Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by agrawa (administrator) on AGRAWA-KOMPUTER on 26-05-2014 10:47:06 Running from C:\Users\agrawa\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (ASUS) C:\Windows\AsScrPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [tuto4pc_pl_16] => [X] HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] () HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [501112 2012-02-29] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-26] (AVAST Software) HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\MountPoints2: H - H:\AutoRun.exe HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\MountPoints2: J - J:\AutoRun.exe HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\MountPoints2: {1df6154e-bbc6-11e3-8681-485b393cf8d3} - J:\AutoRun.exe HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\MountPoints2: {23e9264a-fde0-11e2-9d04-1c4bd6c455c7} - J:\AutoRun.exe HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\MountPoints2: {5fdaac9c-0a76-11e3-bc03-00a0c6000000} - K:\Startme.exe HKU\S-1-5-21-451162146-2078016651-3158051376-1000\...\MountPoints2: {86fd9039-bc1e-11e3-9cbf-485b393cf8d3} - J:\AutoRun.exe AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll [4229120 2014-01-24] () AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll" File Not Found AppInit_DLLs-x32: c:\users\agrawa\appdata\local\dprotect\ebp.dll => "c:\users\agrawa\appdata\local\dprotect\ebp.dll" File Not Found AppInit_DLLs-x32: ,c:\users\agrawa\appdata\local\dprotect\ebpsd.dll => "c:\users\agrawa\appdata\local\dprotect\ebpsd.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.toolksearchbook.info/?pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?babsrc=HP_ss_btis2&mntrId=843D00A0C6000000&affID=121828&tsp=4995 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.toolksearchbook.info/?pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46 SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} SearchScopes: HKCU - URL http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_btis2&mntrId=843D00A0C6000000&affID=121828&tsp=4995 SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1390584799&from=amt&uid=ST9500325AS_6VE632G1XXXX6VE632G1&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46 BHO: greaitsaveer - {12885D0A-1982-AE82-A287-5D97C7A0BD21} - C:\Program Files (x86)\greaitsaveer\Q8opNfBn.x64.dll () BHO: SNT - {275F5ABD-620F-F473-BC3D-D2EADA166104} - C:\Program Files (x86)\SNT\tTyXdyhv.x64.dll () BHO: YoutubeAdblocker - {34AE7789-06C2-25A0-CD62-747E38DE2CC0} - C:\Program Files (x86)\YoutubeAdblocker\ljCdZWtjl.x64.dll () BHO: SNT - {753278AB-E8F5-1C90-9873-FB03975BBBDF} - C:\Program Files (x86)\SNT\KESJRup.x64.dll () BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: greaTsaVVer - {AAAA7408-36A2-8C35-AFE1-B887370F86AF} - C:\Program Files (x86)\greaTsaVVer\0VBOWh.x64.dll () BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Tcpip\..\Interfaces\{9DC34E51-2DC6-4B05-B9E6-13D78F28E3D8}: [NameServer]194.204.152.34,194.204.159.1 FireFox: ======== FF ProfilePath: C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354 FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF Homepage: https://www.google.pl/ FF Keyword.URL: hxxp://websearch.toolksearchbook.info/?pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\searchplugins\WebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\awesomehp.xml FF Extension: Lightning Speed Dial - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\lightningnewtab@gmail.com [2014-02-24] FF Extension: greaTsaver - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\m2ytl2cjdl@msmkcmpog.org [2014-01-24] FF Extension: greaitsaveer - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\oznoo_ioai@eyitpue.co.uk [2014-01-24] FF Extension: YoutubeAdblocker - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\pdkw.ivbz2@eyiyy-ak.co.uk [2014-01-24] FF Extension: BieistiSaveaForrYeoUU - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\pvlm_zlii@dqtacgu.org [2014-03-07] FF Extension: BaliockTheAdAApip - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\uy-fz6@ehxnxvra.edu [2014-02-03] FF Extension: SNT - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\wp_wwi@cxvlx-.net [2014-01-24] FF Extension: SNT - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\z2_oi@oiouy-jlxv.com [2014-01-24] FF Extension: Extension_Protected - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-24] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\agrawa\AppData\Roaming\Mozilla\Firefox\Profiles\ka8uy78n.default-1388216266354\extensions\lightningnewtab@gmail.com.xpi FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha6312.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha6312\ff FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha6312\ff [2014-02-10] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1487.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1487\ff FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1487\ff [2014-02-24] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3675.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3675\ff FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3675\ff [2014-02-28] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3044.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3044\ff FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3044\ff [2014-03-16] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home812.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home812\ff FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home812\ff [2014-03-23] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode1789.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1789\ff FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1789\ff [2014-04-26] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-26] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [eran@whoislive.com] - C:\Users\agrawa\AppData\Local\Temp\whoislive.xpi FF Extension: No Name - C:\Users\agrawa\AppData\Local\Temp\whoislive.xpi [2014-03-08] Chrome: ======= CHR DefaultSearchKeyword: websearch CHR DefaultSearchProvider: WebSearch CHR DefaultSearchURL: http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1917&r=2014/01/24&hid=6931636282687209828&lg=EN&cc=PL&unqvl=46 CHR DefaultNewTabURL: CHR Extension: (Media View) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\caonpmpelmcofdfdfbbeakchijokfcla [2014-03-16] CHR Extension: (Whoislive) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdkkghemjaackpnodiacedfadojaboh [2014-03-16] CHR Extension: (BieistiSaveaForrYeoUU) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhminfedhgngohgjijbecomlhhdahfnm [2014-03-07] CHR Extension: (Media Viewer) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjgahjefnklbmfipfdedkgnacknomeg [2014-02-24] CHR Extension: (avast! Online Security) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-27] CHR Extension: (Media View) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglenfadobliaeejkpfkpdgkhjjcikoe [2014-02-28] CHR Extension: (Media Buzz) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mckopchneaecndnjkhiaepfacghpfoek [2014-04-26] CHR Extension: (Google Wallet) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25] CHR Extension: (Media Watch) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okoacgcofjacbllebfkmmbaeochckcaa [2014-03-23] CHR Extension: (Quick Start) - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-01-25] CHR HKLM-x32\...\Chrome\Extension: [caonpmpelmcofdfdfbbeakchijokfcla] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3044\ch\MediaViewV1alpha3044.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [ccncljhbalbbkkfgopogabimepmfkmff] - C:\Program Files (x86)\BatBrowse\ccncljhbalbbkkfgopogabimepmfkmff.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [cfdkkghemjaackpnodiacedfadojaboh] - C:\Users\agrawa\AppData\Local\Temp\whoislive.crx [2014-03-08] CHR HKLM-x32\...\Chrome\Extension: [gkjgahjefnklbmfipfdedkgnacknomeg] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1487\ch\MediaViewerV1alpha1487.crx [2014-02-23] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-26] CHR HKLM-x32\...\Chrome\Extension: [lglenfadobliaeejkpfkpdgkhjjcikoe] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3675\ch\MediaViewV1alpha3675.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [mckopchneaecndnjkhiaepfacghpfoek] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1789\ch\MediaBuzzV1mode1789.crx [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [okoacgcofjacbllebfkmmbaeochckcaa] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home812\ch\MediaWatchV1home812.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\agrawa\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-24] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software) R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-08-04] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () S2 Update BatBrowse; C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe [317728 2014-05-13] () R2 Util BatBrowse; C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe [317728 2014-05-09] () R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-24] (Cherished Technololgy LIMITED) S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X] S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-26] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-26] () R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib) S3 ipswuio; System32\DRIVERS\ipswuio.sys [X] U3 tmlwf; U3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-26 10:47 - 2014-05-26 10:47 - 00024752 _____ () C:\Users\agrawa\Desktop\FRST.txt 2014-05-26 10:46 - 2014-05-26 10:47 - 00000000 ____D () C:\FRST 2014-05-26 10:43 - 2014-05-26 10:38 - 02066944 _____ (Farbar) C:\Users\agrawa\Desktop\FRST64.exe 2014-05-26 10:43 - 2014-05-26 10:38 - 00602112 _____ (OldTimer Tools) C:\Users\agrawa\Desktop\OTL.exe 2014-05-26 10:38 - 2014-05-26 10:38 - 00380416 _____ () C:\Users\agrawa\Desktop\umr1zny3.exe 2014-05-14 05:09 - 2014-05-14 05:09 - 00042767 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Batman- Arkham Origins (2013) [RF] [PL] [LT3.0].torrent 2014-05-13 05:19 - 2014-05-13 05:19 - 00038207 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Damnation.PAL.XBOX360-SWAG.torrent 2014-05-06 05:14 - 2014-05-22 05:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 05:07 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 05:07 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-04 09:13 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-04 09:13 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-04 09:13 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-04 09:13 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 __SHD () C:\Users\agrawa\AppData\Local\EmieUserList 2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 __SHD () C:\Users\agrawa\AppData\Local\EmieSiteList 2014-05-03 13:54 - 2014-05-03 18:58 - 00000000 ____D () C:\Program Files\HWiNFO64 2014-05-03 13:54 - 2014-05-03 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2014-05-01 16:42 - 2014-05-01 16:42 - 00015183 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Windows 8.1 AIO (x86.x64) marzec 2014 winclub PL.torrent 2014-05-01 14:56 - 2014-05-01 14:57 - 34121199 _____ () C:\Users\agrawa\Downloads\Novicorp%20WinToFlash%200.8.0009%20beta%20Portable.zip 2014-04-27 15:50 - 2014-04-27 15:50 - 00020071 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] The Walking Dead (Episode 1-5) 400 Days -2012-(RUS-ENG PL) [Repack R.G. Catalyst][EXE].torrent 2014-04-27 15:39 - 2014-04-27 15:39 - 00028582 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Czarna lista - The Blacklist [S01E18] [HDTV] [XviD-FUM] [ENG] (1).torrent 2014-04-27 15:38 - 2014-04-27 15:38 - 00028698 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Czarna lista - The Blacklist [S01E19] [HDTV] [XviD-FUM] [ENG].torrent 2014-04-27 15:11 - 2014-04-27 15:11 - 00884680 _____ (Google Inc.) C:\Users\agrawa\Downloads\ChromeSetup.exe 2014-04-27 15:03 - 2014-04-27 15:03 - 00283168 _____ (Mozilla) C:\Users\agrawa\Downloads\Firefox Setup Stub 28.0 (2).exe 2014-04-27 15:03 - 2014-04-27 15:03 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-27 15:03 - 2014-04-27 15:03 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-27 15:03 - 2014-04-27 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-27 15:02 - 2014-04-27 15:02 - 00283168 _____ (Mozilla) C:\Users\agrawa\Downloads\Firefox Setup Stub 28.0 (1).exe 2014-04-27 15:01 - 2014-04-27 15:01 - 00283168 _____ (Mozilla) C:\Users\agrawa\Downloads\Firefox Setup Stub 28.0.exe 2014-04-26 16:05 - 2014-04-26 16:05 - 00000000 ____D () C:\Users\agrawa\AppData\Roaming\AVAST Software 2014-04-26 16:04 - 2014-05-22 20:24 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-26 16:04 - 2014-05-22 20:24 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-26 16:04 - 2014-05-22 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-04-26 16:04 - 2014-04-26 16:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-26 16:04 - 2014-04-26 16:04 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-26 16:03 - 2014-04-26 16:03 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-26 15:59 - 2014-04-26 16:02 - 88551496 _____ (AVAST Software) C:\Users\agrawa\Downloads\avast_free_antivirus_setup (2).exe 2014-04-26 12:51 - 2014-04-26 12:51 - 00015662 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Avast_FULL_Version_PL.torrent 2014-04-26 06:18 - 2014-04-26 06:18 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1 ==================== One Month Modified Files and Folders ======= 2014-05-26 10:47 - 2014-05-26 10:47 - 00024752 _____ () C:\Users\agrawa\Desktop\FRST.txt 2014-05-26 10:47 - 2014-05-26 10:46 - 00000000 ____D () C:\FRST 2014-05-26 10:46 - 2009-07-14 06:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-26 10:46 - 2009-07-14 06:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-26 10:43 - 2011-02-04 19:20 - 00740672 _____ () C:\Windows\system32\perfh015.dat 2014-05-26 10:43 - 2011-02-04 19:20 - 00156214 _____ () C:\Windows\system32\perfc015.dat 2014-05-26 10:43 - 2009-07-14 07:13 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-26 10:41 - 2009-07-14 06:51 - 00065577 _____ () C:\Windows\setupact.log 2014-05-26 10:38 - 2014-05-26 10:43 - 02066944 _____ (Farbar) C:\Users\agrawa\Desktop\FRST64.exe 2014-05-26 10:38 - 2014-05-26 10:43 - 00602112 _____ (OldTimer Tools) C:\Users\agrawa\Desktop\OTL.exe 2014-05-26 10:38 - 2014-05-26 10:38 - 00380416 _____ () C:\Users\agrawa\Desktop\umr1zny3.exe 2014-05-26 10:35 - 2013-08-04 14:24 - 01858212 _____ () C:\Windows\WindowsUpdate.log 2014-05-26 10:21 - 2014-01-24 19:33 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-05-26 10:20 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\agrawa\AppData\Local\Htc 2014-05-26 10:19 - 2014-01-24 19:51 - 00000462 ____H () C:\Windows\Tasks\GS-Enabler-S-993492499.job 2014-05-26 10:19 - 2013-12-25 20:11 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-26 10:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-22 20:26 - 2009-07-14 04:34 - 00000603 _____ () C:\Windows\win.ini 2014-05-22 20:24 - 2014-04-26 16:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-22 20:24 - 2014-04-26 16:04 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-05-22 20:24 - 2013-12-25 20:11 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-22 20:23 - 2013-08-04 17:34 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-22 05:00 - 2014-05-06 05:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-22 05:00 - 2014-04-26 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-05-22 05:00 - 2014-04-04 19:30 - 00000000 ____D () C:\Users\agrawa\AppData\Roaming\Plus Internet 2014-05-22 05:00 - 2014-01-26 19:24 - 00000000 ____D () C:\ProgramData\P4G 2014-05-22 05:00 - 2013-10-25 19:31 - 00000000 ____D () C:\Program Files (x86)\BatBrowse 2014-05-22 05:00 - 2013-08-04 20:05 - 00000000 ___RD () C:\Users\agrawa\Podcasts 2014-05-22 05:00 - 2013-08-04 17:34 - 00000000 ____D () C:\Windows\system32\Macromed 2014-05-22 05:00 - 2013-08-04 16:17 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-22 05:00 - 2013-08-04 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-22 05:00 - 2013-08-04 14:42 - 00000000 ____D () C:\Users\agrawa\AppData\Roaming\IrfanView 2014-05-22 05:00 - 2013-08-04 14:38 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-05-22 05:00 - 2013-08-04 14:29 - 00000000 ___RD () C:\Users\agrawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-22 05:00 - 2013-08-04 14:29 - 00000000 ___RD () C:\Users\agrawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-22 05:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-22 05:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-05-22 05:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-05-22 04:58 - 2013-08-04 16:03 - 00000000 ___RD () C:\Users\agrawa\Desktop\skroty 2014-05-21 19:16 - 2013-08-04 14:29 - 00000000 ____D () C:\Users\agrawa 2014-05-15 20:22 - 2013-08-04 16:24 - 00000000 ____D () C:\Users\agrawa\AppData\Local\Ares 2014-05-14 12:05 - 2013-08-04 17:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 12:05 - 2013-08-04 17:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 12:05 - 2013-08-04 17:34 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 05:09 - 2014-05-14 05:09 - 00042767 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Batman- Arkham Origins (2013) [RF] [PL] [LT3.0].torrent 2014-05-13 05:19 - 2014-05-13 05:19 - 00038207 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Damnation.PAL.XBOX360-SWAG.torrent 2014-05-08 05:07 - 2014-01-24 19:51 - 00000000 ____D () C:\Program Files (x86)\GS-Enabler 2014-05-08 05:01 - 2014-01-24 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobogenie 2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 __SHD () C:\Users\agrawa\AppData\Local\EmieUserList 2014-05-03 19:12 - 2014-05-03 19:12 - 00000000 __SHD () C:\Users\agrawa\AppData\Local\EmieSiteList 2014-05-03 18:58 - 2014-05-03 13:54 - 00000000 ____D () C:\Program Files\HWiNFO64 2014-05-03 18:58 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-05-03 13:54 - 2014-05-03 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2014-05-01 16:42 - 2014-05-01 16:42 - 00015183 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Windows 8.1 AIO (x86.x64) marzec 2014 winclub PL.torrent 2014-05-01 14:57 - 2014-05-01 14:56 - 34121199 _____ () C:\Users\agrawa\Downloads\Novicorp%20WinToFlash%200.8.0009%20beta%20Portable.zip 2014-04-29 16:01 - 2014-05-04 09:13 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-04 09:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-04 09:13 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-04 09:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-27 15:50 - 2014-04-27 15:50 - 00020071 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] The Walking Dead (Episode 1-5) 400 Days -2012-(RUS-ENG PL) [Repack R.G. Catalyst][EXE].torrent 2014-04-27 15:39 - 2014-04-27 15:39 - 00028582 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Czarna lista - The Blacklist [S01E18] [HDTV] [XviD-FUM] [ENG] (1).torrent 2014-04-27 15:38 - 2014-04-27 15:38 - 00028698 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Czarna lista - The Blacklist [S01E19] [HDTV] [XviD-FUM] [ENG].torrent 2014-04-27 15:23 - 2013-10-06 04:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-27 15:11 - 2014-04-27 15:11 - 00884680 _____ (Google Inc.) C:\Users\agrawa\Downloads\ChromeSetup.exe 2014-04-27 15:11 - 2013-12-25 20:11 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-27 15:11 - 2013-12-25 20:11 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-27 15:03 - 2014-04-27 15:03 - 00283168 _____ (Mozilla) C:\Users\agrawa\Downloads\Firefox Setup Stub 28.0 (2).exe 2014-04-27 15:03 - 2014-04-27 15:03 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-27 15:03 - 2014-04-27 15:03 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-27 15:03 - 2014-04-27 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-27 15:02 - 2014-04-27 15:02 - 00283168 _____ (Mozilla) C:\Users\agrawa\Downloads\Firefox Setup Stub 28.0 (1).exe 2014-04-27 15:01 - 2014-04-27 15:01 - 00283168 _____ (Mozilla) C:\Users\agrawa\Downloads\Firefox Setup Stub 28.0.exe 2014-04-26 17:55 - 2010-11-21 05:47 - 01062280 _____ () C:\Windows\PFRO.log 2014-04-26 16:05 - 2014-04-26 16:05 - 00000000 ____D () C:\Users\agrawa\AppData\Roaming\AVAST Software 2014-04-26 16:04 - 2014-04-26 16:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-26 16:04 - 2014-04-26 16:04 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-26 16:04 - 2014-04-26 16:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-26 16:03 - 2014-04-26 16:03 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-26 16:03 - 2013-12-25 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-26 16:02 - 2014-04-26 15:59 - 88551496 _____ (AVAST Software) C:\Users\agrawa\Downloads\avast_free_antivirus_setup (2).exe 2014-04-26 12:51 - 2014-04-26 12:51 - 00015662 _____ () C:\Users\agrawa\Downloads\[www.tnt24.info] Avast_FULL_Version_PL.torrent 2014-04-26 09:04 - 2013-12-25 15:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-04-26 06:18 - 2014-04-26 06:18 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1 2014-04-26 06:18 - 2014-02-01 10:47 - 00000266 __RSH () C:\ProgramData\ntuser.pol Some content of TEMP: ==================== C:\Users\agrawa\AppData\Local\Temp\65258uninstall.exe C:\Users\agrawa\AppData\Local\Temp\applinstall.exe C:\Users\agrawa\AppData\Local\Temp\atl80.dll C:\Users\agrawa\AppData\Local\Temp\avgnt.exe C:\Users\agrawa\AppData\Local\Temp\DivXSetup.exe C:\Users\agrawa\AppData\Local\Temp\downloader.dll C:\Users\agrawa\AppData\Local\Temp\drm_dialogs.dll C:\Users\agrawa\AppData\Local\Temp\drm_dyndata_7390006.dll C:\Users\agrawa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvqagwi.dll C:\Users\agrawa\AppData\Local\Temp\GoogleSetup.exe C:\Users\agrawa\AppData\Local\Temp\ICReinstall_Setup.exe C:\Users\agrawa\AppData\Local\Temp\InstHelper.exe C:\Users\agrawa\AppData\Local\Temp\libexpat.dll C:\Users\agrawa\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\agrawa\AppData\Local\Temp\mfc80.dll C:\Users\agrawa\AppData\Local\Temp\mfc80u.dll C:\Users\agrawa\AppData\Local\Temp\mfcm80.dll C:\Users\agrawa\AppData\Local\Temp\mfcm80u.dll C:\Users\agrawa\AppData\Local\Temp\msvcm80.dll C:\Users\agrawa\AppData\Local\Temp\msvcp80.dll C:\Users\agrawa\AppData\Local\Temp\msvcr80.dll C:\Users\agrawa\AppData\Local\Temp\nlsdl.dll C:\Users\agrawa\AppData\Local\Temp\setup_3.2.20.exe C:\Users\agrawa\AppData\Local\Temp\sfamcc00001.dll C:\Users\agrawa\AppData\Local\Temp\sfextra.dll C:\Users\agrawa\AppData\Local\Temp\Softonic_PL_1-5-4_PL-Production_10_CleanRelease.exe C:\Users\agrawa\AppData\Local\Temp\sonarinst.exe C:\Users\agrawa\AppData\Local\Temp\Sqlite3.dll C:\Users\agrawa\AppData\Local\Temp\t.dll C:\Users\agrawa\AppData\Local\Temp\TmDbg32.dll C:\Users\agrawa\AppData\Local\Temp\tmdbg64.dll C:\Users\agrawa\AppData\Local\Temp\uninst1.exe C:\Users\agrawa\AppData\Local\Temp\xmlUpdater.exe C:\Users\agrawa\AppData\Local\Temp\_is4985.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 10:40 ==================== End Of Log ============================