Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015 Ran by Piotr (administrator) on PIOTR-KOMPUTER on 11-07-2015 19:30:01 Running from C:\Users\Piotr\Desktop Loaded Profiles: Piotr (Available Profiles: Piotr & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATKGFNEX\GFNEXSrv.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Google Inc.) C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe (asus) C:\Program Files (x86)\asus\ControlDeck\ControlDeck.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-937016041-3120781582-518176832-1001\...\Run: [Google Update] => C:\Users\Piotr\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-03-03] (Google Inc.) HKU\S-1-5-21-937016041-3120781582-518176832-1001\...\MountPoints2: {706c8ac3-b448-11e4-ab6e-806e6f6e6963} - F:\InstAll.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-16] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [95848 2010-03-27] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [90216 2010-03-27] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-04] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-937016041-3120781582-518176832-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{670CB626-94F3-4ED2-990C-32616C562355}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\6cfn4ec2.default FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin HKU\S-1-5-21-937016041-3120781582-518176832-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Piotr\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-937016041-3120781582-518176832-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Piotr\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-14] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-03] CHR Extension: (Google Drive) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-03] CHR Extension: (YouTube) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-03] CHR Extension: (Google Search) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-03] CHR Extension: (Avast SafePrice) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-03] CHR Extension: (Google Wallet) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08] CHR Extension: (Gmail) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-03] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-18] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18] StartMenuInternet: Google Chrome.6GMBEWATBMHSQEFHAYPHSUHGDI - C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-04] (Avast Software s.r.o.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S2 Update SourceApp; "C:\Program Files (x86)\SourceApp\updateSourceApp.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-04] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-04] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-04] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-04] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-11] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-04] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-04] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 19:24 - 2015-07-11 19:25 - 00000000 ____D C:\AdwCleaner 2015-07-11 19:23 - 2015-07-11 19:23 - 02248704 _____ C:\Users\Piotr\Desktop\adwcleaner_4.208.exe 2015-07-11 19:14 - 2015-07-11 19:14 - 00011726 _____ C:\Users\Piotr\Desktop\GMER.txt 2015-07-11 18:37 - 2015-07-11 18:37 - 00042188 _____ C:\Users\Piotr\Desktop\Shortcut.txt 2015-07-11 18:36 - 2015-07-11 19:30 - 00012761 _____ C:\Users\Piotr\Desktop\FRST.txt 2015-07-11 18:36 - 2015-07-11 18:37 - 00026674 _____ C:\Users\Piotr\Desktop\Addition.txt 2015-07-11 18:35 - 2015-07-11 19:30 - 00000000 ____D C:\FRST 2015-07-11 18:31 - 2015-07-11 18:31 - 00380416 _____ C:\Users\Piotr\Desktop\53klxxt0.exe 2015-07-11 18:25 - 2015-07-11 18:25 - 02130944 _____ (Farbar) C:\Users\Piotr\Desktop\FRST64.exe 2015-06-24 18:09 - 2015-06-24 18:09 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-06-24 18:09 - 2015-06-24 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-06-24 18:09 - 2015-06-24 18:09 - 00000000 ____D C:\Program Files\CCleaner 2015-06-24 17:35 - 2015-07-11 19:27 - 00001404 _____ C:\Windows\setupact.log 2015-06-24 17:35 - 2015-06-24 17:35 - 00000000 _____ C:\Windows\setuperr.log 2015-06-18 19:32 - 2015-06-18 19:32 - 00000000 _____ C:\autoexec.bat 2015-06-18 19:28 - 2015-06-18 19:28 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Piotr\Desktop\SpyHunter-Installer.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 19:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-11 19:26 - 2015-02-14 14:56 - 01581641 _____ C:\Windows\WindowsUpdate.log 2015-07-11 18:44 - 2015-03-03 19:29 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937016041-3120781582-518176832-1001UA.job 2015-07-11 17:41 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-11 17:41 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-11 17:19 - 2015-02-14 18:01 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-07-11 17:11 - 2015-02-14 18:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-06 14:54 - 2009-07-14 19:55 - 00697912 _____ C:\Windows\system32\perfh015.dat 2015-07-06 14:54 - 2009-07-14 19:55 - 00134990 _____ C:\Windows\system32\perfc015.dat 2015-07-06 14:54 - 2009-07-14 07:13 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-04 22:32 - 2015-03-03 19:29 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937016041-3120781582-518176832-1001Core.job 2015-06-23 17:26 - 2015-02-14 18:11 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\BitTorrent 2015-06-23 17:25 - 2015-02-14 14:52 - 00000000 ____D C:\Windows\Panther 2015-06-21 20:51 - 2015-02-14 19:26 - 00000000 ____D C:\Users\Piotr\Desktop\Nowy folder 2015-06-18 19:32 - 2015-02-14 15:00 - 00000000 ____D C:\Users\Piotr 2015-06-12 19:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache Some files in TEMP: ==================== C:\Users\Piotr\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Piotr\AppData\Local\Temp\bitool.dll C:\Users\Piotr\AppData\Local\Temp\cabex.dll C:\Users\Piotr\AppData\Local\Temp\FFSetup3.6.0.0.exe C:\Users\Piotr\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\Piotr\AppData\Local\Temp\ochelper.exe C:\Users\Piotr\AppData\Local\Temp\Quarantine.exe C:\Users\Piotr\AppData\Local\Temp\setup.exe C:\Users\Piotr\AppData\Local\Temp\sqlite3.dll C:\Users\Piotr\AppData\Local\Temp\tu17p84.exe C:\Users\Piotr\AppData\Local\Temp\unelevate.exe C:\Users\Piotr\AppData\Local\Temp\utt4EAB.tmp.exe C:\Users\Piotr\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-04 23:30 ==================== End of log ============================