Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-09-2013 Ran by R80 (administrator) on AUTO on 05-09-2013 00:14:56 Running from F:\Pobieranie Microsoft Windows 7 Ultimate (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe () F:\EslWire\service\WireHelperSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE () C:\Windows\system32\PnkBstrA.exe () C:\Program Files\Macrium\Reflect\ReflectService.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe (Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Macrovision Europe Ltd.) C:\Users\R80\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 () C:\Windows\system\HsMgr.exe (Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Valve Corporation) F:\Gry\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (Google Inc.) C:\Users\R80\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\R80\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\R80\AppData\Local\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Google Inc.) C:\Users\R80\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\R80\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd) HKLM\...\Run: [CtaMon] - C:\Windows\System32\CtaMon.dll [9728 2008-08-27] (Creative Technology Ltd.) HKLM\...\Run: [XFastUsb] - C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2011-07-20] (FNet Co., Ltd.) HKLM\...\Run: [CTSyncService] - C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [SBRegRebootCleaner] - "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" [x] HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft) HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [14848 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [] - [x] HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [976672 2013-03-24] (NVIDIA Corporation) HKLM\...\Run: [Cmaudio8788] - RunDll32 cmicnfgp.cpl,CMICtrlWnd [x] HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\system\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKCU\...\Run: [Steam] - F:\Gry\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation) HKCU\...\Run: [GG] - C:\Users\R80\AppData\Local\GG\Application\gghub.exe [3365440 2013-05-16] (GG Network S.A.) HKCU\...\Run: [Facebook Update] - C:\Users\R80\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-28] (Facebook Inc.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) HKCU\...\Run: [ESL Wire] - F:\EslWire\wire.exe [2731008 2013-07-09] (Turtle Entertainment GmbH) HKCU\...\Run: [PPS Accelerator] - C:\Program Files\PPStream\PPSKernel.exe [x] HKCU\...\Run: [Google Update] - C:\Users\R80\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2013-08-31] (Google Inc.) Startup: C:\Users\R80\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneWay.lnk ShortcutTarget: OneWay.lnk -> C:\Program Files\5Fantastic\OneWay\OneWay.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idg.pl/start URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File SearchScopes: HKLM - Google URL = http://www.google.ru/search?hl=ru&q={searchTerms}\ SearchScopes: HKLM - Wikipedia URL = http://ru.wikipedia.org/wiki/{searchTerms}\ SearchScopes: HKLM - Yahoo URL = http://ru.search.yahoo.com/search?p={searchTerms}\ SearchScopes: HKLM - Yandex URL = http://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}\ SearchScopes: HKCU - DefaultScope Wikipedia URL = SearchScopes: HKCU - Google URL = SearchScopes: HKCU - Wikipedia URL = SearchScopes: HKCU - Yahoo URL = SearchScopes: HKCU - {46BADB9F-0765-4e4b-805C-5AC11B68FBE0} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {81931AF7-777C-43bf-9701-100F176C738E} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV SearchScopes: HKCU - {B370B0B1-5BB5-4bc6-9157-B3901E4AD2ED} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {EB7D82D4-269B-4ada-BC41-0FB2AC15A2AC} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\R80\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\R80\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1 CHR Extension: (Google Drive) - C:\Users\R80\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\R80\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\R80\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\R80\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\R80\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click11.crx CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx ========================== Services (Whitelisted) ================= R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-20] (Creative Labs) R2 EslWireHelper; F:\EslWire\service\WireHelperSvc.exe [614416 2013-06-11] () R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-09-30] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [254072 2013-04-16] () R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia) R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-07-20] (Creative Labs) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-06-15] () S2 NMSAccess; "C:\Program Files\Blaze Media Pro\NMSAccess32.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-01-25] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20864 2010-01-25] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [19968 2010-01-25] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [24960 2010-01-25] (LG Electronics Inc.) S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-01-11] (Google Inc) R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc) R3 Ctafiltv; C:\Windows\System32\drivers\Ctafiltv.sys [17408 2008-08-14] (Creative Technology Ltd.) S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [24504 2011-08-08] (Turtle Entertainment GmbH) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [1077776 2013-06-25] () S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-07-20] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-07-20] (FNet Co., Ltd.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-08-28] (GFI Software) S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [27424 2012-09-24] () S3 P17; C:\Windows\System32\drivers\P17.sys [1122304 2007-02-05] (Creative Technology Ltd.) S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-04-16] (Macrium Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-14] (Duplex Secure Ltd.) S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) U3 aj9qifn3; C:\Windows\System32\Drivers\aj9qifn3.sys [0 ] (Advanced Micro Devices) S3 IesDrv; \??\C:\Windows\system32\Drivers\IesDrv.sys [x] U2 Messenger; S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 02:45 - 2013-09-04 15:59 - 00002325 _____ C:\Users\R80\Desktop\Google Chrome.lnk 2013-08-31 02:45 - 2013-08-31 02:45 - 00000000 ____D C:\Users\R80\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-08-31 02:44 - 2013-09-04 23:54 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38262387-1379028917-2686261013-1000UA.job 2013-08-31 02:44 - 2013-09-04 02:54 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38262387-1379028917-2686261013-1000Core.job 2013-08-30 23:45 - 2013-08-31 02:44 - 00000000 ____D C:\Program Files\Google 2013-08-30 14:17 - 2013-08-30 14:17 - 00001033 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-08-28 18:18 - 2013-08-28 22:46 - 00000000 ____D C:\Users\R80\AppData\Local\adawarebp 2013-08-28 18:14 - 2013-08-28 18:14 - 00000000 ____D C:\Program Files\Lavasoft 2013-08-28 16:18 - 2013-08-28 18:12 - 00044424 _____ (GFI Software) C:\Windows\system32\sbbd.exe 2013-08-08 03:11 - 2013-08-08 03:11 - 00000958 _____ C:\Users\UpdatusUser\Desktop\SopCast.lnk 2013-08-08 03:11 - 2013-08-08 03:11 - 00000958 _____ C:\Users\Administrator\Desktop\SopCast.lnk 2013-08-08 01:24 - 2013-08-08 01:24 - 00000000 ____D C:\Users\R80\Documents\OCCT ==================== One Month Modified Files and Folders ======= 2013-09-05 00:14 - 2013-09-05 00:14 - 00000000 ____D C:\FRST 2013-09-05 00:07 - 2012-07-19 21:46 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-04 23:57 - 2011-07-20 12:46 - 01134629 _____ C:\Windows\WindowsUpdate.log 2013-09-04 23:54 - 2013-08-31 02:44 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38262387-1379028917-2686261013-1000UA.job 2013-09-04 23:48 - 2012-08-23 14:55 - 00000000 ____D C:\Users\R80\AppData\Roaming\GG 2013-09-04 23:47 - 2012-09-16 00:30 - 00001835 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2013-09-04 23:44 - 2012-08-09 12:45 - 00000334 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2013-09-04 23:26 - 2011-09-21 16:24 - 00000000 ____D C:\Users\R80\AppData\Roaming\foobar2000 2013-09-04 23:06 - 2013-08-05 19:14 - 00000000 ____D C:\Users\R80\Documents\FIFA 13 2013-09-04 22:25 - 2012-11-28 23:20 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-38262387-1379028917-2686261013-1000UA.job 2013-09-04 22:25 - 2012-11-28 23:20 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-38262387-1379028917-2686261013-1000Core.job 2013-09-04 19:06 - 2012-08-30 21:10 - 00048697 _____ C:\Windows\setupact.log 2013-09-04 19:06 - 2011-07-20 12:58 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-04 19:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-04 19:05 - 2012-08-31 22:37 - 00059032 _____ C:\Windows\PFRO.log 2013-09-04 15:59 - 2013-08-31 02:45 - 00002325 _____ C:\Users\R80\Desktop\Google Chrome.lnk 2013-09-04 15:10 - 2011-10-05 16:21 - 00000000 ____D C:\Users\R80\AppData\Local\ESL Wire Game Client 2013-09-04 02:54 - 2013-08-31 02:44 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38262387-1379028917-2686261013-1000Core.job 2013-09-03 16:20 - 2012-07-19 21:17 - 00000974 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-09-03 16:20 - 2012-07-19 21:17 - 00000000 ____D C:\Program Files\CCleaner 2013-09-03 16:12 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-09-03 02:39 - 2011-07-20 13:13 - 00000000 ____D C:\Users\R80\AppData\Local\CrashDumps 2013-09-02 23:33 - 2011-07-21 15:39 - 00000000 ____D C:\Users\R80\AppData\Local\ChomikBox 2013-09-02 23:05 - 2011-09-03 11:20 - 00000000 ____D C:\Users\R80\.gstreamer-0.10 2013-09-01 23:38 - 2011-11-30 22:39 - 00000000 ____D C:\Users\R80\AppData\Roaming\TS3Client 2013-08-31 02:45 - 2013-08-31 02:45 - 00000000 ____D C:\Users\R80\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-08-31 02:44 - 2013-08-30 23:45 - 00000000 ____D C:\Program Files\Google 2013-08-31 02:44 - 2011-08-29 14:53 - 00000000 ____D C:\Users\R80\AppData\Local\Google 2013-08-30 14:17 - 2013-08-30 14:17 - 00001033 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-08-30 14:17 - 2012-02-15 22:16 - 00000000 ____D C:\Users\R80\AppData\Roaming\vlc 2013-08-30 14:15 - 2011-07-20 13:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-08-30 09:48 - 2013-03-17 02:51 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-30 09:48 - 2013-03-17 02:51 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-08-30 09:48 - 2012-02-26 12:51 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-08-30 09:48 - 2011-07-20 18:42 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-30 09:48 - 2011-07-20 18:42 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-30 09:48 - 2011-07-20 18:42 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-08-30 09:48 - 2011-07-20 18:42 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-08-30 09:48 - 2011-07-20 18:42 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-08-30 09:47 - 2011-07-20 18:41 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-08-30 09:47 - 2011-07-20 18:41 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-08-29 19:03 - 2011-07-20 13:20 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-08-28 22:46 - 2013-08-28 18:18 - 00000000 ____D C:\Users\R80\AppData\Local\adawarebp 2013-08-28 22:46 - 2012-09-16 00:30 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2013-08-28 20:18 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-28 20:18 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-28 18:15 - 2012-09-16 00:30 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus 2013-08-28 18:14 - 2013-08-28 18:14 - 00000000 ____D C:\Program Files\Lavasoft 2013-08-28 18:14 - 2013-02-26 14:21 - 00000000 ____D C:\ProgramData\Downloaded Installations 2013-08-28 18:12 - 2013-08-28 16:18 - 00044424 _____ (GFI Software) C:\Windows\system32\sbbd.exe 2013-08-28 18:12 - 2013-02-26 14:20 - 00013560 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-08-27 17:24 - 2013-03-20 20:09 - 00000000 ____D C:\Gry 2013-08-21 20:07 - 2012-07-19 21:46 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-21 20:07 - 2012-07-19 21:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-15 10:56 - 2009-07-14 06:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-11 19:34 - 2013-01-10 20:17 - 00000000 ____D C:\Users\R80\Desktop\111 2013-08-08 03:11 - 2013-08-08 03:11 - 00000958 _____ C:\Users\UpdatusUser\Desktop\SopCast.lnk 2013-08-08 03:11 - 2013-08-08 03:11 - 00000958 _____ C:\Users\Administrator\Desktop\SopCast.lnk 2013-08-08 03:11 - 2011-09-05 19:40 - 00000958 _____ C:\Users\R80\Desktop\SopCast.lnk 2013-08-08 03:11 - 2011-09-05 19:40 - 00000000 ____D C:\Program Files\SopCast 2013-08-08 01:24 - 2013-08-08 01:24 - 00000000 ____D C:\Users\R80\Documents\OCCT 2013-08-07 22:11 - 2011-11-30 22:39 - 00000000 ____D C:\Program Files\ts3 2013-08-06 13:29 - 2012-11-26 14:00 - 00000000 ____D C:\Filmy ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2009-07-14 01:41] - [2010-08-03 15:39] - 3144704 ____A (Microsoft Corporation) 08029ADC4B734BF36B7C17A1C2DBC54E C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe [2009-07-14 01:34] - [2010-06-04 09:51] - 0026624 ____A (Microsoft Corporation) A1C9C01C02AF6A2C81CAC34CD5E65F9B C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-03 02:23 ==================== End Of Log ============================