Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Kasia (administrator) on KEJTI on 20-06-2015 00:08:42 Running from C:\Users\Kasia\Downloads\ostro Loaded Profiles: Kasia (Available Profiles: Kasia) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser path: "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (PriceMeter) C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareAgent.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Users\Kasia\AppData\Local\SmartWeb\SmartWebHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () C:\Users\Kasia\AppData\Local\SmartWeb\SmartWebApp.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Crossbrowse) C:\FRST\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe.xBAD (Crossbrowse) C:\FRST\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe.xBAD (Opera Software) C:\Program Files\Opera\18.0.1284.49\opera.exe () C:\Program Files\Opera\18.0.1284.49\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\18.0.1284.49\opera.exe (Opera Software) C:\Program Files\Opera\18.0.1284.49\opera.exe (Opera Software) C:\Program Files\Opera\18.0.1284.49\opera.exe (Opera Software) C:\Program Files\Opera\18.0.1284.49\opera.exe (Farbar) C:\Users\Kasia\Downloads\ostro\FRST (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated) HKLM\...\Run: [AllShareAgent] => C:\Program Files\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4047480 2012-11-30] (VIA) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [gmsd_pl_132] => [X] HKU\S-1-5-21-1266292625-858870729-1075496977-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-1266292625-858870729-1075496977-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3632472 2015-04-29] (Electronic Arts) HKU\S-1-5-21-1266292625-858870729-1075496977-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-1266292625-858870729-1075496977-1001\...\MountPoints2: {48ed2322-601f-11e3-93fb-002618497009} - F:\setup.exe HKU\S-1-5-21-1266292625-858870729-1075496977-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2009-07-14] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2014-03-14] ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-08-01] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1266292625-858870729-1075496977-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKU\S-1-5-21-1266292625-858870729-1075496977-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-30] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-01] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-30] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 217.28.150.195 217.28.150.157 FireFox: ======== FF ProfilePath: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\whq9gfvy.default FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=180&d=20140618 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] () FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files\Ganymede\Plugins\npganymedenet.dll [2013-07-15] ( ) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF user.js: detected! => C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\whq9gfvy.default\user.js [2014-01-11] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2013-07-15] ( ) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-25] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Rebecca Taylor) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj [2014-01-13] CHR Extension: (Bookmark Manager) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Google Wallet) - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1931632 2015-04-29] (Electronic Arts) R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-11-30] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] () S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-06-08] (Disc Soft Ltd) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761024 2010-09-07] (Sonix Technology Co., Ltd.) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841784 2012-11-30] (VIA Technologies, Inc.) R1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X] R4 SPDRIVER_1.42.1.1957; \??\C:\Program Files\ShopperPro\JSDriver\1.42.1.1957\jsdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-19 23:26 - 2015-06-19 23:26 - 00000000 ____D C:\Program Files\predm 2015-06-19 12:31 - 2015-06-19 12:31 - 00000000 ____D C:\Users\Kasia\Desktop\Originals 2015-06-19 12:29 - 2015-06-19 12:29 - 00006144 ____H C:\Users\Kasia\Desktop\photothumb.db 2015-06-19 12:09 - 2015-06-19 12:09 - 00001338 _____ C:\Users\Kasia\Desktop\Wyczyść rejestr za darmo!.lnk 2015-06-11 22:40 - 2015-06-11 22:45 - 00024545 _____ C:\Users\Kasia\Desktop\Settings.xml 2015-06-09 19:19 - 2015-06-09 20:10 - 00080581 _____ C:\Users\Kasia\Desktop\GMER.txt 2015-06-09 17:46 - 2015-06-09 17:46 - 00613255 _____ (CMI Limited) C:\Users\Kasia\AppData\Local\nssB66B.tmp 2015-06-09 17:01 - 2015-06-09 17:01 - 00046858 _____ C:\Users\Kasia\Desktop\Shortcut.txt 2015-06-09 16:59 - 2015-06-09 17:01 - 00045625 _____ C:\Users\Kasia\Desktop\Addition.txt 2015-06-09 16:58 - 2015-06-09 17:01 - 00036309 _____ C:\Users\Kasia\Desktop\FRST.txt 2015-06-09 16:56 - 2015-06-20 00:08 - 00000000 ____D C:\FRST 2015-06-09 16:55 - 2015-06-09 16:56 - 01147904 _____ (Farbar) C:\Users\Kasia\Downloads\FRST (1).exe 2015-06-08 23:14 - 2015-06-08 23:14 - 01146452 _____ C:\Users\Kasia\Downloads\FRST.exe 2015-06-08 23:11 - 2015-06-20 00:08 - 00000000 ____D C:\Users\Kasia\Downloads\ostro 2015-06-08 23:10 - 2015-06-08 23:10 - 00002187 _____ C:\Users\Public\Desktop\Facebook.lnk 2015-06-08 23:10 - 2015-06-08 23:10 - 00000000 ____D C:\Users\Kasia\AppData\Local\Crossbrowse 2015-06-08 23:07 - 2015-06-08 23:07 - 00000000 ____D C:\Program Files\Crossbrowse 2015-06-08 22:58 - 2015-06-08 22:58 - 00001381 _____ C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-08 22:31 - 2015-06-20 00:07 - 00000000 ____D C:\AdwCleaner 2015-06-08 22:29 - 2015-06-08 22:30 - 02231296 _____ C:\Users\Kasia\Downloads\AdwCleaner.exe 2015-06-08 21:56 - 2015-06-08 22:55 - 00000000 ____D C:\Users\Kasia\AppData\Local\Disc_Soft_Ltd 2015-06-08 21:54 - 2015-06-08 21:54 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2015-06-08 21:51 - 2015-06-08 21:59 - 00000000 ____D C:\ProgramData\TEMP 2015-06-08 21:50 - 2015-06-08 21:50 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\system32\AniGIF.ocx 2015-06-08 21:49 - 2015-06-08 21:49 - 00000000 ____D C:\Users\Kasia\AppData\Local\CrashRpt 2015-06-08 21:47 - 2015-06-08 21:52 - 00025016 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-06-08 21:38 - 2015-06-08 21:38 - 00000000 ____D C:\Program Files\Microsoft.NET 2015-06-08 14:28 - 2015-06-08 14:44 - 00000000 ____D C:\Users\Kasia\AppData\Local\OpenFM 2015-06-08 14:19 - 2015-06-08 14:19 - 00395056 _____ C:\Users\Kasia\Downloads\gg-install (1).exe 2015-06-08 14:18 - 2015-06-08 14:18 - 00395056 _____ C:\Users\Kasia\Downloads\gg-install.exe 2015-06-07 11:44 - 2015-06-07 11:44 - 00003464 ____N C:\bootsqm.dat 2015-06-07 11:42 - 2015-06-07 11:42 - 00000000 __SHD C:\found.000 2015-06-03 23:04 - 2015-06-03 23:04 - 00000000 ____D C:\GOG Games ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-19 23:58 - 2013-11-25 18:34 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\Skype 2015-06-19 23:50 - 2013-11-08 21:05 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-19 23:47 - 2014-03-10 13:18 - 00000000 ____D C:\Program Files\AviSynth 2.5 2015-06-19 23:45 - 2014-08-04 17:19 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\Dropbox 2015-06-19 23:44 - 2009-07-14 06:34 - 00022928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-19 23:44 - 2009-07-14 06:34 - 00022928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-19 23:42 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-06-19 23:39 - 2013-11-25 18:12 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-19 23:38 - 2013-11-25 19:02 - 00089056 _____ C:\Windows\PFRO.log 2015-06-19 23:38 - 2013-11-25 18:12 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-19 23:38 - 2013-11-08 20:47 - 01718637 _____ C:\Windows\WindowsUpdate.log 2015-06-19 23:38 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-19 23:38 - 2009-07-14 06:39 - 00060772 _____ C:\Windows\setupact.log 2015-06-19 23:27 - 2013-12-12 19:58 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\systweak 2015-06-19 13:10 - 2013-11-25 18:16 - 00002095 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-19 12:51 - 2013-11-08 21:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-19 12:51 - 2013-11-08 21:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-09 17:23 - 2014-03-07 20:11 - 00000000 ____D C:\Windows\Minidump 2015-06-09 16:52 - 2014-03-23 22:27 - 00000000 ____D C:\ProgramData\Origin 2015-06-09 00:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-06-08 22:56 - 2013-11-08 22:51 - 00000000 ____D C:\Program Files\Common Files\Steam 2015-06-08 22:56 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-08 22:55 - 2014-04-07 19:47 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\GG 2015-06-08 22:55 - 2014-01-11 13:35 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\NapiProjekt 2015-06-08 22:55 - 2014-01-09 19:23 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\vlc 2015-06-08 22:55 - 2013-11-08 21:01 - 00000000 ____D C:\Users\Kasia 2015-06-08 22:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL 2015-06-08 22:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2015-06-08 22:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat 2015-06-08 22:51 - 2013-11-25 11:41 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\BitComet 2015-06-08 22:41 - 2013-11-08 20:56 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-08 22:41 - 2009-07-14 10:07 - 00697912 _____ C:\Windows\system32\perfh015.dat 2015-06-08 22:41 - 2009-07-14 10:07 - 00134990 _____ C:\Windows\system32\perfc015.dat 2015-06-08 14:44 - 2014-04-07 19:47 - 00000000 ____D C:\Users\Kasia\AppData\Local\GG 2015-06-07 23:33 - 2014-01-08 20:26 - 00000000 ___SD C:\Users\Kasia\Desktop\Różne. ♥ 2015-06-06 22:38 - 2014-12-23 23:46 - 00000000 ___RD C:\Users\Kasia\Desktop\MOJE FILMIKI ♥ 2015-06-03 17:21 - 2014-11-21 17:51 - 00000216 _____ C:\Users\Kasia\Desktop\The Binding of Isaac Rebirth.url 2015-05-27 22:46 - 2013-11-25 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-27 22:46 - 2009-07-14 10:27 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-05-27 22:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2015-05-27 22:09 - 2013-11-25 18:38 - 00002007 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2015-05-27 22:08 - 2014-08-20 13:47 - 00000000 ____D C:\ProgramData\Package Cache 2015-05-27 22:04 - 2014-03-24 19:05 - 00000000 ___RD C:\Program Files\Skype ==================== Files in the root of some directories ======= 2014-03-24 18:26 - 2014-03-31 19:03 - 0000086 _____ () C:\Users\Kasia\AppData\Roaming\WB.CFG 2014-06-18 12:16 - 2014-06-18 18:04 - 0042496 _____ () C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-09 17:46 - 2015-06-09 17:46 - 0613255 _____ (CMI Limited) C:\Users\Kasia\AppData\Local\nssB66B.tmp 2014-05-16 20:26 - 2014-05-16 20:27 - 0000000 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTMonSet.bin 2014-05-16 20:06 - 2014-05-16 20:23 - 0000164 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTSDCREG.ini Some files in TEMP: ==================== C:\Users\Kasia\AppData\Local\Temp\1424250079_setup.exe C:\Users\Kasia\AppData\Local\Temp\4285.exe C:\Users\Kasia\AppData\Local\Temp\6411.exe C:\Users\Kasia\AppData\Local\Temp\6579.exe C:\Users\Kasia\AppData\Local\Temp\Bit5705.tmp.exe C:\Users\Kasia\AppData\Local\Temp\Bit7A3.tmp.exe C:\Users\Kasia\AppData\Local\Temp\Bit7BF7.tmp.exe C:\Users\Kasia\AppData\Local\Temp\Bit82F.tmp.exe C:\Users\Kasia\AppData\Local\Temp\bitool.dll C:\Users\Kasia\AppData\Local\Temp\cabex.dll C:\Users\Kasia\AppData\Local\Temp\drm_dyndata_7330014.dll C:\Users\Kasia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnnydur.dll C:\Users\Kasia\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Kasia\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.11.exe C:\Users\Kasia\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Kasia\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Kasia\AppData\Local\Temp\GLB1A2B.EXE C:\Users\Kasia\AppData\Local\Temp\installstats.exe C:\Users\Kasia\AppData\Local\Temp\iv_uninstall.exe C:\Users\Kasia\AppData\Local\Temp\SkypeSetup.exe C:\Users\Kasia\AppData\Local\Temp\Tsu8CBC4BDE.dll C:\Users\Kasia\AppData\Local\Temp\tu17p84.exe C:\Users\Kasia\AppData\Local\Temp\unelevate.exe C:\Users\Kasia\AppData\Local\Temp\Uninstall.exe C:\Users\Kasia\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe C:\Users\Kasia\AppData\Local\Temp\{27787193-6DF7-4D0B-95E6-7F1A47D1AF0F}-43.0.2357.124_43.0.2357.81_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 00:32 ==================== End of log ============================