Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by N56 (administrator) on ASUS on 15-06-2014 14:39:35 Running from C:\Users\N56\Downloads Platform: Windows 8 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-08-05] (ASUSTeK Computer Inc.) HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-08-05] (AsusTek) HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-08-05] (ASUSTeK Computer Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3266428116-4215170198-3631075106-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3266428116-4215170198-3631075106-1001\...\MountPoints2: {15a70ca6-a374-11e2-be66-806e6f6e6963} - "E:\AsInsWiz.exe" HKU\S-1-5-21-3266428116-4215170198-3631075106-1001\...\MountPoints2: {495c64e5-903d-11e3-bea9-685d43d82f29} - "F:\AutoRun.exe" HKU\S-1-5-21-3266428116-4215170198-3631075106-1001\...\MountPoints2: {9456359c-89f4-11e3-bea9-685d43d82f29} - "F:\AutoRun.exe" HKU\S-1-5-21-3266428116-4215170198-3631075106-1001\...\MountPoints2: {979677c1-466a-11e3-be95-685d43d82f29} - "G:\AutoRun.exe" HKU\S-1-5-21-3266428116-4215170198-3631075106-1001\...\MountPoints2: {97967839-466a-11e3-be95-685d43d82f29} - "F:\AutoRun.exe" HKU\S-1-5-21-3266428116-4215170198-3631075106-1004\...\MountPoints2: {15a70ca6-a374-11e2-be66-806e6f6e6963} - "E:\AsInsWiz.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation) BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDA26E873653CF01 SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\N56\AppData\Roaming\Mozilla\Firefox\Profiles\eczi0toa.default FF NewTab: hxxp://www.google.com FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\N56\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: BetterPrivacy - C:\Users\N56\AppData\Roaming\Mozilla\Firefox\Profiles\eczi0toa.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-05-05] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.com" CHR DefaultSearchKeyword: google CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Dokumenty Google) - C:\Users\N56\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10] CHR Extension: (Dysk Google) - C:\Users\N56\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10] CHR Extension: (YouTube) - C:\Users\N56\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10] CHR Extension: (Szukaj w Google) - C:\Users\N56\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10] CHR Extension: (Google Wallet) - C:\Users\N56\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10] CHR Extension: (Gmail) - C:\Users\N56\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10] ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [50848 2012-08-05] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-10] () S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [43520 2014-04-22] (Elex do Brasil Participações Ltda) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284448 2013-04-08] (NVIDIA Corporation) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S3 ASUSProcObsrv; \??\E:\I386\AsPrOb64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-15 14:39 - 2014-06-15 14:42 - 00016658 _____ () C:\Users\N56\Downloads\FRST.txt 2014-06-15 14:39 - 2014-06-15 14:39 - 00000000 ____D () C:\FRST 2014-06-15 14:38 - 2014-06-15 14:38 - 02081792 _____ (Farbar) C:\Users\N56\Downloads\FRST64.exe 2014-06-14 17:57 - 2014-06-14 17:57 - 02347384 _____ (ESET) C:\Users\N56\Downloads\esetsmartinstaller_plk.exe 2014-06-11 15:51 - 2014-06-11 15:51 - 00002426 _____ () C:\Windows\System32\Tasks\0214dUpdateInfo 2014-06-10 15:31 - 2014-06-10 15:31 - 00000000 ____D () C:\Users\N56\AppData\Roaming\AVG2014 2014-06-10 15:30 - 2014-06-11 15:49 - 00000000 ____D () C:\ProgramData\AVG2014 2014-06-10 15:30 - 2014-06-10 15:30 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ___HD () C:\$AVG 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ____D () C:\Users\N56\AppData\Roaming\TuneUp Software 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-06-10 15:28 - 2014-06-15 09:30 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-10 15:28 - 2014-06-11 22:02 - 00000000 ____D () C:\Users\N56\AppData\Local\Avg2014 2014-06-10 15:28 - 2014-06-10 15:28 - 00000000 ____D () C:\Users\N56\AppData\Local\MFAData 2014-06-10 15:26 - 2014-06-10 15:28 - 164819976 _____ (AVG Technologies) C:\Users\N56\Downloads\avg_free_x64_all_2014_4592a7484.exe 2014-06-10 15:24 - 2014-02-13 20:18 - 00000426 _____ () C:\AVScanner.ini 2014-06-10 15:22 - 2014-06-10 15:22 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-06-10 15:20 - 2014-06-10 15:20 - 00228340 _____ () C:\Windows\system32\.crusader 2014-06-10 15:09 - 2014-06-10 15:20 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-10 15:08 - 2014-06-10 15:08 - 10971424 _____ (SurfRight B.V.) C:\Users\N56\Downloads\HitmanPro_x64.exe 2014-06-10 15:02 - 2014-06-10 15:04 - 00000000 ____D () C:\AdwCleaner 2014-06-10 14:58 - 2014-06-10 15:00 - 01326205 _____ () C:\Users\N56\Downloads\AdwCleaner.exe 2014-06-04 19:41 - 2014-06-04 19:41 - 00000000 ____D () C:\Users\N56\Desktop\Zdjęcia Telefon Asia 2014-06-04 19:34 - 2014-06-10 15:02 - 00001661 _____ () C:\Windows\setupact.log 2014-06-04 19:34 - 2014-06-04 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2014-06-04 19:34 - 2014-06-04 19:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-04 19:01 - 2014-05-01 22:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-04 19:01 - 2014-05-01 22:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-02 19:45 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-06-02 19:45 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-06-02 19:09 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-06-02 19:09 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-06-02 18:48 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-06-01 16:00 - 2014-06-01 16:00 - 00016554 _____ () C:\Users\N56\Downloads\index (2).php 2014-06-01 15:43 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-06-01 15:43 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-06-01 15:43 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-06-01 15:43 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-06-01 15:43 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-06-01 15:43 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-06-01 15:43 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-06-01 15:43 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-06-01 15:43 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-06-01 15:43 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-06-01 15:43 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-06-01 15:43 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-06-01 15:43 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-06-01 15:43 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-06-01 15:43 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-06-01 15:43 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-06-01 15:43 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-06-01 15:43 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-06-01 15:43 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2014-06-01 15:43 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-01 15:43 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-06-01 15:43 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-06-01 15:43 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-06-01 15:43 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-06-01 15:43 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-06-01 15:43 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-06-01 15:43 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-06-01 15:43 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-06-01 15:43 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-06-01 15:43 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-06-01 15:43 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-06-01 15:43 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-06-01 15:43 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-06-01 15:43 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-06-01 15:43 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-06-01 09:42 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-06-01 09:42 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2014-06-01 09:42 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2014-06-01 09:42 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-06-01 09:42 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-06-01 09:42 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-06-01 09:42 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-06-01 09:42 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-06-01 09:42 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys 2014-05-19 21:05 - 2014-05-19 21:05 - 00001836 _____ () C:\Users\N56\Downloads\index (1).php 2014-05-16 21:58 - 2014-05-16 21:58 - 00018544 _____ () C:\Users\N56\Downloads\pobrane.gz 2014-05-16 19:56 - 2014-05-16 19:57 - 00031979 _____ () C:\Users\N56\Downloads\pobrane ==================== One Month Modified Files and Folders ======= 2014-06-15 14:42 - 2014-06-15 14:39 - 00016658 _____ () C:\Users\N56\Downloads\FRST.txt 2014-06-15 14:42 - 2013-04-12 09:29 - 00000000 ____D () C:\Users\N56\AppData\Local\Temp 2014-06-15 14:39 - 2014-06-15 14:39 - 00000000 ____D () C:\FRST 2014-06-15 14:38 - 2014-06-15 14:38 - 02081792 _____ (Farbar) C:\Users\N56\Downloads\FRST64.exe 2014-06-15 14:25 - 2014-02-10 18:12 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-15 14:24 - 2013-04-12 09:37 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-15 14:24 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-15 10:26 - 2014-04-08 22:09 - 01699694 _____ () C:\Windows\WindowsUpdate.log 2014-06-15 10:23 - 2012-07-26 11:51 - 00794946 _____ () C:\Windows\system32\perfh015.dat 2014-06-15 10:23 - 2012-07-26 11:51 - 00159530 _____ () C:\Windows\system32\perfc015.dat 2014-06-15 10:23 - 2012-07-26 09:28 - 01793398 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-15 10:03 - 2013-04-12 18:31 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-15 10:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-06-15 09:49 - 2014-02-10 18:12 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-15 09:43 - 2014-05-05 20:59 - 00333374 _____ () C:\Windows\PFRO.log 2014-06-15 09:30 - 2014-06-10 15:28 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-14 19:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-06-14 18:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-06-14 17:57 - 2014-06-14 17:57 - 02347384 _____ (ESET) C:\Users\N56\Downloads\esetsmartinstaller_plk.exe 2014-06-14 07:36 - 2013-04-12 09:37 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp 2014-06-12 21:52 - 2014-02-10 18:13 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-11 23:45 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-06-11 22:02 - 2014-06-10 15:28 - 00000000 ____D () C:\Users\N56\AppData\Local\Avg2014 2014-06-11 15:51 - 2014-06-11 15:51 - 00002426 _____ () C:\Windows\System32\Tasks\0214dUpdateInfo 2014-06-11 15:49 - 2014-06-10 15:30 - 00000000 ____D () C:\ProgramData\AVG2014 2014-06-10 15:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-06-10 15:31 - 2014-06-10 15:31 - 00000000 ____D () C:\Users\N56\AppData\Roaming\AVG2014 2014-06-10 15:30 - 2014-06-10 15:30 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ___HD () C:\$AVG 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ____D () C:\Users\N56\AppData\Roaming\TuneUp Software 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-06-10 15:30 - 2014-06-10 15:30 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-06-10 15:30 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-06-10 15:28 - 2014-06-10 15:28 - 00000000 ____D () C:\Users\N56\AppData\Local\MFAData 2014-06-10 15:28 - 2014-06-10 15:26 - 164819976 _____ (AVG Technologies) C:\Users\N56\Downloads\avg_free_x64_all_2014_4592a7484.exe 2014-06-10 15:23 - 2014-04-14 20:24 - 00002980 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-06-10 15:22 - 2014-06-10 15:22 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-06-10 15:22 - 2014-02-10 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-10 15:20 - 2014-06-10 15:20 - 00228340 _____ () C:\Windows\system32\.crusader 2014-06-10 15:20 - 2014-06-10 15:09 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-10 15:08 - 2014-06-10 15:08 - 10971424 _____ (SurfRight B.V.) C:\Users\N56\Downloads\HitmanPro_x64.exe 2014-06-10 15:04 - 2014-06-10 15:02 - 00000000 ____D () C:\AdwCleaner 2014-06-10 15:02 - 2014-06-04 19:34 - 00001661 _____ () C:\Windows\setupact.log 2014-06-10 15:00 - 2014-06-10 14:58 - 01326205 _____ () C:\Users\N56\Downloads\AdwCleaner.exe 2014-06-04 19:41 - 2014-06-04 19:41 - 00000000 ____D () C:\Users\N56\Desktop\Zdjęcia Telefon Asia 2014-06-04 19:34 - 2014-06-04 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2014-06-04 19:34 - 2014-06-04 19:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-04 19:02 - 2013-04-12 09:30 - 00000000 ___RD () C:\Users\N56\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-04 19:02 - 2013-04-12 09:30 - 00000000 ___RD () C:\Users\N56\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-04 17:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-06-04 17:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-04 17:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-04 17:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-06-04 17:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-06-04 17:32 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-06-04 16:10 - 2013-05-10 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-02 22:00 - 2013-09-10 18:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-02 20:03 - 2013-04-12 18:31 - 00003818 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-02 19:08 - 2013-07-30 22:42 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-02 19:07 - 2013-04-15 19:16 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-01 16:00 - 2014-06-01 16:00 - 00016554 _____ () C:\Users\N56\Downloads\index (2).php 2014-05-31 23:18 - 2013-04-12 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3266428116-4215170198-3631075106-1001 2014-05-27 08:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-05-19 21:05 - 2014-05-19 21:05 - 00001836 _____ () C:\Users\N56\Downloads\index (1).php 2014-05-17 21:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-05-16 21:58 - 2014-05-16 21:58 - 00018544 _____ () C:\Users\N56\Downloads\pobrane.gz 2014-05-16 19:57 - 2014-05-16 19:56 - 00031979 _____ () C:\Users\N56\Downloads\pobrane ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-04 16:10 ==================== End Of Log ============================