Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Gej (administrator) on KUBA-KOMPUTER on 11-05-2014 20:08:35 Running from C:\Users\Gej\Downloads Platform: Windows 7 Ultimate (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ZeoBIT LLC) C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (BitTorrent Inc.) C:\Users\Gej\AppData\Roaming\uTorrent\uTorrent.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Kromtech) C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-25] (AVAST Software) HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-2875920402-2630078828-2655317071-1002\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss HKU\S-1-5-21-2875920402-2630078828-2655317071-1002\...\Run: [PCKeeper2] => C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe [517936 2013-11-01] (ZeoBIT LLC) HKU\S-1-5-21-2875920402-2630078828-2655317071-1002\...\Run: [uTorrent] => C:\Users\Gej\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-05-01] (BitTorrent Inc.) HKU\S-1-5-21-2875920402-2630078828-2655317071-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-2875920402-2630078828-2655317071-1002\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} SearchScopes: HKLM-x32 - {15858D47-DD60-DEAE-5923-3C0DAFDD4BBC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {15858D47-DD60-DEAE-5923-3C0DAFDD4BBC} URL = http://search.babylon.com/?q={searchTerms}&affID=112059&tt=100512_4_&babsrc=SP_ss&mntrId=aac26217000000000000bcaec59586b2 SearchScopes: HKCU - {54B3C5E3-DC0D-4764-A08F-51EB9BE57368} URL = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^8R&apn_dtid=^YYYYYY^YY^PL&apn_uid=875414FE-06E8-4F50-8D8C-4B1DE3886735&apn_sauid=89E3CCA7-83F9-488F-86C6-7B8CCB5054A4& SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File Toolbar: HKCU - No Name - {64D23501-5195-4224-9446-E2B0FB64E859} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{054AEEB7-0104-49F5-9221-3B38728029F6}: [NameServer]89.108.195.20 89.108.202.20 Tcpip\..\Interfaces\{B6166111-D941-4F1E-A8F8-2A49CDED2A5B}: [NameServer]89.108.202.21 89.108.195.21 FireFox: ======== FF ProfilePath: C:\Users\Gej\AppData\Roaming\Mozilla\Firefox\Profiles\tu73l03x.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Gej\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml FF Extension: BitComet Video Downloader - C:\Users\Gej\AppData\Roaming\Mozilla\Firefox\Profiles\tu73l03x.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-01-29] FF Extension: Test Pilot - C:\Users\Gej\AppData\Roaming\Mozilla\Firefox\Profiles\tu73l03x.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-07-21] FF Extension: Stylish - C:\Users\Gej\AppData\Roaming\Mozilla\Firefox\Profiles\tu73l03x.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-05-18] FF Extension: Smartest Bookmarks Bar - C:\Users\Gej\AppData\Roaming\Mozilla\Firefox\Profiles\tu73l03x.default\Extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi [2012-11-25] FF Extension: Adblock Plus - C:\Users\Gej\AppData\Roaming\Mozilla\Firefox\Profiles\tu73l03x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-05] FF Extension: Kaspersky Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-11-09] FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-11-09] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-23] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-25] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-23] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-28] CHR Extension: (Adblock Plus) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-09] CHR Extension: (Szukaj w Google) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-28] CHR Extension: (avast! Online Security) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-25] CHR Extension: (Google Wallet) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25] CHR Extension: (Extended Protection) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-02-26] CHR Extension: (Allin1Convert) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj [2014-01-27] CHR Extension: (Gmail) - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-28] CHR HKLM-x32\...\Chrome\Extension: [gdnafjfahbdfphihncgadbegiaebehio] - C:\Program Files (x86)\SquirrelWeb\gdnafjfahbdfphihncgadbegiaebehio.crx [2012-08-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-25] CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Gej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-25] (AVAST Software) S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [157424 2013-11-01] (Kromtech) R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1163568 2013-11-01] (Kromtech) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-07-07] () S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [736104 2012-06-01] (Tunngle.net GmbH) S2 Util GreyGray; "C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-25] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-25] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-04] (Disc Soft Ltd) S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [33552 2013-11-01] () S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2013-07-07] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-27] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-01] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-01] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-01] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-01] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-01] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-01] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-01] (MCCI Corporation) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [201280 2010-09-17] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 iSafeFsFlt; C:\Program Files (x86)\iSafe\iSafeFsFlt.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-11 20:07 - 2014-05-11 20:07 - 00000000 ____D () C:\Users\Gej\Downloads\FRST-OlderVersion 2014-05-10 17:41 - 2014-05-10 17:41 - 00591257 _____ () C:\Users\Gej\Downloads\ewelina.cichosz.htm 2014-05-09 20:51 - 2014-05-09 20:51 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61543plan (1).xls 2014-05-07 10:19 - 2014-05-07 10:19 - 00355635 ____N () C:\Windows\Minidump\050714-15210-01.dmp 2014-05-01 16:18 - 2014-05-01 16:19 - 00184320 _____ () C:\Users\Gej\Downloads\Hot_IMAGE_COLLECTION_001.JPG.exe 2014-04-30 13:39 - 2014-04-30 13:39 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61543plan.xls 2014-04-30 13:39 - 2014-04-30 13:39 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61062plan (2).xls 2014-04-29 14:51 - 2014-04-29 14:51 - 00542720 _____ () C:\Users\Gej\Downloads\2 (5).ppt 2014-04-29 14:50 - 2014-04-29 14:50 - 02412032 _____ () C:\Users\Gej\Downloads\Wykład.VII (2).ppt 2014-04-29 13:36 - 2014-04-29 13:36 - 02022400 _____ () C:\Users\Gej\Downloads\ZAGADNIENIA OGOLNE (1).ppt 2014-04-28 17:06 - 2014-04-28 17:06 - 00077824 _____ () C:\Users\Gej\Downloads\BEAUTIFUL_PHOTO_ALBUM.JPG.exe 2014-04-27 19:01 - 2014-04-27 19:01 - 00077834 _____ () C:\Users\Gej\Downloads\Extras.Txt 2014-04-27 18:59 - 2014-04-27 18:59 - 00107658 _____ () C:\Users\Gej\Downloads\OTL.Txt 2014-04-27 18:52 - 2014-04-27 19:01 - 00000000 ____D () C:\Users\Gej\Desktop\konrad 2014-04-27 18:51 - 2014-05-11 20:08 - 00019308 _____ () C:\Users\Gej\Downloads\FRST.txt 2014-04-27 18:51 - 2014-04-27 18:51 - 00041520 _____ () C:\Users\Gej\Downloads\Addition.txt 2014-04-27 18:50 - 2014-05-11 20:08 - 00000000 ____D () C:\FRST 2014-04-27 18:50 - 2014-05-11 20:07 - 02066944 _____ (Farbar) C:\Users\Gej\Downloads\FRST64.exe 2014-04-27 18:50 - 2014-04-27 18:50 - 00854355 _____ () C:\Users\Gej\Downloads\SecurityCheck.exe 2014-04-27 18:49 - 2014-04-27 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\Gej\Downloads\OTL.exe 2014-04-27 18:37 - 2014-04-27 18:37 - 05196309 _____ (Swearware) C:\Users\Gej\Downloads\ComboFix.exe 2014-04-27 18:37 - 2014-04-27 18:37 - 01329501 _____ () C:\Users\Gej\Downloads\AdwCleaner (1).exe 2014-04-27 18:34 - 2014-04-27 20:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-27 18:34 - 2014-04-27 18:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-27 18:34 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-27 18:34 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-27 18:34 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-27 18:33 - 2014-04-27 18:33 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gej\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-26 17:01 - 2014-04-26 17:01 - 00356851 ____N () C:\Windows\Minidump\042614-21715-01.dmp 2014-04-26 17:00 - 2014-04-26 17:00 - 00356689 ____N () C:\Windows\Minidump\042614-19905-01.dmp 2014-04-26 16:52 - 2014-04-26 16:52 - 00358216 ____N () C:\Windows\Minidump\042614-20732-01.dmp 2014-04-26 15:12 - 2014-04-26 15:12 - 00358220 ____N () C:\Windows\Minidump\042614-19812-01.dmp 2014-04-26 14:59 - 2014-04-26 15:00 - 00358198 ____N () C:\Windows\Minidump\042614-14913-01.dmp 2014-04-26 14:59 - 2014-04-26 14:59 - 00358198 ____N () C:\Windows\Minidump\042614-20046-01.dmp 2014-04-25 18:41 - 2014-04-25 18:41 - 00021416 _____ () C:\Users\Gej\Downloads\Galeria użytkownika marta zasada - nk.pl.htm 2014-04-25 11:43 - 2014-04-25 11:43 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61062plan (1).xls 2014-04-24 09:25 - 2014-04-24 10:47 - 00000000 ____D () C:\Users\Gej\Downloads\Age of Empires III Complete [all expansions and 1.14 patch] 2014-04-24 09:23 - 2014-04-24 09:23 - 00013074 _____ () C:\Users\Gej\Downloads\Age_of_Empires_3_Complete_Collection_[ENG][Torrenty.org].torrent 2014-04-17 15:26 - 2014-04-17 15:29 - 00000000 ____D () C:\ProgramData\Solidshield 2014-04-16 09:14 - 2014-04-16 09:14 - 00358230 ____N () C:\Windows\Minidump\041614-23462-01.dmp 2014-04-15 16:11 - 2014-04-15 16:11 - 00140288 _____ () C:\Users\Gej\Downloads\jezyk migowy_2.ppt 2014-04-14 07:25 - 2014-04-14 07:25 - 00000000 ____D () C:\Users\Gej\AppData\Local\Unity 2014-04-14 07:24 - 2014-04-14 07:24 - 01070496 _____ (Unity Technologies ApS) C:\Users\Gej\Downloads\UnityWebPlayer (3).exe 2014-04-14 07:24 - 2014-04-14 07:24 - 01070496 _____ (Unity Technologies ApS) C:\Users\Gej\Downloads\UnityWebPlayer (2).exe 2014-04-12 12:47 - 2014-04-12 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Gej\Downloads\UnityWebPlayer (1).exe ==================== One Month Modified Files and Folders ======= 2014-05-11 20:08 - 2014-04-27 18:51 - 00019308 _____ () C:\Users\Gej\Downloads\FRST.txt 2014-05-11 20:08 - 2014-04-27 18:50 - 00000000 ____D () C:\FRST 2014-05-11 20:08 - 2011-11-19 00:20 - 00000000 ____D () C:\Users\Gej\AppData\Roaming\uTorrent 2014-05-11 20:07 - 2014-05-11 20:07 - 00000000 ____D () C:\Users\Gej\Downloads\FRST-OlderVersion 2014-05-11 20:07 - 2014-04-27 18:50 - 02066944 _____ (Farbar) C:\Users\Gej\Downloads\FRST64.exe 2014-05-11 20:06 - 2009-07-14 19:55 - 29930168 _____ () C:\Windows\system32\perfh015.dat 2014-05-11 20:06 - 2009-07-14 19:55 - 10258978 _____ () C:\Windows\system32\perfc015.dat 2014-05-11 20:06 - 2009-07-14 07:13 - 00006574 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-11 20:05 - 2012-10-31 09:46 - 01281300 _____ () C:\Windows\WindowsUpdate.log 2014-05-11 20:04 - 2011-11-19 10:47 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4776FA6F-0BF3-44A5-BC16-BF1DCEB0E63D} 2014-05-11 20:02 - 2013-11-25 11:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-11 20:00 - 2014-01-29 10:55 - 00000398 _____ () C:\Windows\Tasks\simplitec Service Provider.job 2014-05-11 20:00 - 2012-08-28 17:48 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 19:59 - 2012-08-26 01:00 - 62308578 _____ () C:\Windows\setupact.log 2014-05-11 19:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-11 19:58 - 2011-03-03 01:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-10 17:41 - 2014-05-10 17:41 - 00591257 _____ () C:\Users\Gej\Downloads\ewelina.cichosz.htm 2014-05-09 20:51 - 2014-05-09 20:51 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61543plan (1).xls 2014-05-08 09:10 - 2012-08-28 18:39 - 00692552 _____ () C:\Windows\PFRO.log 2014-05-08 01:48 - 2012-10-31 09:45 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-08 01:46 - 2013-07-19 22:41 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875920402-2630078828-2655317071-1002UA.job 2014-05-08 01:45 - 2012-08-28 17:48 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-07 22:46 - 2013-07-19 22:41 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875920402-2630078828-2655317071-1002Core.job 2014-05-07 15:59 - 2014-01-29 11:17 - 00000378 _____ () C:\Windows\Tasks\APSnotifierCA.job 2014-05-07 10:40 - 2012-08-28 17:48 - 00004038 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-07 10:40 - 2012-08-28 17:48 - 00003786 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-07 10:28 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-07 10:28 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-07 10:20 - 2011-04-18 13:59 - 00000000 ____D () C:\Windows\Minidump 2014-05-07 10:19 - 2014-05-07 10:19 - 00355635 ____N () C:\Windows\Minidump\050714-15210-01.dmp 2014-05-04 10:28 - 2014-02-07 22:22 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-05-04 10:28 - 2014-02-07 22:22 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-05-01 21:48 - 2013-12-10 23:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-01 21:48 - 2012-10-31 09:45 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-01 21:48 - 2012-01-05 16:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-01 16:19 - 2014-05-01 16:18 - 00184320 _____ () C:\Users\Gej\Downloads\Hot_IMAGE_COLLECTION_001.JPG.exe 2014-04-30 13:39 - 2014-04-30 13:39 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61543plan.xls 2014-04-30 13:39 - 2014-04-30 13:39 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61062plan (2).xls 2014-04-29 14:51 - 2014-04-29 14:51 - 00542720 _____ () C:\Users\Gej\Downloads\2 (5).ppt 2014-04-29 14:50 - 2014-04-29 14:50 - 02412032 _____ () C:\Users\Gej\Downloads\Wykład.VII (2).ppt 2014-04-29 13:36 - 2014-04-29 13:36 - 02022400 _____ () C:\Users\Gej\Downloads\ZAGADNIENIA OGOLNE (1).ppt 2014-04-28 17:06 - 2014-04-28 17:06 - 00077824 _____ () C:\Users\Gej\Downloads\BEAUTIFUL_PHOTO_ALBUM.JPG.exe 2014-04-28 09:45 - 2013-11-25 11:20 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-27 20:07 - 2014-04-27 18:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-27 19:01 - 2014-04-27 19:01 - 00077834 _____ () C:\Users\Gej\Downloads\Extras.Txt 2014-04-27 19:01 - 2014-04-27 18:52 - 00000000 ____D () C:\Users\Gej\Desktop\konrad 2014-04-27 18:59 - 2014-04-27 18:59 - 00107658 _____ () C:\Users\Gej\Downloads\OTL.Txt 2014-04-27 18:51 - 2014-04-27 18:51 - 00041520 _____ () C:\Users\Gej\Downloads\Addition.txt 2014-04-27 18:50 - 2014-04-27 18:50 - 00854355 _____ () C:\Users\Gej\Downloads\SecurityCheck.exe 2014-04-27 18:49 - 2014-04-27 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\Gej\Downloads\OTL.exe 2014-04-27 18:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA 2014-04-27 18:42 - 2014-01-27 19:58 - 00000000 ____D () C:\Program Files (x86)\SmartTweak 2014-04-27 18:37 - 2014-04-27 18:37 - 05196309 _____ (Swearware) C:\Users\Gej\Downloads\ComboFix.exe 2014-04-27 18:37 - 2014-04-27 18:37 - 01329501 _____ () C:\Users\Gej\Downloads\AdwCleaner (1).exe 2014-04-27 18:34 - 2014-04-27 18:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-27 18:34 - 2013-11-23 14:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-27 18:33 - 2014-04-27 18:33 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gej\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-26 22:15 - 2014-02-07 22:29 - 00000000 ____D () C:\Program Files (x86)\Heroes of Might and Magic III - Zlota Edycja 2014-04-26 17:01 - 2014-04-26 17:01 - 00356851 ____N () C:\Windows\Minidump\042614-21715-01.dmp 2014-04-26 17:00 - 2014-04-26 17:00 - 00356689 ____N () C:\Windows\Minidump\042614-19905-01.dmp 2014-04-26 16:52 - 2014-04-26 16:52 - 00358216 ____N () C:\Windows\Minidump\042614-20732-01.dmp 2014-04-26 15:12 - 2014-04-26 15:12 - 00358220 ____N () C:\Windows\Minidump\042614-19812-01.dmp 2014-04-26 15:03 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-26 15:00 - 2014-04-26 14:59 - 00358198 ____N () C:\Windows\Minidump\042614-14913-01.dmp 2014-04-26 14:59 - 2014-04-26 14:59 - 00358198 ____N () C:\Windows\Minidump\042614-20046-01.dmp 2014-04-25 18:41 - 2014-04-25 18:41 - 00021416 _____ () C:\Users\Gej\Downloads\Galeria użytkownika marta zasada - nk.pl.htm 2014-04-25 11:43 - 2014-04-25 11:43 - 00180224 _____ () C:\Users\Gej\Downloads\1plan61062plan (1).xls 2014-04-24 10:47 - 2014-04-24 09:25 - 00000000 ____D () C:\Users\Gej\Downloads\Age of Empires III Complete [all expansions and 1.14 patch] 2014-04-24 09:23 - 2014-04-24 09:23 - 00013074 _____ () C:\Users\Gej\Downloads\Age_of_Empires_3_Complete_Collection_[ENG][Torrenty.org].torrent 2014-04-22 09:34 - 2014-01-19 14:27 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker.Eu 2014-04-22 09:34 - 2014-01-19 14:25 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker 2014-04-17 15:29 - 2014-04-17 15:26 - 00000000 ____D () C:\ProgramData\Solidshield 2014-04-17 15:22 - 2011-11-05 13:36 - 00000000 ____D () C:\Users\Gej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-04-16 09:14 - 2014-04-16 09:14 - 00358230 ____N () C:\Windows\Minidump\041614-23462-01.dmp 2014-04-15 16:11 - 2014-04-15 16:11 - 00140288 _____ () C:\Users\Gej\Downloads\jezyk migowy_2.ppt 2014-04-14 07:25 - 2014-04-14 07:25 - 00000000 ____D () C:\Users\Gej\AppData\Local\Unity 2014-04-14 07:24 - 2014-04-14 07:24 - 01070496 _____ (Unity Technologies ApS) C:\Users\Gej\Downloads\UnityWebPlayer (3).exe 2014-04-14 07:24 - 2014-04-14 07:24 - 01070496 _____ (Unity Technologies ApS) C:\Users\Gej\Downloads\UnityWebPlayer (2).exe 2014-04-12 12:47 - 2014-04-12 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Gej\Downloads\UnityWebPlayer (1).exe Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.5536.dll Some content of TEMP: ==================== C:\Users\Gej\AppData\Local\Temp\AutoRun.exe C:\Users\Gej\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Gej\AppData\Local\Temp\BackupSetup.exe C:\Users\Gej\AppData\Local\Temp\Cloud_Backup_Setup0.exe C:\Users\Gej\AppData\Local\Temp\distro-meta-installer0.exe C:\Users\Gej\AppData\Local\Temp\drm_dialogs.dll C:\Users\Gej\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\Gej\AppData\Local\Temp\EAD11AC.exe C:\Users\Gej\AppData\Local\Temp\EAD15A2.exe C:\Users\Gej\AppData\Local\Temp\EAD162E.exe C:\Users\Gej\AppData\Local\Temp\EAD22DB.exe C:\Users\Gej\AppData\Local\Temp\EAD2902.exe C:\Users\Gej\AppData\Local\Temp\EAD3ED3.exe C:\Users\Gej\AppData\Local\Temp\EAD4420.exe C:\Users\Gej\AppData\Local\Temp\EAD472.exe C:\Users\Gej\AppData\Local\Temp\EAD668E.exe C:\Users\Gej\AppData\Local\Temp\EAD75BB.exe C:\Users\Gej\AppData\Local\Temp\EAD7CC.exe C:\Users\Gej\AppData\Local\Temp\EAD8229.exe C:\Users\Gej\AppData\Local\Temp\EAD82D5.exe C:\Users\Gej\AppData\Local\Temp\EAD842C.exe C:\Users\Gej\AppData\Local\Temp\EAD84D8.exe C:\Users\Gej\AppData\Local\Temp\EAD8574.exe C:\Users\Gej\AppData\Local\Temp\EAD8EE6.exe C:\Users\Gej\AppData\Local\Temp\EAD902D.exe C:\Users\Gej\AppData\Local\Temp\EAD98B5.exe C:\Users\Gej\AppData\Local\Temp\EAD9B35.exe C:\Users\Gej\AppData\Local\Temp\EAD9D19.exe C:\Users\Gej\AppData\Local\Temp\EADA38E.exe C:\Users\Gej\AppData\Local\Temp\EADACF1.exe C:\Users\Gej\AppData\Local\Temp\EADADAC.exe C:\Users\Gej\AppData\Local\Temp\EADAF70.exe C:\Users\Gej\AppData\Local\Temp\EADAF80.exe C:\Users\Gej\AppData\Local\Temp\EADB328.exe C:\Users\Gej\AppData\Local\Temp\EADB3D3.exe C:\Users\Gej\AppData\Local\Temp\EADB598.exe C:\Users\Gej\AppData\Local\Temp\EADB663.exe C:\Users\Gej\AppData\Local\Temp\EADBBCF.exe C:\Users\Gej\AppData\Local\Temp\EADBBDF.exe C:\Users\Gej\AppData\Local\Temp\EADBEAC.exe C:\Users\Gej\AppData\Local\Temp\EADC1A9.exe C:\Users\Gej\AppData\Local\Temp\EADC37D.exe C:\Users\Gej\AppData\Local\Temp\EADC39C.exe C:\Users\Gej\AppData\Local\Temp\EADC5DD.exe C:\Users\Gej\AppData\Local\Temp\EADC908.exe C:\Users\Gej\AppData\Local\Temp\EADC9D.exe C:\Users\Gej\AppData\Local\Temp\EADCB3A.exe C:\Users\Gej\AppData\Local\Temp\EADCC05.exe C:\Users\Gej\AppData\Local\Temp\EADCC14.exe C:\Users\Gej\AppData\Local\Temp\EADCC81.exe C:\Users\Gej\AppData\Local\Temp\EADD25B.exe C:\Users\Gej\AppData\Local\Temp\EADD3A3.exe C:\Users\Gej\AppData\Local\Temp\EADD3B2.exe C:\Users\Gej\AppData\Local\Temp\EADD7D7.exe C:\Users\Gej\AppData\Local\Temp\EADDC88.exe C:\Users\Gej\AppData\Local\Temp\EADDCC7.exe C:\Users\Gej\AppData\Local\Temp\EADDDA1.exe C:\Users\Gej\AppData\Local\Temp\EADE011.exe C:\Users\Gej\AppData\Local\Temp\EADE04F.exe C:\Users\Gej\AppData\Local\Temp\EADE0DC.exe C:\Users\Gej\AppData\Local\Temp\EADE36B.exe C:\Users\Gej\AppData\Local\Temp\EADE36C.exe C:\Users\Gej\AppData\Local\Temp\EADE5FA.exe C:\Users\Gej\AppData\Local\Temp\EADE60A.exe C:\Users\Gej\AppData\Local\Temp\EADEB47.exe C:\Users\Gej\AppData\Local\Temp\EADEBF.exe C:\Users\Gej\AppData\Local\Temp\EADEBF3.exe C:\Users\Gej\AppData\Local\Temp\EADEFBA.exe C:\Users\Gej\AppData\Local\Temp\EADF890.exe C:\Users\Gej\AppData\Local\Temp\EADF8A.exe C:\Users\Gej\AppData\Local\Temp\EADFA36.exe C:\Users\Gej\AppData\Local\Temp\EADFBBC.exe C:\Users\Gej\AppData\Local\Temp\EADFD13.exe C:\Users\Gej\AppData\Local\Temp\EADFD22.exe C:\Users\Gej\AppData\Local\Temp\EADFDAF.exe C:\Users\Gej\AppData\Local\Temp\EAInstall.dll C:\Users\Gej\AppData\Local\Temp\FixMyRegistry.exe C:\Users\Gej\AppData\Local\Temp\gg10.upgr.exe C:\Users\Gej\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe C:\Users\Gej\AppData\Local\Temp\MatroskaSplitter.exe C:\Users\Gej\AppData\Local\Temp\NEventMessages.dll C:\Users\Gej\AppData\Local\Temp\plus-hd-4-9.exe C:\Users\Gej\AppData\Local\Temp\Quarantine.exe C:\Users\Gej\AppData\Local\Temp\Softonic_PL_1-5-6.exe C:\Users\Gej\AppData\Local\Temp\SpeedUpMyComputer.exe C:\Users\Gej\AppData\Local\Temp\uttB2C0.tmp.exe C:\Users\Gej\AppData\Local\Temp\_dxinst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-03 10:12 ==================== End Of Log ============================