Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-05-2015 Ran by admin (administrator) on ADMIN-KOMPUTER on 05-05-2015 18:00:42 Running from D:\_internet_files\28122005 Loaded Profiles: admin (Available profiles: admin & Administrator) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe () D:\hdd\Util\system\Drivers\HP_DV9690\pomiar_temperatury_rdzeni\Core_temp\CoreTemp.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Ghisler Software GmbH) C:\util\totalcmd\TOTALCMD.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (AQQ Sp. z o.o.) C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (wj32) D:\hdd\Util\software\antyspyware\Process Hacker\ProcessHacker.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [CoreTemp] => D:\hdd\Util\system\Drivers\HP_DV9690\pomiar_temperatury_rdzeni\Core_temp\CoreTemp.exe [378384 2009-08-05] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-28] (Avast Software s.r.o.) HKU\S-1-5-21-3503800393-2953541970-2597320098-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team) HKU\S-1-5-21-3503800393-2953541970-2597320098-1000\...\Run: [AQQ] => C:\Program Files\WapSter\WapSter AQQ\AQQ.exe [8174592 2013-10-16] (AQQ Sp. z o.o.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-28] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3503800393-2953541970-2597320098-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://waluty.wp.pl/ SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices. Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default FF Homepage: hxxp://waluty.wp.pl/?ticaid=1afd8 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\searchplugins\dipol-wyszukaj-towar.xml [2008-04-07] FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\searchplugins\mozilla-add-ons.xml [2008-06-26] FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\searchplugins\wyszukiwarka-onetpl.xml [2008-10-05] FF Extension: British English Dictionary (Updated) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\en-gb@flyingtophat.co.uk [2015-02-11] FF Extension: oldbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2010-10-02] FF Extension: checkCompatibility - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2013-04-20] FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-06] FF Extension: Flagfox - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-17] FF Extension: NoScript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-12] FF Extension: Password Exporter - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-03-09] FF Extension: Easy Youtube Video Downloader Express - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-12-26] FF Extension: Video DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Theme Font & Size Changer - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2015-04-09] FF Extension: Firefox 2, the theme, reloaded - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgae9nwl.default\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2012-10-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team) R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-08] (Realtek Semiconductor) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-04-11] (DEVGURU Co., LTD.) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation) S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation) S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation) S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation) S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation) S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112096 2013-02-13] (Windows (R) Win 7 DDK provider) S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-01-25] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20864 2010-01-25] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [19968 2010-01-25] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [24960 2010-01-25] (LG Electronics Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-28] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-28] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-28] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-28] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-28] () S4 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.) S3 cxbu1wdm; C:\Windows\System32\DRIVERS\cxbu1wdm.sys [118016 2012-02-02] ( ) [File not signed] S3 eGateUSB; C:\Windows\System32\Drivers\eGateUSB.sys [73728 2007-05-09] (Gemalto) S3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [16384 2012-02-24] (Danish Wireless Design A/S) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-01-22] (FTDI Ltd.) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145664 2014-07-06] (ITE ) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI) S3 KProcessHacker; D:\hdd\Util\software\antyspyware\Process Hacker\kprocesshacker.sys [35992 2015-04-17] (wj32) R4 KProcessHacker2; D:\hdd\Util\software\antyspyware\Process Hacker\kprocesshacker.sys [35992 2015-04-17] (wj32) S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2010-10-01] (Motorola Inc) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1174880 2011-03-29] (Ralink Technology Corp.) S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) [File not signed] R1 oreans32; C:\Windows\system32\drivers\oreans32.sys [33920 2011-02-21] () [File not signed] S3 PortTalk; C:\Windows\System32\drivers\PortTalk.sys [3567 2010-10-04] (Beyond Logic http://www.beyondlogic.org) [File not signed] S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] () S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103424 2009-02-26] (QUALCOMM Incorporated) R3 R5BaseSmc; C:\Windows\System32\DRIVERS\smccard.sys [12800 2004-09-28] (OEM) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation) S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation) S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation) S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation) S3 s916bus; C:\Windows\System32\DRIVERS\s916bus.sys [83496 2007-11-02] (MCCI Corporation) S3 s916mdfl; C:\Windows\System32\DRIVERS\s916mdfl.sys [15016 2007-11-02] (MCCI Corporation) S3 s916mdm; C:\Windows\System32\DRIVERS\s916mdm.sys [109992 2007-11-02] (MCCI Corporation) S3 s916mgmt; C:\Windows\System32\DRIVERS\s916mgmt.sys [103976 2007-11-02] (MCCI Corporation) S3 s916obex; C:\Windows\System32\DRIVERS\s916obex.sys [100008 2007-11-02] (MCCI Corporation) R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63096 2009-02-03] (Protection Technology (StarForce)) S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [329384 2015-04-03] (Duplex Secure Ltd.) S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-12-21] (MCCI Corporation) S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-12-21] (MCCI Corporation) S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-12-21] (MCCI Corporation) S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [100352 2010-12-21] (MCCI Corporation) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [104448 2010-12-21] (MCCI Corporation) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [14848 2010-12-21] (MCCI Corporation) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [132608 2010-12-21] (MCCI Corporation) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation) S3 token; C:\Windows\System32\DRIVERS\eps2kt1.sys [21888 2004-10-14] () S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12800 2008-04-07] (LG Electronics Inc.) S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [30208 2008-07-24] (Microsoft Corporation) [File not signed] S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2008-04-07] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-04-07] (LG Electronics Inc.) R3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [17280 2006-04-14] (ELTIMA Software) [File not signed] S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [44416 2006-04-10] (ELTIMA Software) [File not signed] S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-10-24] (MCCI) S3 w200mdfl; C:\Windows\System32\DRIVERS\w200mdfl.sys [9328 2006-10-24] (MCCI) S3 w200mdm; C:\Windows\System32\DRIVERS\w200mdm.sys [97056 2006-10-24] (MCCI) S3 w200mgmt; C:\Windows\System32\DRIVERS\w200mgmt.sys [88560 2006-10-24] (MCCI) S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI) S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-01-13] (ZTE Incorporated) S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [106752 2011-01-13] (ZTE Incorporated) U3 ao86uoxq; C:\Windows\system32\Drivers\ao86uoxq.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder) R3 ALSysIO; \??\C:\Users\admin\AppData\Local\Temp\ALSysIO.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-05 17:59 - 2015-05-05 18:00 - 00000000 ____D () C:\FRST 2015-05-02 10:57 - 2015-05-02 10:57 - 00000000 ____D () C:\Users\admin\Documents\WPR Files 2015-05-02 10:41 - 2015-05-02 10:41 - 00014298 _____ () C:\Users\admin\Desktop\wprui.lnk 2015-05-02 10:37 - 2015-05-02 10:38 - 00131072 _____ () C:\Windows\Minidump\050215-33337-01.dmp 2015-04-28 10:42 - 2015-04-28 10:17 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-04-28 10:32 - 2015-04-28 10:32 - 00000000 ____D () C:\Windows\system32\vbox 2015-04-28 10:26 - 2015-04-28 11:51 - 00097128 _____ () C:\Windows\PFRO.log 2015-04-28 10:17 - 2015-04-28 10:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-04-22 10:56 - 2015-04-22 10:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-15 16:31 - 2015-04-15 16:31 - 00000000 ____D () C:\ProgramData\WindowsPerformanceRecorder 2015-04-15 15:52 - 2015-04-15 15:55 - 00000000 ____D () C:\Users\admin\Documents\WPA Files 2015-04-15 15:51 - 2015-04-15 16:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Windows Performance Analyzer 2015-04-15 15:48 - 2015-04-15 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2015-04-15 15:48 - 2015-04-15 15:48 - 00000000 ____D () C:\Program Files\Windows Kits 2015-04-15 10:51 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 10:51 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 10:51 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 10:51 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 10:51 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 10:51 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 10:51 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 10:51 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 10:51 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 10:51 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 10:51 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 10:51 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 10:51 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 10:51 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 10:51 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 10:51 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 10:51 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 10:51 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 10:51 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 10:51 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 10:51 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 10:51 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 10:51 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 10:51 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 10:51 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 10:51 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 10:51 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 10:51 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 10:51 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 10:51 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 10:51 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 10:51 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 10:51 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 10:51 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 10:51 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 10:51 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 10:51 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 10:50 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-15 10:50 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 10:50 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 10:50 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 10:50 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 10:50 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 10:50 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 10:50 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 10:50 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 10:50 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 10:50 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 10:50 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 10:50 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 10:50 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 10:50 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 10:50 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 10:46 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 10:42 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 10:42 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-14 10:17 - 2015-05-04 16:22 - 00020890 _____ () C:\Windows\setupact.log 2015-04-14 10:17 - 2015-04-14 10:17 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-13 11:34 - 2015-04-13 11:34 - 00013565 _____ () C:\Users\admin\Desktop\msconfig.lnk 2015-04-10 10:39 - 2015-04-10 10:39 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-10 10:26 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-10 10:26 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-10 10:26 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-10 10:26 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-10 10:26 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-10 10:26 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-10 10:26 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-10 10:26 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-10 10:26 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-04-05 21:46 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\system32\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-05 17:48 - 2010-10-02 13:40 - 01697725 _____ () C:\Windows\WindowsUpdate.log 2015-05-05 17:09 - 2013-05-20 10:07 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-05 14:24 - 2010-10-02 13:54 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-05 14:24 - 2009-07-14 10:07 - 00740672 _____ () C:\Windows\system32\perfh015.dat 2015-05-05 14:24 - 2009-07-14 10:07 - 00156214 _____ () C:\Windows\system32\perfc015.dat 2015-05-05 14:21 - 2009-07-14 06:34 - 00019888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-05 14:21 - 2009-07-14 06:34 - 00019888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-04 10:16 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-02 10:37 - 2010-10-04 15:04 - 00000000 ____D () C:\Windows\Minidump 2015-04-28 10:45 - 2014-11-21 21:57 - 00002046 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-04-28 10:17 - 2014-04-27 19:18 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-04-28 10:17 - 2013-03-01 18:48 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-04-28 10:17 - 2013-03-01 18:48 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-04-28 10:17 - 2012-06-07 01:44 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-04-28 10:17 - 2012-06-07 01:44 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-04-28 10:16 - 2012-06-07 01:44 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-04-23 14:49 - 2010-11-18 21:05 - 00000000 ____D () C:\adb 2015-04-23 10:25 - 2012-04-25 10:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-19 20:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-04-17 11:48 - 2010-05-01 00:21 - 00003140 ___SH () C:\ProgramData\KGyGaAvL.sys 2015-04-17 10:45 - 2010-10-09 12:02 - 00033280 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-15 15:48 - 2014-08-16 01:28 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-15 12:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-15 11:18 - 2012-04-05 10:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-15 11:18 - 2011-05-16 11:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-04-15 11:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2015-04-14 18:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-13 15:34 - 2011-03-12 13:41 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-04-13 15:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-04-10 10:39 - 2014-04-23 16:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-08 18:03 - 2010-10-02 13:45 - 00000000 ____D () C:\Users\admin 2015-04-08 12:21 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-08 11:55 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2010-10-09 12:02 - 2015-04-17 10:45 - 0033280 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-26 17:49 - 2012-01-27 17:09 - 0000041 _____ () C:\Users\admin\AppData\Local\DiegoG3-3.0.4.3.INI 2012-01-27 17:30 - 2012-01-29 01:17 - 0000070 _____ () C:\Users\admin\AppData\Local\DiegoG3-3.0.7.1.INI 2012-01-26 17:50 - 2012-05-08 18:08 - 0000041 _____ () C:\Users\admin\AppData\Local\DiegoG3.INI 2013-03-04 12:50 - 2013-03-04 12:50 - 0000001 _____ () C:\Users\admin\AppData\Local\llftool.4.25.agreement 2013-04-17 17:05 - 2013-04-17 17:05 - 0000019 _____ () C:\Users\admin\AppData\Local\llftool.license 2011-09-11 15:22 - 2011-09-11 21:11 - 0000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND 2010-10-02 23:48 - 2015-03-22 23:42 - 0007633 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg 2010-05-01 00:21 - 2010-05-01 00:21 - 0000008 __RSH () C:\ProgramData\E3A87070E7.sys 2010-05-01 00:21 - 2015-04-17 11:48 - 0003140 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-04-30 21:44 - 2014-04-30 23:18 - 0003604 _____ () C:\ProgramData\LmeUSB.log 2014-04-30 23:18 - 2014-04-30 23:18 - 0000340 _____ () C:\ProgramData\LmeZJSW.log 2014-04-30 21:44 - 2014-04-30 23:18 - 0003604 _____ () C:\ProgramData\LSDmbTH.log 2014-04-30 21:44 - 2014-04-30 23:18 - 0003676 _____ () C:\ProgramData\PipShareTuner.log Some content of TEMP: ==================== ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-04 12:30 ==================== End Of Log ============================