Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by BMFOTO (administrator) on BMFOTO-KOMPUTER on 06-02-2015 22:27:04 Running from C:\Users\BMFOTO\Downloads Loaded Profiles: UpdatusUser & BMFOTO (Available profiles: UpdatusUser & BMFOTO) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\BMFOTO\AppData\Roaming\Dropbox\bin\Dropbox.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-11] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-31] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2015-02-06] (AVAST Software) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1236169856-3573213423-1841828282-1001\...\MountPoints2: {62aee9dd-d197-11e0-be3c-000b6b746d09} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-1236169856-3573213423-1841828282-1001\...\MountPoints2: {dcbd1a49-b55d-11e1-be71-000b6b746d09} - F:\NokiaPCIA_Autorun.exe AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-01-17] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\BMFOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\BMFOTO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1236169856-3573213423-1841828282-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com SearchScopes: HKU\S-1-5-21-1236169856-3573213423-1841828282-1001 -> {2EC1B362-C28C-4879-8162-3F807F8537D7} URL = http://www.bing.com/search?FORM=SMSTDF&PC=MASM&q={searchTerms}&src=IE-SearchBox BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 89.231.1.206 FireFox: ======== FF ProfilePath: C:\Users\BMFOTO\AppData\Roaming\Mozilla\Firefox\Profiles\5zagucvl.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Encyklopedia PWN FF Homepage: hxxp://www.google.pl/ FF NetworkProxy: "backup.ftp", "195.56.44.125" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.gopher", "195.56.44.125" FF NetworkProxy: "backup.gopher_port", 3128 FF NetworkProxy: "backup.socks", "195.56.44.125" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "195.56.44.125" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-06] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-06] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-06] (Avast Software) R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2009-10-14] (France Telecom SA) [File not signed] S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-06] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-06] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-06] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-06] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2010-01-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [117120 2010-01-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-06] (Avast Software) S3 mdareDriver_52; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_52.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 22:26 - 2015-02-06 22:26 - 00000000 ____D () C:\Users\BMFOTO\Downloads\FRST-OlderVersion 2015-02-06 22:11 - 2015-02-06 22:11 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\AVAST Software 2015-02-06 22:10 - 2015-02-06 22:10 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys 2015-02-06 22:10 - 2015-02-06 22:10 - 00087912 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys 2015-02-06 22:10 - 2015-02-06 22:10 - 00001968 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-02-06 22:10 - 2015-02-06 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-02-06 22:10 - 2015-02-06 22:09 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.1423257041923 2015-02-06 22:10 - 2015-02-06 22:09 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2015-02-06 22:10 - 2015-02-06 22:09 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2015-02-06 22:10 - 2015-02-06 22:09 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys 2015-02-06 22:10 - 2015-02-06 22:09 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2015-02-06 22:10 - 2015-02-06 22:09 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2015-02-06 22:10 - 2015-02-06 22:09 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys.1423257043827 2015-02-06 22:10 - 2015-02-06 22:09 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2015-02-06 22:10 - 2015-02-06 22:09 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2015-02-06 22:09 - 2015-02-06 22:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2015-02-06 22:08 - 2015-02-06 22:08 - 00000000 ____D () C:\Program Files\AVAST Software 2015-02-06 22:06 - 2015-02-06 22:08 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-06 21:54 - 2015-02-06 21:59 - 132469808 _____ (AVAST Software) C:\Users\BMFOTO\Downloads\avast_free_antivirus_setup.exe 2015-02-06 21:51 - 2015-02-06 21:51 - 05006864 _____ (AVAST Software) C:\Users\BMFOTO\Downloads\avast_free_antivirus_setup_online.exe 2015-02-06 21:14 - 2015-02-06 21:14 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth 2015-02-06 14:54 - 2015-02-06 14:56 - 00000000 ____D () C:\Users\BMFOTO\Desktop\1 06 2015 2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () C:\Users\BMFOTO\Downloads\qlogo 2015-01-28 22:35 - 2015-01-28 22:36 - 58814919 _____ () C:\Users\BMFOTO\Downloads\qlogo.zip 2015-01-28 21:51 - 2015-01-28 21:53 - 35952468 _____ () C:\Users\BMFOTO\Downloads\qubus.zip 2015-01-26 23:35 - 2015-01-26 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 08:39 - 2015-02-06 22:09 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-22 22:53 - 2015-01-22 22:53 - 00060443 _____ () C:\Users\BMFOTO\Downloads\Shortcut.txt 2015-01-22 22:51 - 2015-01-22 22:53 - 00034254 _____ () C:\Users\BMFOTO\Downloads\Addition.txt 2015-01-22 22:50 - 2015-02-06 22:27 - 00012147 _____ () C:\Users\BMFOTO\Downloads\FRST.txt 2015-01-22 22:47 - 2015-01-22 22:47 - 00380416 _____ () C:\Users\BMFOTO\Downloads\fugtxc0g.exe 2015-01-22 22:45 - 2015-02-06 22:26 - 02131968 _____ (Farbar) C:\Users\BMFOTO\Downloads\FRST64.exe 2015-01-22 19:03 - 2015-01-22 19:04 - 00000000 ____D () C:\Users\BMFOTO\Desktop\suknie ślubne 2015-01-22 15:14 - 2015-01-29 17:23 - 00064768 _____ () C:\Users\BMFOTO\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-22 15:12 - 2015-02-06 22:03 - 00001680 _____ () C:\windows\setupact.log 2015-01-22 15:12 - 2015-01-22 15:12 - 00000392 _____ () C:\windows\PFRO.log 2015-01-22 15:12 - 2015-01-22 15:12 - 00000000 _____ () C:\windows\setuperr.log 2015-01-21 21:41 - 2015-01-21 21:53 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\Wise Registry Cleaner 2015-01-21 18:30 - 2015-02-06 21:38 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\Wise Disk Cleaner 2015-01-21 18:24 - 2015-01-21 18:24 - 00001195 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2015-01-21 18:24 - 2015-01-21 18:24 - 00001172 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk 2015-01-21 18:24 - 2015-01-21 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2015-01-21 18:24 - 2015-01-21 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner 2015-01-21 18:24 - 2015-01-21 18:24 - 00000000 ____D () C:\Program Files (x86)\Wise 2015-01-21 17:45 - 2015-01-21 18:04 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys 2015-01-21 17:45 - 2015-01-21 17:45 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-01-21 10:45 - 2015-02-06 22:27 - 00000000 ____D () C:\FRST 2015-01-19 21:20 - 2015-02-06 22:03 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-19 16:16 - 2015-01-19 16:16 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task 2015-01-19 16:12 - 2015-01-19 16:12 - 00093920 _____ (Fortinet Inc.) C:\windows\system32\Drivers\mdare64_54.sys 2015-01-19 15:25 - 2015-01-19 15:25 - 00000000 ____D () C:\Users\BMFOTO\Desktop\sprawdz_czy_masz_juz_to_zgrane_DEKO 2015-01-19 14:55 - 2015-01-19 15:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-19 14:55 - 2015-01-19 14:55 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-01-19 14:40 - 2015-01-19 14:40 - 00000197 _____ () C:\windows\system32\2015-01-19-13-40-53.092-AvastVBoxSVC.exe-5008.log 2015-01-19 11:04 - 2015-01-20 20:19 - 00000000 ____D () C:\Users\BMFOTO\Doctor Web 2015-01-19 11:03 - 2015-01-19 11:03 - 00000247 _____ () C:\windows\system32\2015-01-19-10-03-12.053-aswFe.exe-6236.log 2015-01-19 10:56 - 2015-01-19 11:03 - 00000247 _____ () C:\windows\system32\2015-01-19-09-56-54.093-aswFe.exe-6016.log 2015-01-19 10:56 - 2015-01-19 10:56 - 00000197 _____ () C:\windows\system32\2015-01-19-09-56-48.015-AvastVBoxSVC.exe-4980.log 2015-01-19 10:38 - 2015-01-19 10:38 - 00000197 _____ () C:\windows\system32\2015-01-19-09-38-19.012-AvastVBoxSVC.exe-4540.log 2015-01-19 00:50 - 2015-01-19 00:51 - 00000197 _____ () C:\windows\system32\2015-01-18-23-50-50.053-AvastVBoxSVC.exe-4112.log 2015-01-18 18:45 - 2015-01-18 18:45 - 00000197 _____ () C:\windows\system32\2015-01-18-17-45-28.073-AvastVBoxSVC.exe-2032.log 2015-01-18 16:11 - 2015-01-19 01:47 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2015-01-18 14:41 - 2015-01-18 14:51 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-18 14:00 - 2015-01-18 14:00 - 00000197 _____ () C:\windows\system32\2015-01-18-13-00-31.012-AvastVBoxSVC.exe-4836.log 2015-01-18 13:47 - 2015-01-18 13:48 - 00000197 _____ () C:\windows\system32\2015-01-18-12-47-50.013-AvastVBoxSVC.exe-5052.log 2015-01-18 10:25 - 2015-01-18 10:25 - 00000197 _____ () C:\windows\system32\2015-01-18-09-25-03.097-AvastVBoxSVC.exe-4924.log 2015-01-18 02:52 - 2015-01-18 02:52 - 00000000 ____D () C:\temp 2015-01-17 22:15 - 2015-02-06 22:03 - 00000000 ____D () C:\Program Files (x86)\Fortinet 2015-01-17 22:12 - 2015-01-17 22:12 - 00000000 ____D () C:\ProgramData\Applications 2015-01-17 22:04 - 2015-01-17 22:04 - 00000197 _____ () C:\windows\system32\2015-01-17-21-04-46.070-AvastVBoxSVC.exe-3532.log 2015-01-17 21:59 - 2015-01-17 21:59 - 00000197 _____ () C:\windows\system32\2015-01-17-20-59-26.008-AvastVBoxSVC.exe-3816.log 2015-01-16 23:54 - 2015-01-16 23:54 - 00000000 __SHD () C:\Users\BMFOTO\AppData\Local\EmieUserList 2015-01-16 23:54 - 2015-01-16 23:54 - 00000000 __SHD () C:\Users\BMFOTO\AppData\Local\EmieSiteList 2015-01-16 23:54 - 2015-01-16 23:54 - 00000000 __SHD () C:\Users\BMFOTO\AppData\Local\EmieBrowserModeList 2015-01-16 23:26 - 2015-01-16 23:26 - 00000197 _____ () C:\windows\system32\2015-01-16-22-26-51.078-AvastVBoxSVC.exe-3536.log 2015-01-16 23:10 - 2015-01-16 23:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-16 23:10 - 2015-01-16 23:10 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-16 23:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-01-16 23:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-01-16 23:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-16 23:09 - 2015-01-16 23:09 - 00000197 _____ () C:\windows\system32\2015-01-16-22-09-08.087-AvastVBoxSVC.exe-3328.log 2015-01-16 22:03 - 2015-01-16 22:07 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\vlc 2015-01-16 22:02 - 2015-01-16 22:02 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-01-16 22:02 - 2015-01-16 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-16 22:01 - 2015-01-16 22:01 - 00000000 ____D () C:\Program Files\VideoLAN 2015-01-16 21:55 - 2015-01-16 23:54 - 00000000 ____D () C:\Users\BMFOTO\AppData\Local\Windows Live 2015-01-14 14:01 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 14:01 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-14 14:01 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 14:01 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 14:01 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 14:01 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 14:01 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 14:01 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 14:01 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-14 14:01 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 14:01 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 14:01 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 14:01 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-13 23:42 - 2015-01-21 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-11 19:05 - 2015-01-11 19:05 - 00000247 _____ () C:\windows\system32\2015-01-11-18-05-18.050-aswFe.exe-6856.log 2015-01-11 18:58 - 2015-01-11 19:05 - 00000247 _____ () C:\windows\system32\2015-01-11-17-58-27.078-aswFe.exe-3676.log 2015-01-11 18:58 - 2015-01-11 18:58 - 00000197 _____ () C:\windows\system32\2015-01-11-17-58-22.001-AvastVBoxSVC.exe-4280.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 22:20 - 2009-07-14 05:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 22:20 - 2009-07-14 05:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 22:18 - 2012-08-14 08:27 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-02-06 22:15 - 2010-10-22 00:47 - 01690735 _____ () C:\windows\WindowsUpdate.log 2015-02-06 22:05 - 2014-01-22 23:38 - 00000000 ___RD () C:\Users\BMFOTO\Desktop\Dropbox 2015-02-06 22:05 - 2014-01-22 23:36 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\Dropbox 2015-02-06 21:44 - 2009-07-14 06:13 - 00006490 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-06 21:35 - 2011-11-16 09:01 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\SoftGrid Client 2015-02-06 16:44 - 2013-08-01 16:23 - 00000000 ____D () C:\Users\BMFOTO\Desktop\um 2015-02-06 16:41 - 2014-11-30 22:11 - 00000000 ____D () C:\Users\BMFOTO\Desktop\KOORDYNACJA WESELA 2015-02-05 21:09 - 2013-06-18 23:16 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 21:09 - 2012-06-20 10:00 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 21:09 - 2011-07-08 12:07 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 19:59 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2015-01-30 14:53 - 2014-01-08 22:51 - 00000000 ____D () C:\Users\BMFOTO\Desktop\rozne 2015-01-28 12:57 - 2013-06-18 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-21 21:31 - 2011-07-13 14:03 - 00000000 ____D () C:\Users\BMFOTO\Documents\Youcam 2015-01-21 21:31 - 2009-08-02 03:27 - 00000000 ____D () C:\windows\Sec 2015-01-21 21:29 - 2011-09-01 16:50 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\Skype 2015-01-21 21:28 - 2009-08-02 03:27 - 00000000 ____D () C:\windows\Panther 2015-01-21 17:33 - 2011-09-01 16:50 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-21 17:28 - 2011-09-01 16:50 - 00000000 ____D () C:\Users\BMFOTO\AppData\Local\Google 2015-01-21 17:27 - 2013-09-20 22:55 - 00000000 ____D () C:\Users\BMFOTO\AppData\Local\Facebook 2015-01-21 02:49 - 2011-07-08 01:07 - 00000000 ____D () C:\Users\BMFOTO 2015-01-19 19:03 - 2011-07-08 01:22 - 00000000 ____D () C:\Users\BMFOTO\AppData\Roaming\Adobe 2015-01-19 16:14 - 2011-07-08 01:13 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-19 14:55 - 2011-07-08 01:13 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-19 10:43 - 2011-07-08 01:13 - 00000000 ____D () C:\Users\BMFOTO\AppData\Local\Adobe 2015-01-16 21:58 - 2010-10-21 09:14 - 00000000 ____D () C:\ProgramData\WildTangent 2015-01-16 21:57 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-15 00:55 - 2013-07-25 23:06 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 00:46 - 2011-07-08 02:13 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-14 17:42 - 2013-07-16 15:34 - 00000000 ____D () C:\Users\BMFOTO\Desktop\mieszkanie 2015-01-12 00:36 - 2014-12-29 15:30 - 00000000 ____D () C:\Users\BMFOTO\Desktop\2015 ==================== Files in the root of some directories ======= 2011-11-20 19:53 - 2014-11-07 14:18 - 0014336 _____ () C:\Users\BMFOTO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-19 06:44 - 2013-06-19 06:44 - 0000017 _____ () C:\Users\BMFOTO\AppData\Local\resmon.resmoncfg 2014-11-06 21:37 - 2014-11-06 21:37 - 0000000 _____ () C:\Users\BMFOTO\AppData\Local\{35EBD8BB-CDF5-4122-B6DE-EC4755A3AE3F} 2010-10-21 09:06 - 2010-10-21 09:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-10-21 09:04 - 2010-10-21 09:05 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2010-10-21 09:01 - 2010-10-21 09:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-10-21 09:05 - 2010-10-21 09:06 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2010-10-21 09:01 - 2010-10-21 09:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-10-21 09:02 - 2010-10-21 09:04 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Some content of TEMP: ==================== C:\Users\BMFOTO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnvbti.dll C:\Users\BMFOTO\AppData\Local\Temp\fasle.dll C:\Users\BMFOTO\AppData\Local\Temp\libav.dll C:\Users\BMFOTO\AppData\Local\Temp\libips.dll C:\Users\BMFOTO\AppData\Local\Temp\mdare.dll C:\Users\BMFOTO\AppData\Local\Temp\vcm.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 21:21 ==================== End Of Log ============================