jo2016.francetv.fr\") (host == \"api.lereferentiel.francetv.fr\") (host == \"79423.analytics.edgesuite.net\") (host == \"pluzz.francetv.fr\") (host == \"www.francetvinfo.fr\") (host == \"livemain-s.jo2016.francetv.fr\") (host == \"replayftv-vh.akamaihd.net\")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == \"vod-akamai-psd-hds.p7s1digital.de\") (url.indexOf(\"proxmate=de\") != -1) (host == \"nightclub.de\") (host == \"zdf.de\") (host == \"www.zdf.de\") (host == \"zdf_hds_de-f.akamaihd.net\") (host == \"fstreaming.zdf.de\") (host == \"zdf1112-lh.akamaihd.net\") (host == \"vqm.zdf.de\") (host == \"fgeostreaming.zdf.de\") (host == \"utstreaming.zdf.de\") (host == \"zdf1314-lh.akamaihd.net\") (host == \"api.nowtv.de\") (host == \"api.tvnow.de\") (host == \"www.southpark.de\") (host == \"video.eurosport.de\") (host == \"vodp.eurosport.com\") (host == \"vodakpsdhdsdrm-vh.akamaihd.net\") (host == \"vas.sim-technik.de\") (host == \"www.ardmediathek.de\") (host == \"wdr_fs_geo-lh.akamaihd.net\") (host == \"ondemand-de.wdr.de\") (host == \"zdf0910-lh.akamaihd.net\") (host == \"mvideos-geo.daserste.de\") (host == \"wdr_ardevent2-lh.akamaihd.net\") (host == \"pmd2.sport1.de\") (host == \"tv.sport1.de\") (host == \"mls.myvideo.de\") (host == \"vod-level3-psd2-dcp.p7s1digital.de\") (host == \"dach.hds.fra.clipfish.de\") (host == \"de-ipd.videoplaza.tv\") (host == \"adaptiv.wdr.de\") (host == \"live-lh.daserste.de\") (host == \"ma271-r.analytics.edgesuite.net\") (host == \"mdr_geo_hls-vh.akamaihd.net\") (host == \"www.daserste.de\")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == \"www.tg4.ie\") (url.indexOf(\"proxmate=ie\") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == \"rai.tv\") (host == \"www.rai.tv\") (host == \"mediapolis.rai.it\") (host == \"www.rai.it\") (host == \"stream5.rai.it\") (host == \"stream6.rai.it\") (host == \"stream7.rai.it\") (host == \"sspushrai1-s.akamaihd.net\") (host == \"sspushrai2-s.akamaihd.net\") (host == \"sspushraisport2-s.akamaihd.net\") (host == \"sspushrai3-s.akamaihd.net\") (host == \"secondary.adaptiveedge.rai.it\") (host == \"rai-italia01.wt-eu02.net\") (host == \"download.rai.tv\") (host == \"mediapolisvod.rai.it\") (host == \"mediapolisevent.rai.it\") (host == \"raiuno1hds-lh.akamaihd.net\") (host == \"raidue1hds-lh.akamaihd.net\") (host == \"raitre1hds-lh.akamaihd.net\") (host == \"raiquattro1hds-lh.akamaihd.net\") (host == \"b2.stream6.rai.it\") (host == \"raisportuno1-i.akamaihd.net\") (host == \"raisportdue1-i.akamaihd.net\") (host == \"uspushmp4sec2-vh.akamaihd.net\") (host == \"ww.rai.tv\") (host == \".xuniplay.fdnames.com\") (url.indexOf(\"xuniplay.fdnames.com\") != -1) (host == \"se-to1-8.se.live3.msf.ticdn.it\") (host == \"live.shinystat.com\") (host == \"lic.mediaset.net\") (host == \"cssr.video.mediaset.it\") (url.indexOf(\"proxmate=it\") != -1) (host == \"www.vvvvid.it\")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == \"telecinco.es\") (host == \"telecinco1-vh.akamaihd.net\") (host == \"www.telecinco.es\") (url.indexOf(\"proxmate=es\") != -1) (host == \"antena3.com\") (host == \"www.antena3.com\") (host == \"geodesprogresiva.antena3.com\") (host == \"rtve.es\") (host == \"www.rtve.es\") (host == \"ztnr.rtve.es\") (host == \"mvodt.lvlt.rtve.es\") (host == \"swf.rtve.es\") (host == \"cuatro.com\") (host == \"www.cuatro.com\") (host == \"cuatro1-vh.akamaihd.net\") (host == \"peliculas-online.atresplayer.com\") (host == \"servicios.atresplayer.com\") (host == \"es-antena3.videoplaza.tv\") (host == \"www.atresplayer.com\") (host == \"deswowa3player-tk.antena3.com\") (host == \"nqs.nice264.com\") (host == \"atresplayer.com\") (host == \"cas.criteo.com\") (host == \"k.uecdn.es\") (host == \"v.uecdn.es\") (host == \"as.com\") (host == \"ep00.epimg.net\") (host == \"futbol.as.com\") (host == \"motor.as.com\") (host == \"baloncesto.as.com\") (host == \"mitele1-vh.akamaihd.net\") (host == \"www.educa2.madrid.org\") (host == \"ccma-tva-es-abertis-live.hls.adaptive.level3.net\") (host == \"mp4-medium-dwn-es.media.tv3.cat\") (host == \"www.ccma.cat\")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == \"prosieben.ch\") (host == \"www.prosieben.ch\") (host == \"s1tv.ch\") (host == \"www.s1tv.ch\") (host == \"chtv.ch\") (host == \"www.chtv.ch\") (host == \"zba2-1-hds-live.zahs.tv\") (host == \"zba2-0-hds-live.zahs.tv\") (host == \"embed-zattoo.com\") (host == \"sat1.ch\") (host == \"www.sat1.ch\") (host == \"rsi.ch\") (host == \"www.rsi.ch\") (host == \"codch-vh.akamaihd.net\") (host == \"il.srgssr.ch\") (host == \"sports.api.swisstxt.ch\") (host == \"live.rsi.ch\") (host == \"srgssrrcdvr14ch-lh.akamaihd.net\") (host == \"srgssruni13ch-lh.akamaihd.net\") (host == \"ch.viva.tv\") (host == \"intl.esperanto.mtvi.com\") (url.indexOf(\"proxmate=ch\") != -1) (host == \"api.mtvnn.com\") (host == \"viva.tv\") (host == \"media-utils.mtvnservices.com\") (host == \"viavivatvbroadband.112.2o7.net\") (url.indexOf(\".damoh.viva.tv\") != -1) (host == \"rtsch-i.akamaihd.net\") (host == \"srgssruni9ch-lh.akamaihd.net\") (host == \"zattoo.com\") (host == \"zba2-2-hds-live.zahs.tv\") (host == \"zba2-3-hds-live.zahs.tv\") (host == \"zh2-3-hds-live.zahs.tv\") (url.indexOf(\"hds-live.zahs.tv\") != -1) (host == \"www.srf.ch\") (host == \"srgssruni1ch-lh.akamaihd.net\") (host == \"srgssruni2ch-lh.akamaihd.net\") (host == \"srgssruni3ch-lh.akamaihd.net\") (host == \"www.teleboy.ch\") (host == \"aka-cdn-ns.adtech.de\") (host == \"teleboy.customers.cdn.iptv.ch\") (host == \"adserver.adtech.de\") (url.indexOf(\"62.65.140\") != -1)) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == \"mercury.itv.com\") (host == \"itv.com\") (host == \"www.itv.com\") (host == \"llnw.live.btv.simplestream.com\") (host == \"players.simplestream.com\") (host == \"uapi.simplestream.com\") (host == \"llnwhls.channel5.com\") (host == \"api-images.channel5.com\") (host == \"channel5.com\") (host == \"wwwcdn.channel5.com\") (host == \"cassie.channel5.com\") (host == \"player.channel5.com\") (host == \"deliver-hls.channel5.com\") (host == \"akahls.channel5.com\") (host == \"milkshake.tv\") (host == \"www.milkshake.tv\") (host == \"trk-euwest.tidaltv.com\") (host == \"mp.adverts.itv.com\") (host == \"req.tidaltv.com\") (host == \"s1.2mdn.net\") (host == \"pes.itv.com\") (host == \"ned.itv.com\") (host == \"itvdotcom.2cnt.net\") (host == \"tom.itv.com\") (host == \"c.brightcove.com\") (host == \"dave.uktv.co.uk\") (host == \"metrics.brightcove.com\") (host == \"uktvplay.uktv.co.uk\") (host == \"uktvhdse.brightcove.com.edgesuite.net\") (host == \"admin.brightcove.com\") (host == \"really.uktv.co.uk\") (host == \"yesterday.uktv.co.uk\") (host == \"drama.uktv.co.uk\") (host == \"live.tvplayer.com\") (host == \"tvplayer.com\") (host == \"ssapi.tvplayer.com\") (host == \"api.tvplayer.com\") (host == \"media1.gamefront.com\") (url.indexOf(\"proxmate=uk\") != -1) (host == \"channel4.com\") (host == \"ais.channel4.com\") (host == \"pandr.my.channel4.com\") (host == \"all4nav.channel4.com\") (host == \"4id.channel4.com\") (host == \"player.absoluteradio.co.uk\") (host == \"absoluteradio.co.uk\") (host == \"go.sky.com\") (host == \"www.skysports.com\") (host == \"player.ooyala.com\") (host == \"www.espnplayer.com\")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == \"link.theplatform.com\") (host == \"discidevflash-f.akamaihd.net\") (host == \"api.geoip.dp.discovery.com\") (host == \"vidtech.cbsinteractive.com\") (host == \"vidtech.cbsima.com\") (host == \"om.cbsi.com\") (host == \"canstatic.cbs.com\") (host == \"media.mtvnservices.com\") (host == \"cp112366-f.akamaihd.net\") (host == \"api-manga.crunchyroll.com\") (host == \"crunchyroll.com\") (host == \"www.crunchyroll.com\") (host == \"hlsioscwtv.warnerbros.com\") (host == \"servicesaetn-a.akamaihd.net\") (host == \"live.mlssoccer.com\") (host == \"tvewnbc-i.akamaihd.net\") (host == \"tvenbceast-i.akamaihd.net\") (host == \"nbcmpx-vh.akamaihd.net\") (host == \"www.pandora.com\") (host == \"video.pbs.org\") (host == \"ga.video.cdn.pbs.org\") (host == \"www-tc.pbs.org\") (host == \"localization.services.pbs.org\") (host == \"urs.pbs.org\") (host == \"play.spotify.com\") (host == \"www.spotify.com\") (host == \"play.spotify.edgekey.net\") (host == \"www.iheart.com\") (host == \"api2.iheart.com\") (host == \"api.iheart.com\") (host == \"iheart.com\") (host == \"us.api.iheart.com\") (host == \"nick.mtvnimages.com\") (host == \"sni-vh.akamaihd.net\") (host == \"ma67-r.analytics.edgesuite.net\") (host == \"www.adultswim.com\") (host == \"amd.cdn.turner.com\") (host == \"tveusa-vh.akamaihd.net\") (host == \"web-api-us.crackle.com\") (host == \"legacyweb-us.crackle.com\") (host == \"api.segment.io\") (host == \"www.vevo.com\") (host == \"vevo.com\") (host == \"apiv2.vevo.com\") (host == \"songza.com\") (host == \"new.songza.com\") (host == \"www.daisuki.net\") (host == \"bngn-vh.akamaihd.net\") (host == \"bngnwww.b-ch.com\") (host == \"www.hbogo.com\") (host == \"catalog.lv3.hbogo.com\") (host == \"profile.lv3.hbogo.com\") (host == \"profile.hbogo.com\") (url.indexOf(\".lv3.hbogo.com\") != -1) (host == \"register.hbogo.com\") (host == \"play.hbogo.com\") (host == \"smetrics.hbogo.com\") (url.indexOf(\".lv3.cdn.hbo.com\") != -1) (host == \"comet.api.hbo.com\") (host == \"amc350888def-vh.akamaihd.net\") (host == \"a564avoddashnsus-a.akamaihd.net\") (host == \"atv-ps.amazon.com\") (host == \"www.amazon.com\") (host == \"amazon.com\") (host == \"fls-na.amazon.com\") (host == \"avodassets-a.akamaihd.net\") (host == \"secure.brightcove.com\") (host == \"www.dramafever.com\") (host == \"cdn.wwtv.warnerbros.com\") (host == \"media.cwtv.com\") (host == \"phds-vod.cdn.turner.com\") (host == \"token.vgtf.net\") (host == \"counter.yadro.ru\") (host == \"turbik.tv\") (host == \"www.ondemandkorea.com\") (host == \"www.fxnetworks.com\") (host == \"fxvcms-f.akamaihd.net\") (host == \"tvetelemundo-vh.akamaihd.net\") (host == \"www.logotv.com\") (host == \"feed.theplatform.com\") (host == \"fsvideohds-vh.akamaihd.net\") (host == \"watchable.com\") (host == \"cilhlsvod-f.akamaihd.net\") (host == \"oxygenvod-vh.akamaihd.net\") (host == \"tvesyfy-vh.akamaihd.net\") (host == \"www.smithsonianchannel.com\") (host == \"brightcove01.brightcove.com\") (host == \"edge.api.brightcove.com\") (host == \"www.eonline.com\") (host == \"api.listenlive.co\") (host == \"playerservices.streamtheworld.com\") (host == \"player.listenlive.co\") (url.indexOf(\"live.streamtheworld.com\") != -1) (host == \"www.cartoonnetwork.com\") (host == \"pmd.cdn.turner.com\") (host == \"www.viki.com\") (host == \"api.viki.io\") (host == \"www.origin.com\") (host == \"ht.cdn.turner.com\") (host == \"aolvideoshd-vh.akamaihd.net\") (host == \"syn.5min.com\") (host == \"stvideos.5min.com\") (host == \"www.showtime.com\") (host == \"secure.showtime.com\") (url.indexOf(\".vgtf.net\") != -1) (host == \"phds-live.cdn.turner.com\") (host == \"api.amplitude.com\") (host == \"order.rhapsody.com\") (host == \"payment.rhapsody.com\") (host == \"www.willow.tv\") (host == \"willowtv.live-s.cdn.bitgravity.com\") (host == \"astatic.willow.tv\") (host == \"www.pivot.tv\") (host == \"js.maxmind.com\") (host == \"shonenjump.viz.com\") (host == \"cdnapisec.kaltura.com\") (host == \"store.steampowered.com\") (host == \"store.akamai.steamstatic.com\") (host == \"www.starzplay.com\") (host == \"registerdisney.go.com\") (host == \"www.disneymoviesanywhere.com\") (host == \"fxxhds-vh.akamaihd.net\") (host == \"ma521-r.analytics.edgesuite.net\") (host == \"www.simpsonsworld.com\") (host == \"player.foxfdm.com\") (host == \"8tracks.com\") (host == \"cdn.widgets.webengage.com\") (host == \"chaos-vh.akamaihd.net\") (host == \"www.christiancinema.com\") (host == \"cdn2.christiancinema.com\") (host == \"signsanddecal.com\") (host == \"channelstore.roku.com\") (host == \"owner.roku.com\") (host == \"geocheck.turner.tv.edgesuite.net\") (host == \"www.overdrive.com\") (host == \"us.7digital.com\") (host == \"tennischannel.com\") (host == \"www.tennischanneleverywhere.com\") (host == \"neulionms-a.akamaihd.net\") (host == \"www.bravotv.com\") (host == \"bravovod-vh.akamaihd.net\") (host == \"www.gog.com\") (host == \"www.viceland.com\") (host == \"content-ause4.uplynk.com\") (host == \"www.go90.com\") (host == \"www.xfinity.com\") (host == \"www.fyi.tv\") (host == \"www.shudder.com\") (shExpMatch(url, \"*-ue1.s-gin.com**\")) (host == \"www.viz.com\") (host == \"www.slacker.com\") (host == \"www.ufc.tv\") (host == \"media.ufc.tv\") (host == \"cdnapi.kaltura.com\") (host == \"www.motortrendondemand.com\") (host == \"www.foxsoccer2go.com\")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == \"livestreams.omroep.nl\") (host == \"npostreaming.nl\") (host == \"ida.omroep.nl\") (url.indexOf(\".npostreaming.nl\") != -1) (host == \"odi.omroep.nl\") (host == \"npoplayer.omroep.nl\") (host == \"www.zapp.nl\") (host == \"tellerapi.omroep.nl\") (host == \"e.omroep.nl\") (url.indexOf(\"proxmate=nl\") != -1) (host == \"live.foxsports.nl\") (host == \"www.foxsports.nl\") (host == \"drm.rtl.nl\") (host == \"www.rtlxl.nl\") (host == \"lb-fox-vod.streamgate.nl\")) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == \"atvplus.oewabox.at\") (host == \"cdn.atv.at\") (url.indexOf(\"proxmate=at\") != -1) (host == \"hdsvodsportsman-vh.akamaihd.net\") (host == \"streamaccess.unas.tv\") (host == \"www.laola1.tv\") (host == \"www.livestation.com\") (host == \"livestation.com\") (url.indexOf(\".emigrantas.tv\") != -1) (host == \"tvthek.orf.at\") (host == \"apasfiisl.apa.at\") (host == \"orf.oewabox.at\") (host == \"194.232.200.58\") (url.indexOf(\"185.85.28.\") != -1) (host == \"185.85.29.\") (host == \"hdiosstv-f.akamaihd.net\")) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == \"customerevents.netflix.com\") (host == \"api-global.netflix.com\") (host == \"www.netflix.com\") (url.indexOf(\".ix.nflxvideo.net\") != -1) (url.indexOf(\".isp.nflxvideo.net\") != -1) (host == \"api.utils.watchabc.go.com\") (host == \"api.contents.watchabc.go.com\") (host == \"api.legacypresentation.watchabc.go.com\") (url.indexOf(\"content-ause*.uplynk.com\") != -1) (host == \"abc.go.com\") (host == \"api.entitlement.watchabc.go.com\") (host == \"api.watchabc.go.com\") (host == \"ping.chartbeat.net\")) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((url.indexOf(\"proxmate=jp\") != -1)) { return 'PROXY jpnet-node.proxmate.me:8008' } else if ((host == \"media.mtvnservices.com\") (host == \"hulu.dash-vod.hss.adaptive.level3.net\") (host == \"t2.huluim.com\") (host == \"t2.hulu.com\") (host == \"s.hulu.com\") (host == \"www.funimation.com\") (host == \"wpc.8c48.edgecastcdn.net\") (host == \"southpark.cc.com\") (host == \"play.google.com\") (host == \"checkout.google.com\") (host == \"store.google.com\") (host == \"apis.google.com\") (url.indexOf(\"*content-ause*.uplynk.com*\") != -1) (host == \"www.theanimenetwork.com\") (host == \"d3l10pqnieib99.cloudfront.net\") (host == \"i.lv3.hbo.com\") (host == \"render.lv3.hbo.com\") (host == \"api.nbcolympics.com\") (host == \"stream.nbcolympics.com\") (host == \"massrelevance.com\") (host == \"nbc-sports.massrel.io\") (host == \"mps.nbcuni.com\") (host == \"api.massrelevance.com\") (host == \"mass-relevance-all-access.massrel.io\") (host == \"www.nbcolympics.com\") (host == \"www.nbcudigitaladops.com\") (host == \"massrel-all.massrel.io\") (host == \"ds-aksb-a.akamaihd.net\") (host == \"nbcume.sc.omtrdc.net\") (host == \"dpm.demdex.net\") (host == \"link.theplatform.com\") (host == \"vplayer.nbcolympics.com\")) { return 'PROXY us2-node.proxmate.me:8008' } else if ((host == \"player.rutv.ru\") (host == \"api.rutv.ru\") (host == \"cdnng.v.rtr-vesti.ru\") (host == \"player.vgtrk.com\") (url.indexOf(\"proxmate=ru\") != -1) (host == \"stream.1tv.ru\") (host == \"mobdrm.1tv.ru\") (host == \"static.1tv.ru\") (host == \"static1.1tv.ru\") (host == \"videomore.ru\") (url.indexOf(\".videomore.ru\") != -1)) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == \"s.videos.globo.com\") (host == \"gshow.globo.com\") (url.indexOf(\"proxmate=br\") != -1) (host == \"secure.nuuvem.com\") (host == \"webportal.nowonline.com.br\") (host == \"api.globovideos.com\") (host == \"voddownload02.video.globo.com\") (host == \"security.video.globo.com\") (host == \"globoplay.globo.com\") (shExpMatch(url, \"*vodstreaming*.video.globo.com**\"))) { return 'PROXY br-node.proxmate.me:8008' } else if ((host == \"as-hds-uk-live.bbcfmt.vo.llnwd.net\") (host == \"sa.bbc.co.uk\") (host == \"vs-hds-uk-live.edgesuite.net\") (host == \"vod-hds-uk-live.bbcfmt.vo.llmwd.net\") (host == \"vod-hds-uk-live.bbcfmt.vo.llnwd.net\") (host == \"vod-hds-uk-live.edgesuite.net\") (host == \"www.bbc.co.uk\") (host == \"fig.bbc.co.uk\") (host == \"open.live.bbc.co.uk\") (host == \"vs-hds-uk-live.bbcfmt.vo.llnwd.net\") (host == \"ichef.bbci.co.uk\") (host == \"bbc.co.uk\") (host == \"stv-ak.cds1.yospace.com\") (host == \"core.stvfiles.com\") (host == \"player.stv.tv\") (host == \"stv.brightcove.com.edgesuite.net\") (host == \"uk-dev-stv.a.videoplaza.tv\") (host == \"player.api.stv.tv\") (host == \"vod-rtmp-uk-live.edgesuite.net\") (url.indexOf(\"23.205.169.\") != -1) (url.indexOf(\"46.33.68.\") != -1) (url.indexOf(\"23.63.98.\") != -1) (host == \"ve-hds-uk-live.edgesuite.net\") (host == \"ve-hds-uk-live.bbcfmt.vo.llnwd.net\")) { return 'PROXY ukb-node.proxmate.me:8008' } else if ((host == \"se.hbonordic.com\") (host == \"hbonordic.com\") (host == \"api-hbon.hbo.clearleap.com\") (host == \"hbonordic-production-vod.hds.adaptive.level3.net\") (host == \"gwd.lphbs.com\") (host == \"gwc.lphbs.com\") (host == \"gwdblphbs.com\") (host == \"gwa.lphbs.com\") (host == \"www.svtplay.se\") (host == \"www.svtstatic.se\") (host == \"svt10-lh.akamaihd.net\") (host == \"svt12-lh.akamaihd.net\") (host == \"svt13-lh.akamaihd.net\") (shExpMatch(url, \"*svtplay*.akamaihd.net**\")) (host == \"www.karaokeparty.com\")) { return 'PROXY se-node.proxmate.me:8008' } else if ((host == \"sshds1-lh.akamaihd.net\") (host == \"ssvodasp-vh.akamaihd.net\") (host == \"sshds24-lh.akamaihd.net\") (host == \"sshds26-lh.akamaihd.net\") (host == \"sshds25-lh.akamaihd.net\") (host == \"sshds23-lh.akamaihd.net\") (host == \"sshds22-lh.akamaihd.net\") (host == \"sshds21-lh.akamaihd.net\") (host == \"sshds27-lh.akamaihd.net\") (host == \"hockeysportslive-lh.akamaihd.net\") (host == \"formula1us-lh.akamaihd.net\") (host == \"web.viu.com\") (shExpMatch(url, \"*staragvod*.akamaihd.net**\"))) { return 'PROXY in-node.proxmate.me:8008' } else if ((host == \"stat.i3.dmm.com\") (host == \"www.dmm.com\") (host == \"gyao.yahoo.co.jp\") (host == \"streaming.yahoo.co.jp\") (host == \"rio.yahooapis.jp\")) { return 'PROXY jp-node.proxmate.me:8008' } else if ((url.indexOf(\"proxmate=us\") != -1) (url.indexOf(\"gcr=us&\") != -1) (url.indexOf(\"cr=US&\") != -1)) { return 'PROXY usy-node.proxmate.me:8008' } else if ((host == \"dr01-lh.akamaihd.net\") (host == \"dr02-lh.akamaihd.net\") (host == \"dr03-lh.akamaihd.net\") (host == \"dr04-lh.akamaihd.net\") (host == \"dr05-lh.akamaihd.net\") (host == \"dr06-lh.akamaihd.net\") (host == \"drdklive-webapi.azurewebsites.net\") (host == \"drdklive-push.azurewebsites.net\") (host == \"drevent-lh.akamaihd.net\") (host == \"drod03m-vh.akamaihd.net\") (host == \"www.dr.dk\") (host == \"tv3play.tns-gallup.dk\") (host == \"playapi.play.mtgx.tv\") (host == \"mtgxdk04-vh.akamaihd.net\") (host == \"i-viaplay-com.akamaized.net\")) { return 'PROXY dk-host.proxmate.me:8008' } else { return 'DIRECT'; }}" FF Extension: (Ace Stream Web Extension) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\acewebextension_unlisted@acestream.org.xpi [2016-06-13] FF Extension: (ADB Helper) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\adbhelper@mozilla.org [2017-01-27] FF Extension: (Battlefield Heroes Updater) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\battlefieldheroespatcher@ea.com [2013-03-20] [not signed] FF Extension: (BetterTTV) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\firefox@betterttv.net.xpi [2016-03-16] FF Extension: (MEGA) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\firefox@mega.co.nz.xpi [2017-01-29] FF Extension: (FoxyScrobbler) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2015-10-17] FF Extension: (Valence) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\fxdevtools-adapters@mozilla.org [2017-01-27] FF Extension: (Proxmate) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-16] FF Extension: (Reddit Enhancement Suite) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-12-17] FF Extension: (Oddshot) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\oddshot@oddshot.tv.xpi [2016-12-03] FF Extension: (uBlock Origin) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-25] FF Extension: (LastFM) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\{82BC70E0-FE85-11DA-A899-3A655C103D30}.xpi [2015-05-26] [not signed] FF Extension: (BitComet Video Downloader) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2012-08-03] [not signed] FF Extension: (Adblock Plus) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] FF Extension: (Greasemonkey) - C:\Users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbp3bz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKU\S-1-5-21-1745381870-427158394-1962776618-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Rafal\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (Ace Stream Web Extension) - C:\Users\Rafal\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1745381870-427158394-1962776618-1001: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Rafal\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies) FF Plugin HKU\S-1-5-21-1745381870-427158394-1962776618-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rafal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-21] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1745381870-427158394-1962776618-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Profile: C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default [2017-01-29] CHR Extension: (MakeGIF Video Capture) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2015-12-21] CHR Extension: (Avast SafePrice) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-03] CHR Extension: (LoungeDestroyer) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-11-23] CHR Extension: (AdBlock) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-27] CHR Extension: (Avast Online Security) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-25] CHR Extension: (Proxmate) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2017-01-27] CHR Extension: (Ace Stream Web Extension) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-08-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27] CHR Extension: (Chrome Media Router) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-21] CHR HKU\S-1-5-21-1745381870-427158394-1962776618-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 Brother XP spl Service; C:\windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation) R2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32888 2013-07-20] () R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-07] (Electronic Arts) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2014-05-06] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2017-01-02] (AVAST Software) R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2017-01-02] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2017-01-02] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2017-01-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-02] (AVAST Software) R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2017-01-02] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2017-01-02] (AVAST Software) R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2017-01-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-02] (AVAST Software) R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-19] (AVG Technologies) R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-07] (DT Soft Ltd) S3 EvolveVirtualAdapter; C:\windows\System32\DRIVERS\evolve.sys [21656 2013-08-06] (Echobit, LLC) S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-04-11] () U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.) R0 sptd; C:\windows\System32\Drivers\sptd.sys [386680 2014-11-09] (Duplex Secure Ltd.) U3 aqv5x29g; C:\Windows\System32\Drivers\aqv5x29g.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 androidusb; System32\Drivers\lgandadb.sys [X] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-30 09:43 - 2017-01-30 09:46 - 00050420 _____ C:\Users\Rafal\Downloads\FRST.txt 2017-01-30 09:42 - 2017-01-30 09:43 - 00000000 ____D C:\FRST 2017-01-30 09:42 - 2017-01-30 09:42 - 02420736 _____ (Farbar) C:\Users\Rafal\Downloads\FRST64(1).exe 2017-01-30 09:42 - 2017-01-30 09:40 - 00007300 _____ C:\Users\Rafal\Desktop\AdwCleaner[S1].txt 2017-01-30 09:36 - 2017-01-30 09:36 - 04015056 _____ C:\Users\Rafal\Downloads\adwcleaner_6.043.exe 2017-01-30 09:12 - 2017-01-30 09:12 - 00000000 ___RD C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-01-29 15:22 - 2017-01-29 15:22 - 02420736 _____ (Farbar) C:\Users\Rafal\Downloads\FRST64.exe 2017-01-18 10:00 - 2017-01-18 09:58 - 00110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll 2017-01-10 18:03 - 2017-01-10 18:03 - 00960615 _____ C:\Users\Rafal\Downloads\pdf2docx.zip 2017-01-10 10:52 - 2017-01-10 10:52 - 00003584 _____ C:\Users\Rafal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-01-04 15:15 - 2017-01-04 15:23 - 00000000 ____D C:\Users\Rafal\AppData\Local\Innkeeper 2017-01-03 09:12 - 2017-01-02 12:14 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2017-01-02 12:14 - 2017-01-02 12:14 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-30 09:45 - 2015-07-15 14:48 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2017-01-30 09:40 - 2015-04-11 16:02 - 00000000 ____D C:\AdwCleaner 2017-01-30 09:23 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-30 09:23 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-30 09:16 - 2016-11-17 09:23 - 00000000 ____D C:\Users\Rafal\AppData\LocalLow\Mozilla 2017-01-30 09:11 - 2012-06-23 02:01 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2017-01-30 09:11 - 2012-06-23 02:01 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2017-01-30 09:11 - 2012-06-23 01:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2017-01-30 09:08 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-01-30 00:09 - 2016-10-14 14:28 - 00000000 ____D C:\Program Files\World of Warcraft 2017-01-30 00:09 - 2013-11-08 21:25 - 00000000 ____D C:\Users\Rafal\AppData\Local\Battle.net 2017-01-30 00:06 - 2014-01-19 20:27 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-01-29 22:08 - 2014-10-04 19:42 - 00007610 _____ C:\Users\Rafal\AppData\Local\resmon.resmoncfg 2017-01-29 21:31 - 2012-08-13 15:28 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\Media Player Classic 2017-01-29 21:29 - 2012-08-04 14:42 - 00000000 ____D C:\Users\Rafal\AppData\Local\CrashDumps 2017-01-29 21:29 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2017-01-29 14:46 - 2013-03-27 14:52 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\Skype 2017-01-29 14:25 - 2015-05-15 13:03 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-29 11:45 - 2012-08-03 10:20 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\BitComet 2017-01-29 10:54 - 2013-05-27 18:42 - 00000000 __RHD C:\Users\Rafal\Desktop\Docs 2017-01-29 09:55 - 2009-07-14 06:13 - 00796934 _____ C:\windows\system32\PerfStringBackup.INI 2017-01-28 21:11 - 2013-02-12 17:53 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\Spotify 2017-01-28 21:11 - 2013-02-12 17:53 - 00000000 ____D C:\Users\Rafal\AppData\Local\Spotify 2017-01-28 08:58 - 2016-11-16 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-28 08:58 - 2012-08-02 16:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-27 13:02 - 2012-08-08 14:10 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\TS3Client 2017-01-26 16:23 - 2014-01-19 20:28 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2017-01-24 20:57 - 2016-11-22 20:51 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\discord 2017-01-24 19:48 - 2013-11-18 18:03 - 00000000 ____D C:\Program Files (x86)\osu! 2017-01-21 09:30 - 2013-01-06 10:12 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update 2017-01-18 10:01 - 2015-05-30 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2017-01-18 10:01 - 2014-10-16 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-18 10:01 - 2014-10-16 21:58 - 00000000 ____D C:\Program Files (x86)\Java 2017-01-18 10:01 - 2013-10-19 15:37 - 00000000 ____D C:\ProgramData\Oracle 2017-01-18 10:00 - 2015-05-30 16:32 - 00000000 ____D C:\Program Files\Java 2017-01-18 09:58 - 2015-05-30 16:35 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2017-01-18 09:57 - 2015-11-24 08:49 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2017-01-17 11:19 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2017-01-17 11:17 - 2012-09-23 15:54 - 00000000 ____D C:\Users\Rafal\AppData\Local\ElevatedDiagnostics 2017-01-14 09:24 - 2013-03-27 14:52 - 00000000 ____D C:\ProgramData\Skype 2017-01-11 22:51 - 2016-12-16 14:08 - 00002164 ____H C:\Users\Rafal\Desktop\Discord.lnk 2017-01-11 22:51 - 2016-11-22 20:51 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 22:50 - 2016-12-16 12:59 - 00000000 ____D C:\Users\Rafal\AppData\Local\Discord 2017-01-11 22:49 - 2016-12-27 12:18 - 00000000 ____D C:\Users\Rafal\AppData\Roaming\StardewValley 2017-01-10 15:45 - 2015-07-15 14:48 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2017-01-10 15:45 - 2012-06-23 01:24 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2017-01-10 15:45 - 2012-06-23 01:24 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-10 15:45 - 2012-06-23 01:24 - 00000000 ____D C:\windows\SysWOW64\Macromed 2017-01-10 15:45 - 2012-06-23 01:24 - 00000000 ____D C:\windows\system32\Macromed 2017-01-04 15:17 - 2016-05-11 23:09 - 00000000 ____D C:\Users\Rafal\AppData\Local\SquirrelTemp 2017-01-04 09:44 - 2016-03-16 08:24 - 00003890 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458113073 2017-01-02 12:16 - 2013-03-19 11:36 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys 2017-01-02 12:15 - 2013-01-06 10:12 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2017-01-02 12:15 - 2013-01-06 10:12 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2017-01-02 12:14 - 2014-05-14 13:06 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys 2017-01-02 12:14 - 2014-01-08 08:43 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2017-01-02 12:14 - 2013-03-19 11:36 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148335576093412 2017-01-02 12:14 - 2013-03-19 11:36 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys 2017-01-02 12:14 - 2013-01-06 10:12 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148335575884310 2017-01-02 12:14 - 2013-01-06 10:12 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2017-01-02 12:14 - 2013-01-06 10:12 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2017-01-02 12:13 - 2016-03-15 13:17 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2017-01-02 12:13 - 2013-01-06 10:12 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148335575633207 ==================== Files in the root of some directories ======= 2013-05-30 13:48 - 2013-08-01 12:26 - 0000565 _____ () C:\Users\Rafal\AppData\Roaming\myMPQ.ini 2014-05-03 17:16 - 2015-03-28 22:34 - 0000132 _____ () C:\Users\Rafal\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2015-06-02 15:23 - 2015-06-12 16:06 - 0002188 _____ () C:\Users\Rafal\AppData\Roaming\SpeedRunnersLog.txt 2017-01-10 10:52 - 2017-01-10 10:52 - 0003584 _____ () C:\Users\Rafal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-18 19:13 - 2014-04-18 19:13 - 0000000 ___SH () C:\Users\Rafal\AppData\Local\LumaEmu 2014-10-04 19:42 - 2017-01-29 22:08 - 0007610 _____ () C:\Users\Rafal\AppData\Local\resmon.resmoncfg 2012-10-06 09:57 - 2012-10-06 09:57 - 0017408 _____ () C:\Users\Rafal\AppData\Local\WebpageIcons.db Files to move or delete: ==================== C:\Users\Rafal\edb_pgagent.exe C:\Users\Rafal\edb_phppgadmin.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-23 13:37 ==================== End of FRST.txt ============================