Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014 Ran by lupus (administrator) on LUPUS-KOMPUTER on 02-11-2014 08:24:25 Running from C:\Users\lupus\Downloads Loaded Profile: lupus (Available profiles: lupus) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe () C:\Program Files (x86)\Opera\21.0.1432.57\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe (Farbar) C:\Users\lupus\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKU\S-1-5-21-4204224380-3008712290-589102612-1000\...\Run: [Google Update] => C:\Users\lupus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-07] (Google Inc.) HKU\S-1-5-21-4204224380-3008712290-589102612-1000\...\Run: [Facebook Update] => C:\Users\lupus\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-16] (Facebook Inc.) HKU\S-1-5-21-4204224380-3008712290-589102612-1000\...\Run: [Yahoo! Search] => C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe [438632 2014-09-20] (Pay By Ads LTD) HKU\S-1-5-21-4204224380-3008712290-589102612-1000\...\Run: [{5DE67937-45D5-45E4-923C-0B7F7EC929A7}] => C:\Users\lupus\Desktop\LeagueofLegends_EUNE_Installer_9_15_2014.exe [30993712 2014-10-18] (Riot Games) HKU\S-1-5-21-4204224380-3008712290-589102612-1000\...\MountPoints2: {f84666ad-d151-11df-a0db-806e6f6e6963} - X:\cda_menu.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lupus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\lupus\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\lupus\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-22] Chrome: ======= CHR HomePage: Default -> hxxp://www.wp.pl/ CHR StartupUrls: Default -> "hxxp://www.wp.pl/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-07] CHR Extension: (Dysk Google) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07] CHR Extension: (YouTube) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07] CHR Extension: (Szukaj w Google) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07] CHR Extension: (AdBlock) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-24] CHR Extension: (Google Wallet) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07] CHR Extension: (Gmail) - C:\Users\lupus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2012-07-28] (AMD) [File not signed] S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed] R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-27] (AVAST Software) R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed] R2 EFS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-03-29] (Microsoft Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2013-11-26] (Microsoft Corporation) [File not signed] S3 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed] R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed] S3 KeyIso; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] R2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation) S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] () S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] R2 SamSs; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation) S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed] S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed] S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed] S3 WwanSvc; C:\Windows\System32\wwansvc.dll [230400 2013-03-19] (Microsoft Corporation) [File not signed] S2 Update NetCrawl; "C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] (Microsoft Corporation) [File not signed] R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10278912 2012-07-28] (Advanced Micro Devices, Inc.) [File not signed] R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [368640 2012-07-28] (Advanced Micro Devices, Inc.) [File not signed] S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-27] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-27] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-27] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-27] () S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10278912 2012-07-28] (Advanced Micro Devices, Inc.) [File not signed] R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation) S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed] S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation) [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed] S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] (Microsoft Corporation) [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed] R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [61112 2014-06-27] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-06-30] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61112 2014-07-12] (StdLib) U4 EIO64; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 08:24 - 2014-11-02 08:24 - 00016953 _____ () C:\Users\lupus\Downloads\FRST.txt 2014-11-02 08:22 - 2014-11-02 08:23 - 02114048 _____ (Farbar) C:\Users\lupus\Downloads\FRST64 (1).exe 2014-11-02 08:22 - 2014-11-02 08:22 - 02114048 _____ (Farbar) C:\Users\lupus\Downloads\FRST64.exe 2014-11-02 08:04 - 2014-11-02 08:04 - 05045094 _____ () C:\Users\lupus\Desktop\odynaka.bmp 2014-11-02 08:02 - 2014-11-02 08:04 - 05045094 _____ () C:\Users\lupus\Desktop\Nowy obraz mapy bitowej.BMP 2014-10-19 21:34 - 2014-10-19 21:34 - 00257536 _____ () C:\Users\lupus\Desktop\TiL_I.xls 2014-10-19 09:30 - 2014-10-19 09:30 - 00000000 ____D () C:\Users\lupus\AppData\Roaming\LolClient 2014-10-18 21:39 - 2014-10-18 21:39 - 00000000 ____D () C:\ProgramData\Riot Games 2014-10-18 21:35 - 2014-10-18 21:35 - 00001407 _____ () C:\Users\Public\Desktop\League of Legends.lnk 2014-10-18 21:35 - 2014-10-18 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2014-10-18 21:35 - 2008-07-12 07:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-10-18 21:35 - 2008-07-12 07:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-10-18 21:35 - 2008-07-12 07:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-10-18 21:33 - 2014-10-18 21:35 - 00000000 ____D () C:\Users\lupus\AppData\Roaming\Riot Games 2014-10-18 21:31 - 2014-10-18 21:32 - 30993712 _____ (Riot Games) C:\Users\lupus\Desktop\LeagueofLegends_EUNE_Installer_9_15_2014.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2060-08-18 19:02 - 2013-12-29 21:31 - 02023424 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCL50.BPL 2060-08-18 19:02 - 2013-12-29 21:31 - 01496064 ____N (Inprise Corporation) C:\Windows\SysWOW64\CC3250MT.DLL 2060-08-18 19:02 - 2013-12-29 21:31 - 00248832 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCLX50.BPL 2060-08-18 18:40 - 2013-12-29 21:31 - 00909824 ____N (Inprise Corporation) C:\Windows\SysWOW64\cp3245mt.dll 2014-11-02 08:24 - 2013-12-05 23:14 - 00000000 ____D () C:\FRST 2014-11-02 08:02 - 2009-07-14 05:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-02 08:02 - 2009-07-14 05:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-02 08:01 - 2011-11-13 06:47 - 01933390 _____ () C:\Windows\WindowsUpdate.log 2014-11-02 08:01 - 2009-07-14 18:55 - 00808722 _____ () C:\Windows\system32\perfh015.dat 2014-11-02 08:01 - 2009-07-14 18:55 - 00182126 _____ () C:\Windows\system32\perfc015.dat 2014-11-02 08:01 - 2009-07-14 06:13 - 01863340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-02 07:56 - 2013-03-21 19:42 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-02 07:54 - 2013-11-13 22:11 - 00030632 _____ () C:\Windows\setupact.log 2014-11-02 07:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-01 22:44 - 2013-03-21 19:42 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-01 22:38 - 2013-11-07 00:52 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4204224380-3008712290-589102612-1000UA.job 2014-11-01 20:57 - 2013-12-16 20:52 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4204224380-3008712290-589102612-1000UA.job 2014-11-01 20:57 - 2013-12-16 20:52 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4204224380-3008712290-589102612-1000Core.job 2014-11-01 14:10 - 2014-05-22 15:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-26 10:39 - 2013-03-21 19:42 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-26 10:39 - 2013-03-21 19:42 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-19 00:38 - 2013-11-07 00:52 - 00001006 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4204224380-3008712290-589102612-1000Core.job 2014-10-19 00:33 - 2013-11-07 00:52 - 00004028 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4204224380-3008712290-589102612-1000UA 2014-10-19 00:33 - 2013-11-07 00:52 - 00003632 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4204224380-3008712290-589102612-1000Core 2014-10-18 21:15 - 2014-09-20 18:16 - 00000000 ____D () C:\Users\lupus\Documents\gothic3 2014-10-04 17:26 - 2013-11-13 22:11 - 00350968 _____ () C:\Windows\PFRO.log Some content of TEMP: ==================== C:\Users\lupus\AppData\Local\Temp\AutoRun.exe C:\Users\lupus\AppData\Local\Temp\AutoRunGUI.dll C:\Users\lupus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvaqfeq.dll C:\Users\lupus\AppData\Local\Temp\dsrsetup.exe C:\Users\lupus\AppData\Local\Temp\EAInstall.dll C:\Users\lupus\AppData\Local\Temp\gcapi_dll.dll C:\Users\lupus\AppData\Local\Temp\gdapi.dll C:\Users\lupus\AppData\Local\Temp\GoogleSetup.exe C:\Users\lupus\AppData\Local\Temp\gtapi_signed.dll C:\Users\lupus\AppData\Local\Temp\GTGCAPI.exe C:\Users\lupus\AppData\Local\Temp\msvcr90.dll C:\Users\lupus\AppData\Local\Temp\res.dll C:\Users\lupus\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 10:23 ==================== End Of Log ============================