Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jkrasnodebski (administrator) on KOMPUTERFIRMA11 on 17-03-2015 08:24:21
Running from C:\Users\Jkrasnodebski\Desktop
Loaded Profiles: UpdatusUser & Jkrasnodebski (Available profiles: UpdatusUser & Jkrasnodebski)
Platform: Windows 7 Home Premium (X64) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 3.6\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 3.6\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-16] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4264836577-1841705606-3099376491-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-4264836577-1841705606-3099376491-1002\...\Run: [GoogleChromeAutoLaunch_98F6F8547EC45F51F9B053BC2DDC88CD] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-4264836577-1841705606-3099376491-1002\...\MountPoints2: {0cb11eee-a9b3-11e1-a53f-bc7737688e35} - E:\AutoRun.exe
HKU\S-1-5-21-4264836577-1841705606-3099376491-1002\...\MountPoints2: {0cb11ef2-a9b3-11e1-a53f-bc7737688e35} - E:\AutoRun.exe
HKU\S-1-5-21-4264836577-1841705606-3099376491-1002\...\MountPoints2: {533b4679-a8eb-11e1-90ea-bc7737688e35} - E:\AutoRun.exe
HKU\S-1-5-21-4264836577-1841705606-3099376491-1002\...\MountPoints2: {533b4698-a8eb-11e1-90ea-bc7737688e35} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-11-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-11-30] (NVIDIA Corporation)
Startup: C:\Users\Jkrasnodebski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
Startup: C:\Users\Jkrasnodebski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.6.lnk
ShortcutTarget: LibreOffice 3.6.lnk -> C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jkrasnodebski\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> {934BAE23-8A84-4CD2-BD07-8480D29C0468} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5232085B-89D2-4B28-980E-51EA383D63EC} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4264836577-1841705606-3099376491-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-14] (Sun Microsystems, Inc.)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-14] (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-4264836577-1841705606-3099376491-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jkrasnodebski\AppData\Roaming\Mozilla\Firefox\Profiles\ksb63j0d.default
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-11-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-11-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-23]
CHR Extension: (Google Search) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-23]
CHR Extension: (Google Sheets) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Air Globe) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbclkihfhiokpinabobakbgliglpaj [2015-03-16]
CHR Extension: (lohbonfeioofpgpcmebnncnmiobojbgk) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\lohbonfeioofpgpcmebnncnmiobojbgk [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Jkrasnodebski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-16] (Avast Software s.r.o.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-16] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-16] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-16] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-16] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-16] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-16] ()
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-16] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-16] ()
S3 cpuz134; \??\C:\Users\JKRASN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 08:24 - 2015-03-17 08:25 - 00017656 _____ () C:\Users\Jkrasnodebski\Desktop\FRST.txt
2015-03-17 08:23 - 2015-03-17 08:24 - 00000000 ____D () C:\FRST
2015-03-17 08:20 - 2015-03-17 08:20 - 00380416 _____ () C:\Users\Jkrasnodebski\Desktop\oiv1d25w.exe
2015-03-17 08:19 - 2015-03-17 08:19 - 02095616 _____ (Farbar) C:\Users\Jkrasnodebski\Desktop\FRST64.exe
2015-03-17 08:11 - 2015-03-17 08:11 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-17 08:11 - 2015-03-17 08:11 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-17 08:11 - 2015-03-17 08:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-17 08:10 - 2015-03-17 08:10 - 00243536 _____ () C:\Users\Jkrasnodebski\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-16 15:50 - 2015-03-16 15:50 - 00000745 _____ () C:\Users\Jkrasnodebski\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-16 15:50 - 2015-03-16 15:50 - 00000000 ____D () C:\EEK
2015-03-16 14:10 - 2015-03-16 14:34 - 163392504 _____ () C:\Users\Jkrasnodebski\Downloads\EmsisoftEmergencyKit.exe
2015-03-16 14:10 - 2015-03-16 14:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-16 14:10 - 2015-03-16 14:10 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-16 14:07 - 2015-03-16 14:10 - 15648856 _____ () C:\Users\Jkrasnodebski\Downloads\RogueKiller.exe
2015-03-16 09:13 - 2015-03-16 09:13 - 00000000 ____D () C:\Users\Jkrasnodebski\AppData\Roaming\AVAST Software
2015-03-16 09:12 - 2015-03-17 07:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-16 09:12 - 2015-03-16 09:12 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-16 09:12 - 2015-03-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-16 09:12 - 2015-03-16 09:11 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-16 09:11 - 2015-03-16 09:11 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-16 09:11 - 2015-03-16 09:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-16 09:11 - 2015-03-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-16 08:57 - 2015-03-16 08:57 - 00015587 _____ () C:\Users\Jkrasnodebski\Desktop\JRT.txt
2015-03-16 08:51 - 2015-03-16 08:52 - 01388333 _____ (Thisisu) C:\Users\Jkrasnodebski\Downloads\JRT (1).exe
2015-03-16 08:49 - 2015-03-17 07:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 08:49 - 2015-03-16 08:49 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-16 08:49 - 2015-03-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-16 08:49 - 2015-03-16 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-16 08:49 - 2015-03-16 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-16 08:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-16 08:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-16 08:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 08:40 - 2015-03-16 14:01 - 00000000 ____D () C:\AdwCleaner
2015-03-16 08:35 - 2015-03-16 08:40 - 147571744 _____ (Avast Software s.r.o.) C:\Users\Jkrasnodebski\Downloads\avast_free_antivirus_setup.exe
2015-03-16 08:33 - 2015-03-16 08:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jkrasnodebski\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-16 08:32 - 2015-03-16 08:32 - 02171392 _____ () C:\Users\Jkrasnodebski\Downloads\AdwCleaner.exe
2015-03-16 08:32 - 2015-03-16 08:32 - 01110489 _____ (Thisisu) C:\Users\Jkrasnodebski\Downloads\JRT.exe
2015-03-16 08:28 - 2015-03-16 14:02 - 00000280 _____ () C:\Windows\setupact.log
2015-03-16 08:28 - 2015-03-16 13:33 - 00006638 _____ () C:\Windows\PFRO.log
2015-03-16 08:28 - 2015-03-16 08:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-14 09:10 - 2015-03-17 07:52 - 00001072 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-03-14 09:10 - 2015-03-16 14:19 - 00000000 ____D () C:\Program Files (x86)\Doctor PC
2015-03-14 09:10 - 2015-03-16 08:34 - 00000000 ____D () C:\Users\Jkrasnodebski\Documents\DoctorPC
2015-03-14 09:10 - 2015-03-14 09:10 - 00004128 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-03-14 09:10 - 2015-03-14 09:10 - 00002366 _____ () C:\Users\Public\Desktop\Crossbrowse.lnk
2015-03-14 09:10 - 2015-03-14 09:10 - 00000000 ____D () C:\Users\Jkrasnodebski\AppData\Roaming\Doctor PC
2015-03-14 09:01 - 2015-03-17 07:52 - 00022402 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 08:55 - 2015-03-16 10:36 - 00000266 __RSH () C:\ProgramData\ntuser.pol
2015-03-13 22:18 - 2015-03-13 22:18 - 00613255 _____ (CMI Limited) C:\Users\Jkrasnodebski\AppData\Local\nsoD7AB.tmp
2015-03-13 22:16 - 2015-03-14 08:45 - 00008720 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini
2015-03-13 22:16 - 2015-03-14 08:45 - 00008720 _____ () C:\Windows\system32\BasementDusterOff.ini
2015-03-13 22:15 - 2015-03-12 09:59 - 00319392 _____ (BD Inc.) C:\Windows\SysWOW64\BDL.dll
2015-03-13 21:00 - 2015-03-13 21:00 - 00003012 _____ () C:\Windows\System32\Tasks\{DA280297-B5F1-4DF2-8314-B950DF687DC0}
2015-03-11 21:44 - 2015-03-14 08:59 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-11 21:37 - 2015-03-14 09:08 - 00000000 ____D () C:\Program Files (x86)\67604178-e27a-4913-a587-b0d37a0b8c9b
2015-03-11 21:36 - 2015-03-11 21:36 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-03-11 21:35 - 2015-03-11 21:35 - 00000000 ____D () C:\Users\Jkrasnodebski\AppData\Local\CrashRpt
2015-03-10 13:48 - 2015-03-10 13:48 - 00000445 _____ () C:\Users\Jkrasnodebski\Desktop\orn renesansowy.htm
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Jkrasnodebski\AppData\Roaming\XREBYDPC
2015-03-08 19:17 - 2015-03-17 08:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 13:19 - 2015-03-01 21:04 - 02211008 _____ () C:\Users\Jkrasnodebski\Desktop\Kopia_zapasowa_Kopia_zapasowa_Kopia_zapasowa_Beznazwy-1.cdr
2015-03-02 13:01 - 2015-03-02 12:33 - 00002307 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
2015-03-02 13:01 - 2015-03-02 12:32 - 00002829 _____ () C:\Users\Public\Desktop\Video Tutorials.lnk
2015-03-02 13:01 - 2015-03-02 12:32 - 00002641 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X5.lnk
2015-03-02 13:01 - 2015-03-02 12:32 - 00002633 _____ () C:\Users\Public\Desktop\Corel CAPTURE X5.lnk
2015-03-02 13:01 - 2015-03-02 12:32 - 00002625 _____ () C:\Users\Public\Desktop\CorelDRAW X5.lnk
2015-03-02 13:01 - 2015-03-02 12:32 - 00002347 _____ () C:\Users\Public\Desktop\Corel CONNECT.lnk
2015-03-02 12:34 - 2015-03-02 12:34 - 00000000 ____D () C:\Program Files (x86)\gs
2015-03-02 12:31 - 2015-03-02 13:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
2015-03-02 12:30 - 2015-03-02 12:30 - 00000000 ____D () C:\Program Files (x86)\Corel
2015-02-22 18:43 - 2015-03-02 13:19 - 02147978 _____ () C:\Users\Jkrasnodebski\Desktop\Kopia_zapasowa_Kopia_zapasowa_Beznazwy-1.cdr
2015-02-22 16:33 - 2015-02-22 18:06 - 02028351 _____ () C:\Users\Jkrasnodebski\Documents\Kopia_zapasowa_Beznazwy-1.cdr
2015-02-22 16:19 - 2015-03-13 13:47 - 18676414 _____ () C:\Users\Jkrasnodebski\Desktop\Beznazwy-1.cpt
2015-02-22 16:17 - 2015-02-22 18:17 - 01944744 _____ () C:\Users\Jkrasnodebski\Documents\Beznazwy-1.cdr
2015-02-21 18:29 - 2015-02-21 18:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-21 18:08 - 2015-02-21 18:08 - 00902591 _____ () C:\Users\Jkrasnodebski\Documents\Beznazwy-2.cdr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 08:23 - 2011-11-03 10:36 - 00004026 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A3EB3C3-4FB2-4B2D-9859-3F3B81BE424A}
2015-03-17 08:19 - 2011-11-06 13:12 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 08:10 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 08:10 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 07:54 - 2012-04-09 16:36 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 14:17 - 2011-10-05 12:42 - 00000000 ____D () C:\Users\Jkrasnodebski\AppData\Roaming\Skype
2015-03-16 14:03 - 2011-11-06 13:11 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-03-16 09:10 - 2011-11-06 13:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-16 08:43 - 2011-11-06 13:14 - 00001258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-16 08:43 - 2011-11-06 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-16 08:43 - 2011-09-30 13:36 - 00001162 _____ () C:\Users\Jkrasnodebski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-16 08:43 - 2011-09-30 13:36 - 00001015 _____ () C:\Users\Jkrasnodebski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-16 08:35 - 2009-07-14 03:34 - 00000537 _____ () C:\Windows\win.ini
2015-03-14 09:07 - 2014-05-02 07:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-14 08:59 - 2012-02-22 11:16 - 00000000 ____D () C:\Program Files\Google
2015-03-14 08:59 - 2011-11-06 13:11 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-14 08:51 - 2012-05-28 18:47 - 00000000 ____D () C:\Program Files (x86)\PLAY ONLINE
2015-03-14 08:50 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-14 08:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-14 08:49 - 2012-02-22 11:16 - 00000000 ____D () C:\ProgramData\Google
2015-03-14 08:49 - 2011-11-06 13:11 - 00000000 ____D () C:\Users\Jkrasnodebski\AppData\Local\Google
2015-03-13 21:39 - 2013-08-19 20:29 - 00000000 ____D () C:\ProgramData\Avira
2015-03-11 21:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-09 20:37 - 2011-05-14 10:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-09 20:37 - 2011-05-14 10:18 - 00000000 ____D () C:\ProgramData\Skype
2015-03-02 16:25 - 2009-07-14 05:45 - 00544520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 13:11 - 2013-04-04 18:14 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5
2015-03-02 13:05 - 2011-09-30 13:35 - 00117664 _____ () C:\Users\Jkrasnodebski\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 12:34 - 2011-11-24 19:09 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Jkrasnodebski\AppData\Roaming\XREBYDPC
2015-03-13 22:18 - 2015-03-13 22:18 - 0613255 _____ (CMI Limited) C:\Users\Jkrasnodebski\AppData\Local\nsoD7AB.tmp
2011-10-30 14:01 - 2011-10-30 14:01 - 0001542 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20111030.140154.txt
2011-11-29 20:25 - 2011-11-29 20:25 - 0001567 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20111129.202555.txt
2011-12-08 11:21 - 2011-12-08 11:21 - 0001567 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20111208.112143.txt
2012-02-22 14:14 - 2012-02-22 14:14 - 0001567 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20120222.141403.txt
2012-03-06 20:47 - 2012-03-06 20:47 - 0001567 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20120306.204701.txt
2012-05-01 16:21 - 2012-05-01 16:21 - 0001567 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20120501.172142.txt
2012-06-22 22:09 - 2012-06-22 22:09 - 0001542 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20120622.230913.txt
2014-04-20 18:51 - 2014-04-20 18:51 - 0001567 _____ () C:\Users\Jkrasnodebski\AppData\Local\PDLSetup.20140420.195145.txt
2012-06-30 10:32 - 2012-06-30 10:32 - 0000017 _____ () C:\Users\Jkrasnodebski\AppData\Local\resmon.resmoncfg
2011-12-04 17:49 - 2011-12-04 17:49 - 0000000 _____ () C:\Users\Jkrasnodebski\AppData\Local\{59BF1930-F63E-470F-84C3-B0CCF5AC7B14}

Files to move or delete:
====================
C:\Users\Jkrasnodebski\setup.exe


Some content of TEMP:
====================
C:\Users\Jkrasnodebski\AppData\Local\Temp\6D742F14-103E-6858-8B23-F6132422FF03.dll
C:\Users\Jkrasnodebski\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jkrasnodebski\AppData\Local\Temp\Quarantine.exe
C:\Users\Jkrasnodebski\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Jkrasnodebski\AppData\Local\Temp\SpOrder.dll
C:\Users\Jkrasnodebski\AppData\Local\Temp\sqlite3.dll
C:\Users\Jkrasnodebski\AppData\Local\Temp\tu17p84.exe
C:\Users\Jkrasnodebski\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 13:26

==================== End Of Log ============================