Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01 Ran by Robert (administrator) on WORK1 on 05-07-2015 16:47:57 Running from C:\Users\Robert\Desktop\Wirus Loaded Profiles: Robert (Available Profiles: Robert & Kasia) Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-04-12] (IDT, Inc.) HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters). HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285832 2014-02-01] (Intel Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-28] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1302694634-733215247-219973548-1002\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-04-11] (Raptr, Inc) HKU\S-1-5-21-1302694634-733215247-219973548-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) HKU\S-1-5-21-1302694634-733215247-219973548-1002\...\MountPoints2: {72dcfd99-7e25-11e3-bea6-b4b52f7dacd7} - "J:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} HKU\S-1-5-21-1302694634-733215247-219973548-1002\...\MountPoints2: {72ebff51-708e-11e3-bea1-b4b52f7dacd7} - "G:\autorun.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-28] (Avast Software s.r.o.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPALL13/178 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/178 HKU\S-1-5-21-1302694634-733215247-219973548-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPALL13/178 HKU\S-1-5-21-1302694634-733215247-219973548-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/178 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-03] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-28] (Avast Software s.r.o.) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-28] (Avast Software s.r.o.) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH) DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{ABD9ECB1-1FD2-4932-85EE-F7B5101041C7}: [DhcpNameServer] 10.10.10.1 Tcpip\..\Interfaces\{D9AF0FDF-7095-495F-8D7F-A923F5A6D21A}: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ynfxuwdh.default FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-01] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-04] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-1302694634-733215247-219973548-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-01-28] FF Extension: Battlefield Play4Free - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ynfxuwdh.default\Extensions\battlefieldplay4free@ea.com [2014-06-18] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-02-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-28] Chrome: ======= CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bitdefender Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-04-17] CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-28] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-06-28] (Avast Software s.r.o.) S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-04] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-04] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 Origin Client Service; C:\Users\Robert\Downloads\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-06-28] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-11-01] () R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2014-04-12] (IDT, Inc.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-28] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-06-28] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-28] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-06-28] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-28] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-28] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-28] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-28] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-28] () R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; No ImagePath U4 BthHFEnum; No ImagePath U4 bthhfhid; No ImagePath S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-11-01] (Razer, Inc.) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated) R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 16:43 - 2015-07-05 16:43 - 00000000 _____ C:\Users\Robert\Desktop\Bolonia.txt 2015-07-03 23:07 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-07-03 23:07 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-07-03 23:07 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-07-03 23:07 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-07-03 23:07 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-07-03 23:07 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-07-03 23:07 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-07-03 23:07 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-07-03 23:07 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-07-03 23:06 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-07-03 23:06 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-07-03 23:06 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-07-03 23:06 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-07-03 23:06 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2015-07-03 23:06 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-07-03 23:06 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-07-03 23:06 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-07-03 23:06 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-07-03 23:06 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-07-03 23:06 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-07-03 23:06 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-07-03 23:06 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-07-03 23:06 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-07-03 23:06 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-07-03 23:06 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-07-03 23:06 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-07-03 23:06 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-07-03 23:06 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-07-03 23:06 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-07-03 23:06 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-07-03 23:06 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-07-03 23:06 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-07-03 23:06 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-07-03 23:06 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-07-03 23:06 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-07-03 23:06 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-07-03 23:06 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-07-03 23:06 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-07-03 23:06 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-07-03 23:06 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-07-03 23:06 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-07-03 23:06 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-07-03 23:06 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-07-03 23:06 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-07-03 23:06 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-07-03 22:54 - 2015-07-03 22:54 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2015-07-03 22:54 - 2015-07-03 22:54 - 00189864 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2015-07-03 22:54 - 2015-07-03 22:54 - 00189864 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2015-07-03 22:54 - 2015-07-03 22:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-07-03 22:54 - 2015-07-03 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-07-03 22:54 - 2015-07-03 22:54 - 00000000 ____D C:\Program Files\Java 2015-07-03 20:44 - 2015-07-03 20:44 - 663780473 _____ C:\WINDOWS\MEMORY.DMP 2015-07-03 20:44 - 2015-07-03 20:44 - 00284648 _____ C:\WINDOWS\Minidump\070315-23140-01.dmp 2015-07-03 20:43 - 2015-07-03 20:43 - 00004775 _____ C:\Users\Robert\Desktop\UsbFix_Report.txt 2015-07-03 20:05 - 2015-07-03 20:05 - 00619688 _____ (Duplex Secure Ltd) C:\Users\Robert\Downloads\SPTDinst-v187-x64.exe 2015-07-03 19:37 - 2015-07-03 19:37 - 00370943 _____ C:\Users\Robert\Downloads\gmer.zip 2015-07-03 19:33 - 2015-07-03 20:47 - 00000000 ____D C:\Users\Robert\Desktop\Wirus 2015-07-03 19:32 - 2015-07-03 19:32 - 00057603 _____ C:\Users\Robert\Downloads\Shortcut.txt 2015-07-03 19:29 - 2015-07-03 19:32 - 00044807 _____ C:\Users\Robert\Downloads\Addition.txt 2015-07-03 19:28 - 2015-07-03 19:33 - 00032333 _____ C:\Users\Robert\Downloads\FRST.txt 2015-07-03 19:27 - 2015-07-05 16:47 - 00000000 ____D C:\FRST 2015-07-03 19:19 - 2015-07-03 19:20 - 03219616 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Robert\Downloads\UsbFix_2015_7.976.exe 2015-07-03 19:15 - 2015-07-03 19:20 - 00000000 ____D C:\UsbFix 2015-07-03 19:15 - 2015-07-03 19:15 - 03219616 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Robert\Downloads\UsbFix_2015_7.975_www.INSTALKI.pl.exe 2015-07-03 19:15 - 2015-07-03 19:15 - 00001458 _____ C:\Users\Robert\Desktop\UsbFix.lnk 2015-07-03 10:40 - 2015-07-03 18:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-03 09:53 - 2015-07-03 09:57 - 00000000 ____D C:\Users\Kasia\Desktop\wykład monograficzny 2015-06-29 10:15 - 2015-06-29 10:15 - 00000000 ____D C:\Users\Kasia\AppData\Roaming\AVAST Software 2015-06-28 22:08 - 2015-07-03 20:09 - 00002974 _____ C:\WINDOWS\PFRO.log 2015-06-28 22:05 - 2015-06-28 22:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\AVAST Software 2015-06-28 22:03 - 2015-07-04 09:15 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-06-28 22:03 - 2015-06-28 22:03 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe 2015-06-28 22:03 - 2015-06-28 22:03 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr 2015-06-28 22:03 - 2015-06-28 22:03 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-06-28 22:03 - 2015-06-28 22:03 - 00002000 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-06-28 22:03 - 2015-06-28 22:03 - 00001940 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-06-28 22:03 - 2015-06-28 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-28 22:03 - 2015-06-28 22:02 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-06-28 22:03 - 2015-06-28 22:02 - 00028144 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-06-28 22:02 - 2015-06-28 22:02 - 00449896 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-06-28 22:01 - 2015-06-28 22:01 - 00000000 ____D C:\Program Files\AVAST Software 2015-06-27 23:32 - 2015-06-27 23:32 - 01640768 _____ C:\Users\Robert\Downloads\battlelog-web-plugins_2.7.1_162.exe 2015-06-21 14:40 - 2015-07-05 15:36 - 01162431 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-21 14:30 - 2015-07-05 15:10 - 00003635 _____ C:\WINDOWS\setupact.log 2015-06-21 14:30 - 2015-06-21 14:30 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-06-20 19:04 - 2015-06-20 19:05 - 00000000 ____D C:\Users\Robert\Desktop\OBR 2015-06-20 17:35 - 2015-06-20 18:03 - 82532409 _____ C:\Users\Robert\Downloads\mins-frozen.fever.2014.pldub.md.cam.x264-mins.mkv 2015-06-20 16:13 - 2015-06-24 21:25 - 00000000 ____D C:\Users\Robert\Desktop\Do wywołania 2015-06-18 20:41 - 2015-06-18 22:41 - 732555265 _____ C:\Users\Robert\Downloads\Kung.Fu.Panda.2.2011.PLDUB.DVDRiP.XViD-PSiG.avi 2015-06-18 20:36 - 2015-06-18 20:56 - 184094026 _____ C:\Users\Robert\Downloads\Scooby.Doo.Ghastly.Goals.2014.PL.WEB-DL.XviD-B89.avi 2015-06-16 21:34 - 2015-06-17 00:23 - 1549554908 _____ C:\Users\Robert\Downloads\Gwiezdne.wojny.Czesc.IV.Nowa nadzieja.1977.PLDUB.BDRip.480p.XviD.AC3-LTN.avi 2015-06-10 20:27 - 2015-06-10 20:27 - 05471152 _____ (Avast Software s.r.o.) C:\Users\Robert\Downloads\avast_internet_security_setup_online.exe 2015-06-05 20:15 - 2015-06-06 00:18 - 1467598848 _____ C:\Users\Robert\Downloads\American.Sniper.2014.PL.BRRip.XviD-KiT.avi 2015-06-05 16:33 - 2015-06-05 18:32 - 729237566 _____ C:\Users\Robert\Downloads\Aladdin.1992.PLDUB.BRRip.XviD-LTN.avi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 16:42 - 2013-12-05 23:32 - 00001058 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-05 16:16 - 2014-06-22 11:21 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-07-05 16:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-07-05 15:12 - 2013-10-14 22:49 - 00006431 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI 2015-07-05 15:12 - 2012-11-21 19:52 - 00000000 ____D C:\ProgramData\PDFC 2015-07-05 15:12 - 2012-09-26 09:53 - 00000950 _____ C:\WINDOWS\SysWOW64\bscs.ini 2015-07-05 15:10 - 2013-12-05 23:32 - 00001054 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-05 15:10 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-05 00:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-07-04 23:25 - 2013-10-20 22:39 - 01347584 ___SH C:\Users\Robert\Downloads\Thumbs.db 2015-07-04 21:04 - 2014-05-19 17:55 - 00000000 ____D C:\Users\Robert\Downloads\WarThunder 2015-07-04 13:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-07-04 12:51 - 2013-09-23 17:34 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1302694634-733215247-219973548-1002 2015-07-04 12:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-07-04 12:01 - 2014-05-29 20:26 - 00000000 ____D C:\ProgramData\Origin 2015-07-04 11:21 - 2014-05-31 12:43 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr 2015-07-04 11:21 - 2014-05-31 12:00 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2015-07-04 11:21 - 2014-05-31 12:00 - 00280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-07-04 09:15 - 2013-11-04 22:32 - 00824320 ___SH C:\Users\Robert\Desktop\Thumbs.db 2015-07-04 01:17 - 2013-10-30 19:27 - 00000000 ____D C:\Users\Robert 2015-07-04 01:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-07-03 23:16 - 2013-09-27 10:45 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-03 23:11 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-07-03 20:57 - 2014-06-22 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-03 20:57 - 2014-06-22 11:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-03 20:57 - 2013-12-07 12:28 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-03 20:44 - 2014-04-13 11:30 - 00000000 ____D C:\WINDOWS\Minidump 2015-07-03 18:17 - 2013-09-23 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-03 16:09 - 2014-02-26 09:23 - 00000000 ____D C:\Users\Kasia\Desktop\Dyplomowanie 2015-07-03 16:02 - 2014-10-01 14:47 - 00000000 ____D C:\Users\Kasia\Desktop\Jakość 2015-07-03 15:32 - 2015-01-09 10:44 - 00000000 ____D C:\Users\Kasia\Desktop\habilitacja 2015-07-03 15:20 - 2014-02-14 22:20 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKasia 2015-07-03 15:20 - 2014-02-14 22:20 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKasia.job 2015-07-03 15:15 - 2013-12-16 09:49 - 00000000 ____D C:\Users\Kasia\Desktop\USA 2015-07-03 15:06 - 2015-03-14 21:51 - 00000000 ____D C:\Users\Kasia\Desktop\DOM RADLIN 2015-07-03 14:37 - 2013-09-23 17:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1302694634-733215247-219973548-1005 2015-07-03 14:18 - 2014-04-04 12:22 - 00003972 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0888C6D5-566D-4DEE-A0B9-D75AD752E637} 2015-07-03 10:16 - 2014-12-01 11:43 - 00000000 ____D C:\Users\Kasia\Desktop\DOM 2015-07-02 15:44 - 2013-09-30 06:15 - 02029650 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-02 15:44 - 2013-09-30 06:00 - 00879454 _____ C:\WINDOWS\system32\perfh015.dat 2015-07-02 15:44 - 2013-09-30 06:00 - 00199216 _____ C:\WINDOWS\system32\perfc015.dat 2015-07-02 10:35 - 2015-03-30 12:49 - 00000000 ____D C:\Users\Kasia\Desktop\Scigała 2015-07-02 08:06 - 2013-10-16 21:37 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-01 22:16 - 2013-10-16 21:37 - 00003820 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-07-01 22:15 - 2014-06-22 19:35 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe 2015-06-30 22:40 - 2013-09-27 23:43 - 00000000 ____D C:\Users\Robert\Downloads\Rob 2015-06-29 22:47 - 2014-05-29 20:26 - 00000000 ____D C:\Users\Robert\Downloads\Origin 2015-06-28 22:00 - 2013-12-05 23:27 - 00000000 ____D C:\ProgramData\AVAST Software 2015-06-28 17:42 - 2014-11-28 17:32 - 00000000 ____D C:\ProgramData\PMS 2015-06-28 13:00 - 2014-11-30 16:30 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vlc 2015-06-28 11:23 - 2014-03-23 22:26 - 00000000 ____D C:\Users\Robert\Downloads\Filmy 2015-06-27 23:32 - 2014-05-31 12:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2015-06-25 16:51 - 2013-09-26 09:39 - 00000000 ____D C:\Users\Kasia\Desktop\Personal Kasia 2015-06-24 13:43 - 2013-12-05 23:33 - 00002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-23 10:17 - 2015-05-19 12:04 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-06-22 18:34 - 2013-09-23 17:29 - 00000000 ____D C:\Users\Robert\AppData\Local\PDFC 2015-06-18 17:34 - 2014-12-01 18:13 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype 2015-06-18 08:42 - 2014-06-22 11:21 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2014-06-22 11:21 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2013-12-07 12:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-15 17:30 - 2013-10-30 19:27 - 00000000 ____D C:\Users\Kasia 2015-06-15 11:15 - 2013-09-24 14:07 - 01622528 ___SH C:\Users\Kasia\Desktop\Thumbs.db 2015-06-11 17:49 - 2015-04-24 19:06 - 00000000 ____D C:\Users\Kasia\Downloads\2015-04-20-110813_zarz 2015-06-07 09:19 - 2013-09-28 20:03 - 00000000 ____D C:\Users\Robert\AppData\Local\Bandizip 2015-06-05 21:25 - 2014-05-29 20:28 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Origin ==================== Files in the root of some directories ======= 2015-03-19 21:08 - 2015-03-19 21:08 - 0000000 ____R () C:\Users\Robert\AppData\Roaming\privacy.metrics 2013-12-13 20:55 - 2013-12-13 20:55 - 0008704 _____ () C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-28 22:00 - 2013-12-28 22:00 - 0000984 _____ () C:\Users\Robert\AppData\Local\recently-used.xbel 2014-11-15 22:26 - 2014-11-15 22:26 - 0007604 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg 2015-05-01 13:21 - 2015-05-01 13:21 - 0272051 _____ () C:\ProgramData\1430479160.bdinstall.bin ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-05 16:22 ==================== End of log ============================