Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015 Ran by BASIA (administrator) on BASIAB on 11-07-2015 09:58:29 Running from D:\ Loaded Profiles: BASIA (Available Profiles: BASIA) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe () C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avast Software s.r.o.) D:\Avast\AvastSvc.exe (AVAST Software) D:\Avast\ng\ngtool.exe (Avast Software s.r.o.) D:\Avast\AvastUI.exe (Avast Software) D:\Avast\ng\vbox\AvastVBoxSVC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avast Software s.r.o.) D:\Avast\ng\mftutil.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-08] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102528 2012-09-25] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-26] (RealNetworks, Inc.) HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [472384 2011-07-04] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe [446720 2013-02-25] () HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast\AvastUI.exe [5515496 2015-07-11] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-05] (Google Inc.) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] () HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [GG] => C:\Users\BASIA\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-06] (GG Network S.A.) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3582c417-4626-11e2-803c-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3582c42b-4626-11e2-803c-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c799a-6207-11e2-a4c5-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c79a7-6207-11e2-a4c5-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {3f8c79bc-6207-11e2-a4c5-4c8093665d4a} - G:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361eb4-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ec1-26a9-11e3-9368-4c8093665d4a} - I:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ed3-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ede-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361eef-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361ef9-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {4a361f04-26a9-11e3-9368-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {6881d2aa-5c7c-11e4-8f23-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a41044-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a41050-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {97a4105e-212c-11e3-9746-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {ad88fe5c-4861-11e2-b2ed-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {b7025fae-47a8-11e2-a9d7-4c8093665d4a} - F:\AutoRun.exe HKU\S-1-5-21-1576861816-666788470-2069471701-1000\...\MountPoints2: {def49c6e-261b-11e3-a501-4c8093665d4a} - F:\AutoRun.exe Startup: C:\Users\BASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk [2014-08-31] ShortcutTarget: TorpedoCopy.lnk -> C:\Users\BASIA\AppData\Local\Torpedo\Torpedo.exe (No File) Startup: C:\Users\BASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2013-01-12] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-12-06] ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-12-06] ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-12-06] ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-12-06] ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Avast\ashShA64.dll [2015-07-11] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG HKU\S-1-5-21-1576861816-666788470-2069471701-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1576861816-666788470-2069471701-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE64.dll [2015-07-11] (Avast Software s.r.o.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE.dll [2015-07-11] (Avast Software s.r.o.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) Toolbar: HKU\S-1-5-21-1576861816-666788470-2069471701-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{72BD5B63-A6C5-4DC6-961C-89B78EC13397}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{92587C96-8EB4-429E-95F5-A2455059B16B}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{BED8604D-A9AA-4932-B7EE-03D120FC5685}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{E7A55052-1D8E-4CD5-9834-9C089575D9E8}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-26] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-26] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-26] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast\WebRep\FF FF Extension: Avast Online Security - D:\Avast\WebRep\FF [2015-07-11] Chrome: ======= CHR Profile: C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-11] CHR Extension: (RealDownloader) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-20] CHR Extension: (Google Wallet) - C:\Users\BASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-11] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; D:\Avast\AvastSvc.exe [343336 2015-07-11] (Avast Software s.r.o.) R3 AvastVBoxSvc; D:\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-11] (Avast Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-09-22] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] () R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-08] (FUJITSU LIMITED) [File not signed] S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-01-19] () R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-18] (FUJITSU LIMITED) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-11] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-11] (Avast Software s.r.o.) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-11] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-11] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-11] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-11] () R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] () R2 VBoxAswDrv; D:\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-11] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 09:51 - 2015-07-11 09:51 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\AVAST Software 2015-07-11 09:50 - 2015-07-11 09:50 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-07-11 09:50 - 2015-07-11 09:50 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-11 09:50 - 2015-07-11 09:50 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-07-11 09:50 - 2015-07-11 09:50 - 00003866 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-11 09:50 - 2015-07-11 09:50 - 00000648 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-07-11 09:50 - 2015-07-11 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-07-11 09:50 - 2015-06-02 17:56 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswD506.tmp 2015-07-11 09:50 - 2015-06-02 17:56 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswDA58.tmp 2015-07-11 09:50 - 2015-06-02 17:56 - 00272248 _____ C:\Windows\system32\Drivers\aswDA78.tmp 2015-07-11 09:50 - 2015-06-02 17:56 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswDA88.tmp 2015-07-11 09:50 - 2015-06-02 17:56 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswD64F.tmp 2015-07-11 09:50 - 2015-06-02 17:56 - 00065736 _____ C:\Windows\system32\Drivers\aswDA47.tmp 2015-07-11 09:50 - 2015-06-02 17:56 - 00029168 _____ C:\Windows\system32\Drivers\aswDA17.tmp 2015-07-11 09:02 - 2015-07-11 09:02 - 17996976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-07-10 14:41 - 2015-07-11 09:46 - 00050393 _____ C:\Windows\WindowsUpdate.log 2015-07-10 14:37 - 2015-07-10 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine 2015-07-10 14:31 - 2015-07-10 14:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\BASIA\Downloads\tdsskiller.exe 2015-07-10 14:26 - 2015-07-11 09:58 - 00000000 ____D C:\FRST 2015-07-10 14:26 - 2015-07-10 14:26 - 02112512 _____ (Farbar) C:\Users\BASIA\Downloads\FRST64.exe 2015-07-08 12:32 - 2015-07-08 12:32 - 00000000 ____D C:\Users\BASIA\Downloads\backups 2015-07-08 12:29 - 2015-07-08 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\BASIA\Downloads\HijackThis.exe 2015-07-08 11:30 - 2015-07-08 11:30 - 00380416 _____ C:\Users\BASIA\Downloads\2o5nox0m.exe 2015-07-08 11:02 - 2015-07-08 11:07 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\Solvusoft 2015-07-08 11:02 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe 2015-07-08 11:01 - 2015-07-08 11:01 - 03894696 _____ (solvusoft Corporation ) C:\Users\BASIA\Downloads\Setup_WinThruster_2015.exe 2015-07-08 10:28 - 2015-07-08 10:32 - 115397264 ____N (Symantec Corporation) C:\Users\BASIA\Downloads\NS-TW-22.0.0-PL.exe 2015-07-06 21:02 - 2015-07-06 21:02 - 00000000 ____D C:\ProgramData\Symantec 2015-07-06 20:03 - 2015-07-06 20:03 - 00779704 _____ (Symantec) C:\Users\BASIA\Downloads\Setup.exe 2015-07-06 19:54 - 2015-07-11 09:42 - 00000896 _____ C:\Windows\setupact.log 2015-07-06 19:54 - 2015-07-06 19:54 - 00000000 _____ C:\Windows\setuperr.log 2015-07-06 19:53 - 2015-07-08 13:34 - 01753710 _____ C:\Windows\PFRO.log 2015-07-06 18:05 - 2015-07-06 18:05 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-07-06 18:05 - 2015-07-06 18:05 - 05481344 _____ (Avast Software s.r.o.) C:\Users\BASIA\Downloads\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-07-06 16:57 - 2015-07-06 17:26 - 00000000 ____D C:\Users\BASIA\Doctor Web 2015-07-06 16:54 - 2015-07-06 16:56 - 166187544 _____ C:\Users\BASIA\Downloads\c7ahka6x.exe 2015-07-06 16:37 - 2015-07-06 21:32 - 00000000 ____D C:\AdwCleaner 2015-07-06 16:36 - 2015-07-06 16:36 - 02244096 _____ C:\Users\BASIA\Downloads\AdwCleaner.pl 4.207.exe 2015-07-06 16:35 - 2015-07-06 16:35 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-07-06 16:35 - 2015-07-06 16:35 - 00000788 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-07-06 16:35 - 2015-07-06 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-07-06 16:35 - 2015-07-06 16:35 - 00000000 ____D C:\Program Files\CCleaner 2015-07-06 16:34 - 2015-07-06 16:34 - 06549184 _____ (Piriform Ltd) C:\Users\BASIA\Downloads\ccsetup506.exe 2015-07-06 16:34 - 2015-07-06 16:34 - 06549184 _____ (Piriform Ltd) C:\Users\BASIA\Downloads\ccsetup506 (1).exe 2015-07-06 09:15 - 2015-07-06 21:30 - 00003610 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003492 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003486 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_BASIA 2015-07-06 09:15 - 2015-07-06 21:30 - 00003192 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_BASIA 2015-06-26 12:23 - 2015-06-27 22:20 - 00000000 ____D C:\Users\BASIA\Desktop\chrzest_na_spływie 2015-06-23 17:46 - 2015-06-23 17:46 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\BASIA\Downloads\flashplayer18axau_ga_install.exe 2015-06-23 12:26 - 2015-06-23 19:03 - 00000000 ____D C:\Users\BASIA\Desktop\RRN 2015-06-23 11:27 - 2015-07-06 21:30 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-06-23 11:27 - 2015-07-06 21:30 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-06-21 21:48 - 2015-06-21 21:48 - 00147351 _____ C:\Users\BASIA\Desktop\i-stopien-konspekty-zip_517_121.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 09:53 - 2014-01-24 10:08 - 00000000 ____D C:\Users\BASIA\AppData\Roaming\GG 2015-07-11 09:50 - 2014-08-06 16:28 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-07-11 09:50 - 2013-12-28 08:57 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-07-11 09:50 - 2013-04-02 19:30 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-11 09:50 - 2013-04-02 19:30 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys.1436601047748 2015-07-11 09:50 - 2013-04-02 19:30 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-07-11 09:50 - 2013-04-02 19:30 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-07-11 09:50 - 2013-03-14 17:23 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-07-11 09:50 - 2013-03-14 17:23 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-11 09:50 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-11 09:50 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-11 09:42 - 2012-12-05 20:54 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-11 09:42 - 2012-12-05 19:31 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-11 09:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-11 09:08 - 2012-12-05 19:31 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-11 09:03 - 2012-12-05 20:54 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-11 09:02 - 2012-12-05 20:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-11 09:02 - 2012-12-05 20:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-10 14:53 - 2013-02-03 22:41 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-10 14:10 - 2013-01-20 16:44 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-08 15:15 - 2012-12-05 19:31 - 00000000 ___RD C:\Users\BASIA 2015-07-08 11:10 - 2011-05-12 09:21 - 00000000 ____D C:\ProgramData\Norton 2015-07-08 10:54 - 2014-01-24 10:08 - 00000000 ____D C:\Users\BASIA\AppData\Local\GG 2015-07-08 10:48 - 2011-04-12 19:08 - 00741124 _____ C:\Windows\system32\perfh015.dat 2015-07-08 10:48 - 2011-04-12 19:08 - 00156408 _____ C:\Windows\system32\perfc015.dat 2015-07-08 10:48 - 2009-07-14 07:13 - 01672134 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-06 21:31 - 2012-12-26 15:31 - 00003080 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask9819155S-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:31 - 2012-12-16 09:33 - 00003534 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask 2015-07-06 21:30 - 2015-06-06 22:08 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:30 - 2015-06-06 22:08 - 00003226 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 21:30 - 2012-12-26 16:05 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1576861816-666788470-2069471701-1000 2015-07-06 19:34 - 2013-10-10 00:55 - 00000000 ____D C:\Windows\Minidump 2015-07-06 19:34 - 2012-12-05 19:54 - 00000000 ____D C:\Users\BASIA\AppData\Local\CrashDumps 2015-07-06 19:34 - 2011-04-12 02:18 - 00000000 ____D C:\Windows\Panther 2015-07-05 22:35 - 2012-12-05 19:32 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu 2015-07-05 21:58 - 2015-02-09 20:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-26 22:29 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-23 22:51 - 2012-12-07 19:48 - 00002321 _____ C:\Users\BASIA\Desktop\Internet.lnk 2015-06-14 23:32 - 2012-12-07 19:33 - 00005632 _____ C:\Users\BASIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Files in the root of some directories ======= 2012-12-07 21:13 - 2014-06-02 20:23 - 0000453 _____ () C:\Users\BASIA\AppData\Roaming\burnaware.ini 2012-12-07 19:33 - 2015-06-14 23:32 - 0005632 _____ () C:\Users\BASIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-12-05 19:33 - 2012-12-05 19:34 - 0018940 _____ () C:\Users\BASIA\AppData\Local\IWDAudHelper.20121205.183359.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0000661 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183351.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0001579 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183353.txt 2012-12-05 19:33 - 2012-12-05 19:33 - 0001227 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.183354.txt 2012-12-05 19:42 - 2012-12-05 19:42 - 0001526 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20121205.184202.txt 2013-12-08 16:15 - 2013-12-08 16:15 - 0001526 _____ () C:\Users\BASIA\AppData\Local\PDLSetup.20131208.151502.txt ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-09-16 07:02 ==================== End of log ============================